How to migrate from FRS to DFSR on Windows server 2019

How to migrate from FRS (File Replication Service) to DFSR (Distributed File System Replication) on Windows server 2019? Microsoft has introduced later in Windows server 2008, if you are adding Domain controller Windows server 2019, you will get an error and you must migrate from FRS to DFSR. When the DFSR migration process starts it copies the contents of SYSVOL to a parallel folder called SYSVOL_DFSR, and then it gets shares out in migration phases. Please make sure your current domain is in good health status and has good backup.

  • Make sure you have free space on the drive where SYSVOL exists (normally on C drive) on your domain controller
    • free space should be current SYSVOL folder, plus a 10% or more
  • Make sure you have Admin rights to all of your domains
  • Make sure the Active Directory replication is working and healthy
    • To check the replication status: PS C:\Windows\system32> repadmin /ReplSum
  • Maike sure the SYSVOL is shared on DC
    • To check share: PS C:\Windows\system32> net share
    • To test all connectivities : Dcdiag /e /test:sysvolcheck /test:advertising

Start of migration

First, we need to make sure all domain controllers are in Prepared State, you check by running the following command:
dfsrmig /getmigrationstate

PS C:\Windows\system32> Dfsrmig /getmigrationstate
All domain controllers have migrated successfully to the Global state (‘Start’).
Migration has reached a consistent state on all domain controllers.
Succeeded.

Then start setting each state and wait between states until “Migration has reached a consistent state on all domain controllers” time it takes could all depends on how long it takes to sync, most common network should not take more than 15 minutes, but a larger network or custom sync duration this could take longer.

First state

PS C:\Windows\system32> Dfsrmig /setglobalstate 1
Current DFSR global state: ‘Start
New DFSR global state: ‘Prepared

Migration will proceed to ‘Prepared’ state. DFSR service will copy the contents of SYSVOL to SYSVOL_DFSR folder.

If any domain controller is unable to start migration, try manual polling. Or run with option /CreateGlobalObjects. Migration can start anytime between 15 minutes to 1 hour.

Succeeded.

PS C:\Windows\system32> Dfsrmig /getmigrationstate
All domain controllers have migrated successfully to the Global state (‘Prepared’). Migration has reached a consistent state on all domain controllers.

Succeeded.

Second state

PS C:\Windows\system32> Dfsrmig /setglobalstate 2
Current DFSR global state: ‘Prepared
New DFSR global state: ‘Redirected

Migration will proceed to ‘Redirected’ state. The SYSVOL share will be changed to SYSVOL_DFSR folder, which is replicated using DFSR.

Succeeded.

PS C:\Windows\system32> Dfsrmig /getmigrationstate
All domain controllers have migrated successfully to the Global state (‘Redirected’). Migration has reached a consistent state on all domain controllers.

Succeeded.

Last state

PS C:\Windows\system32> Dfsrmig /setglobalstate 3
Current DFSR global state: ‘Redirected
New DFSR global state: ‘Eliminated

Migration will proceed to ‘Eliminated’ state. It is not possible to revert this step.

If any read-only domain controller is stuck in the ‘Eliminating’ state for too long run with option /DeleteRoNtfrsMember.

Succeeded.

PS C:\Windows\system32> Dfsrmig /getmigrationstate
All domain controllers have migrated successfully to the Global state (‘Eliminated’). Migration has reached a consistent state on all domain controllers.

Succeeded.

That’s it your migration is completed, you can check replication and domain controller windows folder you should see something similar as screenshot below:

on DC C:\Windows\SYSVOL_DFSR
on DC C:\Windows\SYSVOL_DFSR\ you should see domain and sysvol
on DC C:\Windows\SYSVOL_DFSR\domain you should see Policies, scrips, GPS’s, etc..
on DC C:\Windows\SYSVOL_DFSR\sysvol you should see your domain(s)

Possible issues/solutions:

If you get permission denied you need to make sure your command prompt is open with Administrator

If dfsr fails to migrate check this link:

https://docs.microsoft.com/en-us/troubleshoot/windows-server/group-policy/dfsr-sysvol-fails-migrate-replicate



How to Compact Virtual Hard Disk

These days most of us using virtual storage drives for a server, most of the time these virtual storage disks are configured dynamically, so it grows as we use it, but does not shrink when you delete data unless you do compact. If you are using Hyper-V servers, it’s very easy to do, other hypervisors also offer similar compacting, you may just have to look around.

Here is screenshot of before compacting drive:

To compact in Microsoft Hyper-V hypervisor:

Open the Hyper-V Manager
Select the VM
Right-click on VM, click Settings
Select the Hard Drive that you want to compact, then click Edit
It will give you the location of the Disk and warning, please make sure you have a good backup, just in case something goes wrong
Click Next

If you only see Expand option, that means your VM is running, you can’t Compact
Click Next

Summary of Disk, click Finish and it will start compacting, time it takes to compact are depends on speed of drive and how much data you have deleted.

This is what it looks like after compacting, the size will vary depends on how much of your data being deleted.

