Solved

DFS Root not visible when \\domain_name.ds is entered in explorer

Posted on 2009-05-19
15
2,734 Views
Last Modified: 2012-05-07
I'm somewhat at my wits end here and I'm sure it's probably something stupid that I'm missing or perhaps this is an expected behavior.

This is a new DFS implementation. It's a Win2K3 R2 domain-based DFS. DFS server is Win2K8  (running in win2000 mode) named DFS01. My domain name is qa1.ds.

I created several DFS Roots "APPLICATIONS", "STAGING", "USER_DATA", etc.

When I type \\QA1.DS\Applications, \\QA1.DS\STAGING, \\QA1.DS\USER_DATA - I can see the contents of the folder. However, if I go up one level to \\QA1.DS - it shows me shared objects on my domain controller - e.g. SYSVOL, NETLOGON, Printers and Faxes and Scheduled Tasks - none of the roots show up.

How do I stop traffic from going to my DC and instead just show my DFS roots? So, when I type \\QA1.DS - I want to see this:
\\QA1.DS
            |__APPLICATIONS
            |__STAGING
            |__USER_DATA

Is it even possible?
0
Comment
Question by:CynepMeH
  • 6
  • 5
  • 4
15 Comments
 
LVL 23

Expert Comment

by:debuggerau
Comment Utility
Have you published the share in AD?

Goto computer management, shares and check each share under the publish tab.
0
 
LVL 11

Author Comment

by:CynepMeH
Comment Utility
2008 server does not seem to offer that tab. I tried publishing it directly via ADUC and still no luck - when I hit \\brqa1.ds I'm still seeing my DC's shared resources.

I think it could be DNS related... no?
0
 
LVL 23

Expert Comment

by:debuggerau
Comment Utility
yes, what ever DC your connecting too should show up when looking at the domain share, however DFS is different.

It will create a replication of a share that you specify.

If that share is replicated across all DC's, it should be accessible that way, however, if it is not, providing a root domain share would only let people down when it was unavailable.

So, no, I don't think it is 'displayed' as a domain wide share.

0
 
LVL 6

Expert Comment

by:tatw
Comment Utility
For DFS implementation, I will create dfs root like this

\\QA1.DS\root\
                      |__APPLICATIONS
                      |__STAGING
                      |__USER_DATA

So the dfs root is \\yourdomain\root
0
 
LVL 23

Expert Comment

by:debuggerau
Comment Utility
either way will work, but having it publish at the root wont expose them on all DC's unless it is replicated everywhere..

0
 
LVL 11

Author Comment

by:CynepMeH
Comment Utility
@debuggerau - I'm not quite clear on your comments, can you please provide little more detail? What do you mean by "replicated everywhere"? When you have AD-integrated DFS, AFAIK it _is_ replicated as part of usual replication. As a matter of fact you can even use DFS as a replacement for FRS to replicate AD data.

Perhaps this will help to simplify the question:

Is there a way to see JUST DFS roots (not DC shares) when I type \\domain_name  (FQDN or NetBIOS) or must I always type \\domain_name\dfs_root_name?
0
 
LVL 6

Expert Comment

by:tatw
Comment Utility
You must always type \\domain_name\dfs_root_name.
For \\domain_name\, you will always get sysvol, printers and others.
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 11

Author Comment

by:CynepMeH
Comment Utility
@tatw: thanks for your reply - do you have any links/references I can throw to my overlords to tell them it's not possible?
0
 
LVL 23

Expert Comment

by:debuggerau
Comment Utility
been looking yesterday, but nothing came into view, its only suggested how it will work..

Let me check briefly..
brb
0
 
LVL 23

Expert Comment

by:debuggerau
Comment Utility
I've got to backtrack on domain wide share..

a DFS share that is AD published, should be accessible anywhere, but your right in that it is not displayed unless you are on the DC with the share.

(P.S.) only DC shares are domain wide.

So, I was saying that if you create a share on all DC's and replicate them from within DFS, they should appear to all clients, no matter what DC they connect to..

So, you must have several DC's, and the share is not one that your authenticating against.
So if you start DFS on your authenticating DC and replicate that share onto your DC, it should appear as available to your client when you search:
 \\QA1.DS\

Hope that helps..
0
 
LVL 6

Expert Comment

by:tatw
Comment Utility
Hi CynepMeH:

From http://support.microsoft.com/kb/315457
" Domain controllers will not service authentication request during the procedure. Only when the SYSVOL and NETLOGON folders are shared again will the domain controller"
I hope this could help u.


This link is talking about how to relocate the sysvol folders to different volume(not the share)
http://technet.microsoft.com/en-us/library/cc816594(WS.10).aspx
0
 
LVL 11

Author Comment

by:CynepMeH
Comment Utility
TATW - I don't follow how these articles are applicable. I'm not looking to redirect sysvol, I'm aware of that process. I'm looking to prevent my \\domain_name going to my \\domain_controller.

Try it on your network - type \\your_dc_name

Now try \\your_domain_name

If you have DFS try seeing if your DFS roots show up under \\your_domain_name\

If you see Sysvol, netlogon, scheduled tasks, etc and not your DFS Roots then you're seeing your dc default shares - that's the behavior I'd like to correct. It seems a lot more plausible now that in order to accomplish it I may have to create DC-based DFS roots (which I don't want to do).

0
 
LVL 23

Expert Comment

by:debuggerau
Comment Utility
Ok, if you don't want to redirect the sysvol etc to another share.
And you don't want to create DFS shares on your DC's.
But you want to have domain share not handled by the domain controllers.
Plus have root access to all DFS roots....
And have a public statement to that effect...

Sorry, cant be done.
0
 
LVL 6

Accepted Solution

by:
tatw earned 500 total points
Comment Utility
Well It is not possible to prevent sysvol shared on \\domain_name and \\dc_name.

If sysvol and netlogon is not shared then Domain controllers will not service authentication request during the procedure. This is what I want to tell you. (This is explicitly stated in the 1st link)

The 2nd link is just for you reference.
0
 
LVL 11

Author Closing Comment

by:CynepMeH
Comment Utility
Thanks.
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Join & Write a Comment

Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now