Add a DFS Namespace server

Posted on 2014-02-06
Medium Priority
Last Modified: 2014-02-12
I have a Windows Server 2003 domain with three sites.  We have a DFS namespace and are using DFS replication.  At two of the sites we have servers that are namespace servers and replication partners, (one at each site) and at a third site we have a server that is a replication partner but not a namespace server.  All the data replicates between all three servers.  We need a namespace server at this third site and would like to make the replication server the namespace server, but I am concerned about causing problems with the existing data.  When I select the add namespace server, the dialogue box under the "edit settings" button is clearly defining a path for files.  My fear is that this may wipe out current data or cause a permissions problem.  Can anyone tell me what effect designating this server as a replication partner will have?
Question by:mybrainhertz
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
LVL 42

Expert Comment

ID: 39842212
DFS namespace and DFS Replication are completely separate services that have nothing to do with each other. The DFS namespace share root should be a new share of an empty directory. In some versions of Windows, the default location for namespace shares is c:\dfsroots.  I don't remember if 2003 does that, it may have started in 2008/R2. As long as your DFS namespace share is an empty directory outside of any DFS Replication hierarchy you should be fine. Don't forget that you need to make sure that the share and NTFS permissions are correct. My permissions are usually everyone full for the share, and only system has full for NTFS, and everyone else, including administrators, only has read, and that there are no special permissions. The defaults allow create access inside the DFS namespace share, so you get files appearing higher up in the namespace than the actual shares where you want them to be and they only appear when attached to a specific namespace server because anything under the physical namespace share that isn't a DFS link isn't replicated.
LVL 37

Expert Comment

ID: 39842339
Adding existing Replica server as name space server in existing DFS will not delete data.
It will create brand new directory structure as C:\DFSRoot\DFsNameSpace on replica server which is not already there.
This is standard behaviour since 2003 R2 OS
Just change default perms to administrators have full control access and everyone has read access on namespace root directory which you can set from edit settings tab.

Also you need to take below actions as well to share folders on replica server
To enable file sharing on a replicated folder and optionally add the folder to a DFS namespace, use the following procedures:

To share a replicated folder

1. Click Start , point to Administrative Tools , and then click DFS Management .

2. In the console tree, under the Replication node, click the replication group that contains the replicated folder you want to share.

3. In the details pane, on the Replicated Folders tab, right-click the replicated folder that you want to share, and then click Share and Publish in Namespace .

4. On the Publishing Method page, choose Share the replicated folder or Share and Publish in Namespace , and then follow the steps in the wizard.



Author Comment

ID: 39843167
I guess the thing that is confusing me is the DFS namespace root share.  If the namespace already exists why does it create a new share?  So for instance, on this server, D:\data\ already contains the directories that are shared out through DFS.  These directories are replicated to other servers and DFS directs users to the appropriate server depending on which site they are at.  Or...what if I wanted a server that just responded to namespace queries and did not contain any of the data?
The directory it wants to create is c:\dfsroots as you suspected.  I do not see this directory on either of the other servers, but this all pre-dates my involvement with this environment.
Again, my major concern is affecting the existing data.  Also a little more background...at one point the server that contains data but is not a namespace server was a namespace server, but was rebuilt after a crash with a new name and the data copied back and replication repaired, but the lack of a namespace server at that site was never addressed.
Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.


Author Comment

ID: 39843181
To clarify, there are already folders on this server that are shared out through DFS and they are also replicated.  What goes in the c:\dfsroots\ directory?  It seems I would not need it.
LVL 42

Assisted Solution

kevinhsieh earned 1000 total points
ID: 39843255
I don't have access to the Windows 2003 tools anymore, but when you look at the DFS namespace I see a tab for Namespace Servers, which shows all of the namespace servers for this namespace, and the path to the share that has the namespace. The namespace shares only contain pointers to the shares that contain the data. Look at your installation, you should see what I am talking about.
LVL 37

Accepted Solution

Mahesh earned 1000 total points
ID: 39843799
DFS links are virtual links and not contains physical shared folders.
DFSRoot is the folder that will get created only when you add server as name space server
If you have only replicated folders across multiple servers you won't be able to find DFSRoot folder there
DFSRoot folder is where share folder links are stored as junction points with DFS
Based on your question, it seems that you are not aware about basic purpose of DFS
Under DFS, you can have share folder targets listed from multiple servers so that once you open DFS root share (For Ex: domain.com\public), you will get listing of all your shared folders no matter actual shares reside on which servers
Multiple name space servers provide you some kind of redundancy in case of one name space server gone down.
That is why you must have DFSRoot folder on all servers which you added as a name space servers so that they can have complete DFS hierarchy and can be used as alternate name space server in case of 1st one dies.
Note that DFSRoot folder also get synchronized across all name space servers in order to maintain complete hierarchy
Hence you should be able to add name space server without any issue even if you have dfs replicated folders on it.It will not touch any replicated folder as name space and replication are two separate terms
Also if your replicated folders are already shared, then you need to just add them as folder targets in existing name space so that name space will have redundancy in terms of server
For Ex:
domain.com\Public is the dfs name space
Underneath that you have domain.com\public\userdata
You have added two servers namely server1 and server2 as name space servers
Underneath userdata, there are two folders which are also replicated to each other on two separate servers

Now when user access domain.com\public, DFS actually point user to name space server in his own site 1st (may be server1)
Suppose we assumed that both servers are in same site, and if server1 gone down
In that case if users accessing domain.com\public, they should be automatically get pointed to server2 as a alternate name space server due to referrals
Also if \\server3 server gone down, still users will be redirected to  \\server4 due to referrals

Now if according to you, if DFSRoot folder with links is not there, they won't be able to find there shared folders

Hope that helps


Featured Post

Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question