DFS or Security?

Looking for some clues here.  We had files scattered over several servers (Server 2003 32-bit) linked using domain DFS.  Bought a new server (Server 2008 64-bit) and using DFS replicated all files into one place on the new server.  To avoid problems, initially the new server target was set to disabled in DFS referral.  The old server needs to be decomissioned.

Where I want help is that I thought it would be a simple case of switching the DFS referral on for the new server and off for the old server.  Replication would continue to take place but users would be re-directed to the new server for their files.  

This doesn't appear to be the case, when I do the above users start to email me saying they can't access folders in the DFS.  I can back out the change and it all reverts to normal for XP users, Win2k have to reboot first.  Also had to reboot server 2k3 running rdp.

The share permissions are set for everyone 'read only' on both servers (and now the change is backed out access is as normal).  However Security on the old 2k3 server includes the domain/users group.  I can not find this group to add it in the new 2k8 server.  The 2k3 server IS a DC.  the 2k8 server is just a member server.

Are my problems DFS or permissions related (or both)?
Thanks in advance.
dchoxfordAsked:
Who is Participating?
 
FLPeopleConnect With a Mentor Commented:
Your assumptions are correct on the referrals.  That is how we are using it across sites here.  

The default time to live for a referral is 5 minutes. So if these servers are at the same site you should expect no more than 5 minutes before they are accessing the new server.  If the servers are at separate sites you will have to wait for the domain controllers to replicate the change to dfs, then you are looking at an additional 5 minutes after that.  

Good to hear that you resolved the security issue.  We do not have any production 2k8 boxes in yet.  Had a beta setup in a test domain and didn't see that issue.
0
 
FLPeopleCommented:
It looks like your problems are related to permissions.  Since the new server is not a member of the domain  and I'm assuming the users are, the new server will not allow them access.  

Your best option would to be add the server to the domain.  Then add the appropriate user groups to the NTFS security settings on the server.  When you add the server to the domain the domain users group will be added to the local server user account which may be all that your looking for.  

If that is not an option you will have to enable the guest account and allow everyone access on the new server or create all your users as local users on the new server.  
0
 
dchoxfordAuthor Commented:
The new server is a member of the domain, just not a DC.
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
FLPeopleCommented:
Sorry about that.  I read your post as it being a standalone server.  

When you look at the security on the 2k8 server for the DFS structure does it show any groups?  Sid numbers?  Since the NTFS permissions are supposed to replicate with the files I wonder if they are making it or not.  

It looks like you have tried to manually add the groups also, can you find any domain resources when you try to do an add?  

 
0
 
dchoxfordAuthor Commented:
Thanks for the comment FLPeople.  I think I have worked out the security thing.  In Server 2003 you can enter 'users' as a group and this is acceptable.  However on Server 2008 it seems that you have to specify 'domain users'.  I think this will solve my security issue.

However can you tell me if I'm right in my assumptions re DFS?  If I have 2 targets, fully replicated, DFS referral enabled on the original server and disabled on the new server - should I just be able to switch the referrals over and my users non the wiser?  Approx how long should the change over take?

Thanks
0
 
dchoxfordAuthor Commented:
Hmm, ok guess I'm going to have to bit the bullet again and switch the referral and see what happens.  Pretty certain it was the security issue that locked things up last time.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.