Solved

DFS Root not visible when \\domain_name.ds is entered in explorer

Posted on 2009-05-19
15
2,741 Views
Last Modified: 2012-05-07
I'm somewhat at my wits end here and I'm sure it's probably something stupid that I'm missing or perhaps this is an expected behavior.

This is a new DFS implementation. It's a Win2K3 R2 domain-based DFS. DFS server is Win2K8  (running in win2000 mode) named DFS01. My domain name is qa1.ds.

I created several DFS Roots "APPLICATIONS", "STAGING", "USER_DATA", etc.

When I type \\QA1.DS\Applications, \\QA1.DS\STAGING, \\QA1.DS\USER_DATA - I can see the contents of the folder. However, if I go up one level to \\QA1.DS - it shows me shared objects on my domain controller - e.g. SYSVOL, NETLOGON, Printers and Faxes and Scheduled Tasks - none of the roots show up.

How do I stop traffic from going to my DC and instead just show my DFS roots? So, when I type \\QA1.DS - I want to see this:
\\QA1.DS
            |__APPLICATIONS
            |__STAGING
            |__USER_DATA

Is it even possible?
0
Comment
Question by:CynepMeH
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
  • 4
15 Comments
 
LVL 23

Expert Comment

by:debuggerau
ID: 24428170
Have you published the share in AD?

Goto computer management, shares and check each share under the publish tab.
0
 
LVL 11

Author Comment

by:CynepMeH
ID: 24428398
2008 server does not seem to offer that tab. I tried publishing it directly via ADUC and still no luck - when I hit \\brqa1.ds I'm still seeing my DC's shared resources.

I think it could be DNS related... no?
0
 
LVL 23

Expert Comment

by:debuggerau
ID: 24428713
yes, what ever DC your connecting too should show up when looking at the domain share, however DFS is different.

It will create a replication of a share that you specify.

If that share is replicated across all DC's, it should be accessible that way, however, if it is not, providing a root domain share would only let people down when it was unavailable.

So, no, I don't think it is 'displayed' as a domain wide share.

0
Free eBook: Backup on AWS

Everything you need to know about backup and disaster recovery with AWS, for FREE!

 
LVL 6

Expert Comment

by:tatw
ID: 24429053
For DFS implementation, I will create dfs root like this

\\QA1.DS\root\
                      |__APPLICATIONS
                      |__STAGING
                      |__USER_DATA

So the dfs root is \\yourdomain\root
0
 
LVL 23

Expert Comment

by:debuggerau
ID: 24429071
either way will work, but having it publish at the root wont expose them on all DC's unless it is replicated everywhere..

0
 
LVL 11

Author Comment

by:CynepMeH
ID: 24432960
@debuggerau - I'm not quite clear on your comments, can you please provide little more detail? What do you mean by "replicated everywhere"? When you have AD-integrated DFS, AFAIK it _is_ replicated as part of usual replication. As a matter of fact you can even use DFS as a replacement for FRS to replicate AD data.

Perhaps this will help to simplify the question:

Is there a way to see JUST DFS roots (not DC shares) when I type \\domain_name  (FQDN or NetBIOS) or must I always type \\domain_name\dfs_root_name?
0
 
LVL 6

Expert Comment

by:tatw
ID: 24433518
You must always type \\domain_name\dfs_root_name.
For \\domain_name\, you will always get sysvol, printers and others.
0
 
LVL 11

Author Comment

by:CynepMeH
ID: 24435600
@tatw: thanks for your reply - do you have any links/references I can throw to my overlords to tell them it's not possible?
0
 
LVL 23

Expert Comment

by:debuggerau
ID: 24437653
been looking yesterday, but nothing came into view, its only suggested how it will work..

Let me check briefly..
brb
0
 
LVL 23

Expert Comment

by:debuggerau
ID: 24437728
I've got to backtrack on domain wide share..

a DFS share that is AD published, should be accessible anywhere, but your right in that it is not displayed unless you are on the DC with the share.

(P.S.) only DC shares are domain wide.

So, I was saying that if you create a share on all DC's and replicate them from within DFS, they should appear to all clients, no matter what DC they connect to..

So, you must have several DC's, and the share is not one that your authenticating against.
So if you start DFS on your authenticating DC and replicate that share onto your DC, it should appear as available to your client when you search:
 \\QA1.DS\

Hope that helps..
0
 
LVL 6

Expert Comment

by:tatw
ID: 24438246
Hi CynepMeH:

From http://support.microsoft.com/kb/315457
" Domain controllers will not service authentication request during the procedure. Only when the SYSVOL and NETLOGON folders are shared again will the domain controller"
I hope this could help u.


This link is talking about how to relocate the sysvol folders to different volume(not the share)
http://technet.microsoft.com/en-us/library/cc816594(WS.10).aspx
0
 
LVL 11

Author Comment

by:CynepMeH
ID: 24445944
TATW - I don't follow how these articles are applicable. I'm not looking to redirect sysvol, I'm aware of that process. I'm looking to prevent my \\domain_name going to my \\domain_controller.

Try it on your network - type \\your_dc_name

Now try \\your_domain_name

If you have DFS try seeing if your DFS roots show up under \\your_domain_name\

If you see Sysvol, netlogon, scheduled tasks, etc and not your DFS Roots then you're seeing your dc default shares - that's the behavior I'd like to correct. It seems a lot more plausible now that in order to accomplish it I may have to create DC-based DFS roots (which I don't want to do).

0
 
LVL 23

Expert Comment

by:debuggerau
ID: 24446755
Ok, if you don't want to redirect the sysvol etc to another share.
And you don't want to create DFS shares on your DC's.
But you want to have domain share not handled by the domain controllers.
Plus have root access to all DFS roots....
And have a public statement to that effect...

Sorry, cant be done.
0
 
LVL 6

Accepted Solution

by:
tatw earned 500 total points
ID: 24451754
Well It is not possible to prevent sysvol shared on \\domain_name and \\dc_name.

If sysvol and netlogon is not shared then Domain controllers will not service authentication request during the procedure. This is what I want to tell you. (This is explicitly stated in the 1st link)

The 2nd link is just for you reference.
0
 
LVL 11

Author Closing Comment

by:CynepMeH
ID: 31583320
Thanks.
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Unable to access folder shares on Netapp 1 25
GPO denied - but why ? 6 57
msiexec won't run 4 31
Moving database to a shared server 7 34
A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question