After Compacting:

That’s it, if you don’t get the drive space back, make sure to do the Drive Optimization first then re-do the compacting

To drive Optimize:

Login into server and right click on the drive select Properties

Click on Tools tab
Click on Optimize

Then select the drive if you have more then one and click on Optimize



How to delete Active Directory user with privilege issue

There may be a number of reasons you can’t delete some users from Active Directory, one of them could be domain admin or enterprise admin privileges. Another could be some objects are still in use or not sync up with an exchange, they both have some many references, so can’t delete active directory user with exchange ActiveSync

I had come across one after migration to Office 365, some user account that may have old Exchange attributes that cannot be deleted and you will have to manually give your self full access. here is how to delete those account that has privilege issues.

First you need to change the view to: use the “view -> users, Contacts, Groups, and Computers as containers”

Then go to the user you are having issue deleting, give you self full permission to object then you should be able to delete it



How to upgrade Ubuntu 16.04 to 18.04

It’s always best to stay up to date with technologies that you are using these days, due to lots of data getting hacked because they are not updated.  I had written a post earlier on how to upgrade Ubuntu 14.04 to 16.04, the process is the same. Make sure you have a good backup and your backup is tested to be sure data you are backup are good. If you have an option you can do an upgrade on a test server and work out any issues, that way when you do upgrade on the production system it goes smooth.

Check list before starting upgrade process

  • Data backed up and verified, which includes configs, PHP, Databases, etc…
  • Make sure your application supports newer packages versions
  • List of application/services so it can be tested after the upgrade
  • Direct access to the server, remote session will give you an error
  • Stopping application/services, not required but if dealing with a database it’s safer
  • Double-check storage space for an upgrade to download/install, you will need about 10GB

To get list of packages:

dpkg -l | grep php | tee packages.txt

Current supported Ubuntu version: https://wiki.ubuntu.com/Releases

Login to the server directly to do the upgrade, also before the upgrade make sure you are up to date and don’t have any issues with your server or resources.

You can run following commands to check for any updates:

sudo apt update
sudo apt upgrade
sudo apt dist-upgrade

To start the upgrade process

Run the following command it will go through a check of currently installed packages and give you the option to check and make sure you are ok to start to upgrade.  You should check and make sure your application support new version, so it does not break your application after the upgrade. You can press d to get detailed list, when done press q and it will bring you back to option to Continue or N to cancel. Press y and Enter when you ready

sudo do-release-upgrade

If you have apache installed you will get this prompt, which you can select option best fit your needs.

If you get option for sshd_config, select keep the local version currently installed

It will scan for any obsolete software and will give you option to remove it

Once that done, then it will ask to restart the server press y and Enter

Once the server comes back you should see Ubuntu 18.04.x

Total size was about 10.5 GB and it took about 2 hours, yours may be different based on server resources, an application installed, etc…

common issues and solutions:

Very common if you are using web server you might have issue with PHP:
To check PHP version: php -v

Re-enable PHP, if upgrade from older version:

sudo a2enmod php7.2
sudo service apache2 restart

To install full PHP packages you can run following command:

sudo apt install php php-cgi libapache2-mod-php php-common php-pear php-mbstring

If you run the upgrade via SSH session you will get this message, which is not recommended:

Find all PHP version installed on your system:

dpkg -l | grep ‘\(php\)’
or
php -i | grep ‘php.ini’
or
php -i | grep ‘Configuration File’

Find all mysql version installed:

dpkg -l | grep ‘(mysql)’

How to remove old PHP version:

Before running this command, make sure you have backup of your php.ini or any custom changes did. This command will wipe out everything
Sudo apt purge php5*



How to Uninstall Windows Defender from Windows Server 2016

Most servers have 3rd party Antivirus solution, so you don’t need or want Windows Defender on your server. Here is how to uninstall it, so you can free up the resources of your server. You can remove via server manager or using PowerShell.

You can run this command to check if Windows Defender is running:

sc query Windefend

SERVICE_NAME: Windefend
        TYPE : 10  WIN32_OWN_PROCESS
        STATE : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0

If you get this message, which means Windows Defender is not running your system:

[SC] EnumQueryServicesStatus:OpenService FAILED 1060:
The specified service does not exist as an installed service.

or check via GUI: from Windows server manager

Remove just Windows Defender GUI:

Run PowerShell in Administrator, which will remove GUI only:

Uninstall-WindowsFeature -Name Windows-Defender-GUI

To completely remove Windows Defender

Uninstall-WindowsFeature -Name Windows-Defender

Then, just restart your server to finish the process

You can check if your Windows Defender is really removed from your server by going back to server manager

You can also check it by going to Settings>Update & Security>Windows Defender

Just in case you need to re-install Windows Defender back:

To install Windows Defender back for whatever reason, just service:

Install-Windows-Feature -Name Windows-Defender

To install Windows Defender with GUI:

Install-WindowsFeature -Name Windows-Defender-GUI

That’s it, hope you find it useful