AD, Domain Controllers, DFS, talk to me

You know, experts needs a live chat room where we can get together in groups and chat things out.  That's how I work best you know....talking it thru with peeps and sorting out the mess.  Anyway....

Environ: Server 2008 Domain that I inherited.

The servers, as you all know, use DFS for sysvol replication.  That's great.  

DFS is also a role you can install for namespaces and folder replication.  

To me, the two things are different.  

What I inherited is that someone launched the DFS MSC on their PC and connected to the domain controller and added a ton of namespaces there.  They didn't install the role, they just connected to the DC and started adding namespaces, on the DC

To me, this is horrible!  

I would have installed the DFS role on a file server or something, NOT a DC, and put my namespaces there.  

In its current config, there are no tools to manage the DFS with and now, I have the task of upgrading the DC to 2012 R2.  I think the added problem of the DFS being on the DC like it is, complicates things.

I'd like some discussion on my thought process, about DFS, where it should be hosted, whether or not it should be on a DC, etc.

What I want to do is spin up servers to host the proper DFS role and leave the new DCs being DCs only and not piggy back off the DFS installed for the sysvol replication.



Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Will SzymkowskiSenior Solution ArchitectCommented:
IMO the DC should only ever have DFS shares for replicating Sysvol and Netlogon Shares. Adding extra namespaces could possibly create issues while trying to sync Sysvol and Netlogon Shares (if you are using DFSR).

If you are implementing DFS it SHOULD be on it's own server. Never add more to a DC if you do not have to. Although you can create multiple namespaces i would highly NOT recommend this. Creating a member server that hosts your DFS namespaces is the more appropriate way to go.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
crp0499CEOAuthor Commented:
I'm on the same page with you Will.  I'll see if anyone else wants to chime in before closing and awarding points.  I appreciate you taking time to reply.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.