How to minimize SYSVOL size by removing administrative templates (.adm files)

Summary

For domains with many policies and domain controllers with slow wide area network (WAN) lines, replicating the SYSVOL share can take a long time. This is most noticeable when you promote a new domain controller at a location with slow connectivity or when you run a non-authoritative restore of SYSVOL. To speed up the process, reduce the number of files and amount of data that must be replicated in the SYSVOL share.

Because Administrative Templates (that is, .adm files) take up the most space in policies, remove them to significantly reduce the size of SYSVOL. For example, with the default Administrative Templates, each policy takes up 870 kilobytes (KB) of disk space. If you have 1,300 policies, you can reduce the size of SYSVOL from 1,100 megabytes (MB) to 35 MB (or 27 KB per policy).

You can use Group Policy settings to change the behavior of Group Policy Editor regarding .adm files in Microsoft Windows Server 2003. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

816662 Recommendations for managing Group Policy administrative template (.adm) files

More Information


Only the computer that you target with Group Policy Object Editor has to have the Administrative Templates. By default, this is the Primary Domain Controller (PDC) emulator.

Removing the ADM files from the SYSVOL replication is a three step process. 
  1. The ADM files must be removed from the policies
  2. A filter is set in FRS or DFSR for SYSVOL so that ADM files are no longer replicated
  3. The ADM files are copied back to the SYSVOL on the PDC Emulator.


Step 1 - Remove the ADM files


An easy way to remove Administrative Templates if you have not added any special or custom ones is to search in Explorer on the PDC emulator for *.adm files. Sort the results by name, and then delete all the Administrative Template folders. After you make these changes, wait until the replication process has successfully replicated the changes to the other domain controllers. To complete the process, set the filter for Administrative Templates.

If you have custom Administrative Templates, copy these to a different directory structure. For best results, use the Robust File Copy utility (Robocopy.exe) from the Resource Kit. The command syntax is:
robocopy PDC sysvolbackup_directory *.adm /s /mov

An example of the command to copy custom Administrative Templates to a different directory structure is the following:
robocopy \\mydom-pdc\sysvol\mydom.com\policies c:\sysvol-adm-backup\ *.adm /s /mov


After running this command to remove ADM file from the policies in the SYSVOL the change will be replicated to all other DCs in the domain. Wait for file replication to complete before proceeding to step 2.


Note: Backup your Sysvol before making any changes to the file structure


Step 2 Set Replication Filter for ADM files

The File Replication System (FRS) or the Distributed File System Replication (DFSR) can be used to replicate the SYSVOL. Use the correct method for the target domain.

Steps for FRS

You can specify a file filter in the FRS object for the replica set (after you remove the Administrative Templates). For best results, use Adsiedit.msc from the Support Tools. The Attribute is fRSFileFilter. By default, its content is "*.tmp, *.bak, ~*".

To edit this attribute:
  1. In ADSIEDIT, locate the following object:
    CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=your_domain
  2. In the properties for the object, click fRSFileFilter in Select a property to view.The value appears in the Valueline.
  3. Click Clear to bring the attribute to the Edit Attributeline.
  4. Change this line to *.tmp, *.bak, *.adm, ~*.
  5. Click Set.
  6. Click OK.

Steps for DFSR
  1. Open ADSIEDIT.MSC
  2. Browse to DC=<DominanName>,CN=System,CN=DFSR GlobalSettings, CN=Domain System Volume,CN=Content
  3. Right click on CN=Sysvol Share and select properties. Locate the attribute msDFSR-FileFiler
  4. Edit the msDFSR-FileFiler attribute and add ,*.ADM.
  5. Click Apply and OK


Step 3 Copy the ADM files back to the PDC's SYSVOL


You can then use the Robust File Copy utility to copy the Administrative Template folders back to the guid folders if you want. The command syntax is:
robocopy backup_directoryPDC sysvol /s
An example of the command to copy the Administrative Template folders back to the guid folders is the following:
robocopy c:\sysvol-adm-backup\\mydom-pdc\sysvol\mydom.com\policies /s

Technically, if you do not have any custom Administrative Templates, you do not have to add the Administrative Template folders back to the PDC emulator. The folders will be automatically regenerated by using the local Administrative Templates whenever someone edits the Group Policy object (GPO).

If you move the PDC emulator role, you may also want to move the Administrative Templates. For best results, use the Robust File Copy utility. The command syntax is:
robocopy old_PDC_SYSVOLPDC_SYSVOL *.adm /s /mov


An example of the command to move the Administrative Templates is the following:
robocopy \\mydom-pdc\sysvol\mydom.com\policies \\mydom-res-pdc\sysvol\mydom.com\policies *.adm /s /mov
If you have custom Administrative Templates, make sure they have unique file names across policies. You can then distribute these Administrative Templates to all the computers that run Group Policy Object Editor. Copy the Administrative Template files to the NT\Inf folder.

Unless you have specific Administrative Template requirements (for example, you use certain Administrative Templates only for certain policies), a good idea is to combine these approaches to have a complete set of Administrative Templates for editing a GPO.


Windows 2000, Windows 2003, Windows 2003 R2 and Windows XP use ADM files. Windows 2008 and later OSs use ADMX files and can also use custom ADM files. For more information on ADMX files see this link

Managing Group Policy ADMX Files Step-by-Step Guide



Свойства

Номер статьи: 813338 — последний просмотр: 7 янв. 2017 г. — редакция: 1

Microsoft Windows Server 2003 R2 Standard Edition (32-bit x86), Microsoft Windows Server 2003 R2 Enterprise Edition (32-Bit x86), Microsoft Windows Server 2003, Standard Edition (32-bit x86), Microsoft Windows Server 2003, Enterprise Edition (32-bit x86), Windows Server 2008 Standard, Windows Server 2008 Enterprise, Windows Server 2008 R2 Standard, Windows Server 2008 R2 Enterprise, Windows Server 2012 Standard, Windows Server 2012 Standard, Windows Server 2012 Standard, Windows Server 2012 Standard, Windows Server 2012 Datacenter, Windows Server 2012 Datacenter, Windows Server 2012 Datacenter, Windows Server 2012 Datacenter

Отзывы и предложения