Solved

DFS Root not visible when \\domain_name.ds is entered in explorer

Posted on 2009-05-19
15
2,740 Views
Last Modified: 2012-05-07
I'm somewhat at my wits end here and I'm sure it's probably something stupid that I'm missing or perhaps this is an expected behavior.

This is a new DFS implementation. It's a Win2K3 R2 domain-based DFS. DFS server is Win2K8  (running in win2000 mode) named DFS01. My domain name is qa1.ds.

I created several DFS Roots "APPLICATIONS", "STAGING", "USER_DATA", etc.

When I type \\QA1.DS\Applications, \\QA1.DS\STAGING, \\QA1.DS\USER_DATA - I can see the contents of the folder. However, if I go up one level to \\QA1.DS - it shows me shared objects on my domain controller - e.g. SYSVOL, NETLOGON, Printers and Faxes and Scheduled Tasks - none of the roots show up.

How do I stop traffic from going to my DC and instead just show my DFS roots? So, when I type \\QA1.DS - I want to see this:
\\QA1.DS
            |__APPLICATIONS
            |__STAGING
            |__USER_DATA

Is it even possible?
0
Comment
Question by:CynepMeH
  • 6
  • 5
  • 4
15 Comments
 
LVL 23

Expert Comment

by:debuggerau
ID: 24428170
Have you published the share in AD?

Goto computer management, shares and check each share under the publish tab.
0
 
LVL 11

Author Comment

by:CynepMeH
ID: 24428398
2008 server does not seem to offer that tab. I tried publishing it directly via ADUC and still no luck - when I hit \\brqa1.ds I'm still seeing my DC's shared resources.

I think it could be DNS related... no?
0
 
LVL 23

Expert Comment

by:debuggerau
ID: 24428713
yes, what ever DC your connecting too should show up when looking at the domain share, however DFS is different.

It will create a replication of a share that you specify.

If that share is replicated across all DC's, it should be accessible that way, however, if it is not, providing a root domain share would only let people down when it was unavailable.

So, no, I don't think it is 'displayed' as a domain wide share.

0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 6

Expert Comment

by:tatw
ID: 24429053
For DFS implementation, I will create dfs root like this

\\QA1.DS\root\
                      |__APPLICATIONS
                      |__STAGING
                      |__USER_DATA

So the dfs root is \\yourdomain\root
0
 
LVL 23

Expert Comment

by:debuggerau
ID: 24429071
either way will work, but having it publish at the root wont expose them on all DC's unless it is replicated everywhere..

0
 
LVL 11

Author Comment

by:CynepMeH
ID: 24432960
@debuggerau - I'm not quite clear on your comments, can you please provide little more detail? What do you mean by "replicated everywhere"? When you have AD-integrated DFS, AFAIK it _is_ replicated as part of usual replication. As a matter of fact you can even use DFS as a replacement for FRS to replicate AD data.

Perhaps this will help to simplify the question:

Is there a way to see JUST DFS roots (not DC shares) when I type \\domain_name  (FQDN or NetBIOS) or must I always type \\domain_name\dfs_root_name?
0
 
LVL 6

Expert Comment

by:tatw
ID: 24433518
You must always type \\domain_name\dfs_root_name.
For \\domain_name\, you will always get sysvol, printers and others.
0
 
LVL 11

Author Comment

by:CynepMeH
ID: 24435600
@tatw: thanks for your reply - do you have any links/references I can throw to my overlords to tell them it's not possible?
0
 
LVL 23

Expert Comment

by:debuggerau
ID: 24437653
been looking yesterday, but nothing came into view, its only suggested how it will work..

Let me check briefly..
brb
0
 
LVL 23

Expert Comment

by:debuggerau
ID: 24437728
I've got to backtrack on domain wide share..

a DFS share that is AD published, should be accessible anywhere, but your right in that it is not displayed unless you are on the DC with the share.

(P.S.) only DC shares are domain wide.

So, I was saying that if you create a share on all DC's and replicate them from within DFS, they should appear to all clients, no matter what DC they connect to..

So, you must have several DC's, and the share is not one that your authenticating against.
So if you start DFS on your authenticating DC and replicate that share onto your DC, it should appear as available to your client when you search:
 \\QA1.DS\

Hope that helps..
0
 
LVL 6

Expert Comment

by:tatw
ID: 24438246
Hi CynepMeH:

From http://support.microsoft.com/kb/315457
" Domain controllers will not service authentication request during the procedure. Only when the SYSVOL and NETLOGON folders are shared again will the domain controller"
I hope this could help u.


This link is talking about how to relocate the sysvol folders to different volume(not the share)
http://technet.microsoft.com/en-us/library/cc816594(WS.10).aspx
0
 
LVL 11

Author Comment

by:CynepMeH
ID: 24445944
TATW - I don't follow how these articles are applicable. I'm not looking to redirect sysvol, I'm aware of that process. I'm looking to prevent my \\domain_name going to my \\domain_controller.

Try it on your network - type \\your_dc_name

Now try \\your_domain_name

If you have DFS try seeing if your DFS roots show up under \\your_domain_name\

If you see Sysvol, netlogon, scheduled tasks, etc and not your DFS Roots then you're seeing your dc default shares - that's the behavior I'd like to correct. It seems a lot more plausible now that in order to accomplish it I may have to create DC-based DFS roots (which I don't want to do).

0
 
LVL 23

Expert Comment

by:debuggerau
ID: 24446755
Ok, if you don't want to redirect the sysvol etc to another share.
And you don't want to create DFS shares on your DC's.
But you want to have domain share not handled by the domain controllers.
Plus have root access to all DFS roots....
And have a public statement to that effect...

Sorry, cant be done.
0
 
LVL 6

Accepted Solution

by:
tatw earned 500 total points
ID: 24451754
Well It is not possible to prevent sysvol shared on \\domain_name and \\dc_name.

If sysvol and netlogon is not shared then Domain controllers will not service authentication request during the procedure. This is what I want to tell you. (This is explicitly stated in the 1st link)

The 2nd link is just for you reference.
0
 
LVL 11

Author Closing Comment

by:CynepMeH
ID: 31583320
Thanks.
0

Featured Post

Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
This article runs through the process of deploying a single EXE application selectively to a group of user.
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question