SYSVOL Folder Structure

About each folder under the SYSVOL share in Domain Controller

SYSVOL folder used to store a copy of the domain’s public files like system policies, Group Policy settings and logon/logoff scripts, which are replicated to all other domain controllers in the Active Directory domain through File Replication Services (FRS), You can find many folders inside the SYSVOL share, I would like to explore and explain each folder by how it’s used in the process of SYSVOL replication.



SYSVOL Folder Structure

\Sysvol
|____
| |____Policies
| |____Scripts
| |____ DO_NOT_REMOVE_NtFrs_PreInstall_Directory
| |____ NtFrs_PreExisting___See EventLog
|
|____Enterprise
| |____Policies
| |____Scripts
|
|____Staging
| |____Domain
| |____Enterprise
|
|____Staging Areas
| |____Enterprise (junction> = Sysvol\Staging\Enterprise)
| |____Your Domain Name (junction> = Sysvol\Staging\Domain)
|
|____Sysvol
| |____Enterprise (junction> = Sysvol\Enterprise)
| |____Your Domain Name (junction> = Sysvol\Domain)

Before I discuss about the SYSVOL folder structure, we should know about the junction points,

Junction point: is a physical location on a hard disk that points to data that is located elsewhere on the hard disk or on another storage device. Junction points look like folders and behave like folders but they are not folders. A junction point contains a link to another folder. When a program opens it, the junction point automatically redirects the program to the folder to which the junction point is linked

If you open a \\%systemroot%\SYSVOL\sysvol, it actually opens the content in %systemroot%\SYSVOL\domain, you can also see this in command prompt, go to SYSVOL folder in command prompt and type DIR you can notice some of folder are shown as all are junction points

%systemroot%\SYSVOL\staging areas\domainnam pointing to %systemroot%\SYSVOL\staging\domain


%systemroot%\SYSVOL\sysvol pointing to %systemroot%\SYSVOL\domain


Staging Folder

When ever you change the GPO settings the corresponding policy folder in SYSVOL get updated and this change needs to be replicated to other replication members (Domain controller) how it’s happens? Staging folder acts like a queue for changed files and folders to be replicated to downstream partners.

FRS creates a file in staging folder by using APIs (backup application programming interfaces) based on the change and replicates to the downstream partners, downstream partners use restore APIs to reconstruct the staging files in the preinstall folder, full file get copied from staging folder to preinstall folder.

Preinstall folder

Preinstall folder is nothing but the DO_NOT_REMOVE_NtFrs_PreInstall_Directory. Folder located under the replica root (Domain folder). Files and folders are replicated from the upstream partner staging folder. After the file or folder is completely replicated, it is renamed to its target location in the replica tree. So that partially constructed files are not visible in the replica tree

Pre-existing folder

The pre-existing folder, named NtFrs_PreExisting___See EventLog, is an optional folder that is located under the replica root (Domain folder). It may not be available by default like others folders, If pre-existing folder is present on a replica member then mostly one of the below reasons.

• Active Directory Restore:
• SYSVOL Non-authoritative restore (also called D2):
• Server was pre-staged before it was added to the replica set

Mostly FRS moves existing data in the replica tree to the pre-existing folder and then receives the updated replica tree from one of the upstream partners and deletes the files inside the pre-existing folder after the successful completion of replication.

Policies Folder

Policy folder contains the list of folders for each policy, if you create a new Group Policy it will create a Group policy templates folder on SYSVOL share under policy, it will contain the group policy setting related to that policy, GPT folder name would be Globally Unique Identifier (GUID) of the GPO that you created.

Scripts Folder

Script Folder contains all the logon/logoff scripts which is used by the various policies