AD Offline after Virtualization of Domain Controller

By | May 23, 2020

After virtualization of a Domain Controller the domain is in a failed state with these issues:

  • The Domain Controllers cannot communicate with any Active Directory services.
  • SYSVOL is not shared
  • Network profile is public

The fix is to force an authoritative FRS restore on the DC:

Run commands on the AD server with the PDC, or the AD with the most up to date AD information :

  1. Begin by running this command on all replica AD servers: Net Stop NtFrs
  2. Regedit: HLM\SYSTEM\CurrenControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup\BurFlags
  3. Set it to to D4
  4. Net Start NtFrs
  5. Net Share

If successful

  • SYSVOL share appears
  • Network profile is Domain Network
  • AD is now connecting
  • BurFlags registry value returns to 0

Any replica AD server will need to run a non-authoritative FRS restore

  1. Net Stop NtFrs (previously ran above)
  2. Regedit: HLM\SYSTEM\CurrenControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup\BurFlags
  3. Set it to to D2
  4. Net Start NtFrs