none
dfs best practices

    Domanda

  • Hello,

    I got some questions about DFS, hope someone can answer them for me.

    1-When creating more namespaces, do i need to create more resource groups ?

    2-Do i need to create a folder in the namespace and create my shared folders in the created folder?

    3-What about the rights, how should i setup the right for the folders, shared and ntfs?

    regards,

    4- a different scenario, how should i configure Dfs for 2 branch offices?
    • Modificato enlil giovedì 17 maggio 2018 11:01
    giovedì 17 maggio 2018 10:58

Risposte

  • Hi!

    Let's have a look over your questions :-)

    Question: When creating more namespaces, do i need to create more resource groups
    Answer: Can you describe more what you mean by resource groups?

    Question: Do i need to create a folder in the namespace and create my shared folders in the created folder?
    Answer: You don't need to create a folder, you can have shared folders directly in the root (I would recommend to use folders to make it look nicer and easier to manage).

    Question: What about the rights, how should i setup the right for the folders, shared and ntfs?
    Answer:  For example, the namespace path is \\DFSNamespace\Share\IT(where IT the real location is in server1 G:\Share\IT). You go to the G drive find the folder IT to set related share and NTFS permission.

    Question: a different scenario, how should i configure Dfs for 2 branch offices?
    Answer: Can't really give a straight answer here since it's up to how you want it to be. But I would create two different DFSNamespaces (1 for each branch office) and then the shares to the respective branch office.

    More information about DFS can be found here:
    https://docs.microsoft.com/en-us/windows-server/storage/dfs-namespaces/dfs-overview

    If you have more questions, feel free to ask :-)

    Kind regards,
    Leon


    Blog: https://thesystemcenterblog.com  LinkedIn:   


    giovedì 17 maggio 2018 12:28
  • Hi

    Okay :-)

    DFS Replication is not a must have, you can use it if you want to replicate data between different nodes which increases the data availability.

    Refer to this article for more information regarding DFSR.
    https://msdn.microsoft.com/en-us/library/bb540031(v=vs.85).aspx

    Kind regards,
    Leon


    Blog: https://thesystemcenterblog.com  LinkedIn:   

    • Contrassegnato come risposta enlil venerdì 18 maggio 2018 07:58
    giovedì 17 maggio 2018 14:04
  • Hi,

    The actual permissions should be applied to the folder targets, so the permission of \\domain\dfs will not affect your data of DFS folders. 

    No need to change anything in the DFSRoot folder.

    Kind regards,
    Leon


    Blog: https://thesystemcenterblog.com  LinkedIn:   

    • Contrassegnato come risposta enlil venerdì 18 maggio 2018 07:58
    giovedì 17 maggio 2018 14:33
  • Hi,

    DFS-R and DFS-N are two separate things, you can set them up independently of each other. It is based on your own requirement.

    Here is an example about deploying dfs, you could also take a look before your deploying.

    https://mizitechinfo.wordpress.com/2013/08/21/step-by-step-deploy-dfs-in-windows-server-2012-r2/

    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    And for dfs permission settings, DFS clients will respect the combination of NTFS and share permissions set on the particular target the client is trying to access.

    You could also refer to the blog below.

    https://blogs.technet.microsoft.com/filecab/2006/08/09/does-a-dfs-namespace-have-its-own-permissions/

    Best Regards,

    Mary


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Contrassegnato come risposta enlil venerdì 18 maggio 2018 07:58
    venerdì 18 maggio 2018 06:01
    Moderatore
  • Hi!

    The DFS root is an object which consolidates your network shared folders and makes them available to network users as a single entry point.

    A DFS root has one of the following formats:
    \\ServerName\DFSRootName or \\DomainName\DFSRootName

    In DFS terms the Root is the share and a Link is a virtual Folder name to a remote server Share\folder.
    \\server\dfsroot\link ---> Where link points to \\server\share   or \\server\share\folder

     A link cannot be used to point to local d:\data, it must be a UNC path to a remote server.

    Kind regards,
    Leon


    Blog: https://thesystemcenterblog.com  LinkedIn:   

    • Contrassegnato come risposta enlil venerdì 18 maggio 2018 07:58
    venerdì 18 maggio 2018 06:18
  • ok, got it. Thats why i need to set rights. But normally readrights would be enough our will that conflict with targetrights?
    • Contrassegnato come risposta enlil venerdì 18 maggio 2018 07:58
    venerdì 18 maggio 2018 06:25
  • The default option which is the following should be enough.

    Kind regards,
    Leon


    Blog: https://thesystemcenterblog.com  LinkedIn:   

    venerdì 18 maggio 2018 06:28
  • Hi,

    Agree with Leon, in fact dfsroot folder is more like to be a place that save  the dfs  Link/ a referral. And the default permission is enough.

    This folder is created automatically when you configure a dfs namespace. In general, there's not need to assign another specific permission for domain user to access.

    For example, in my test lab, I create the dfs namespace  \\dong.com\public. Then in dfsroot folder there is a public

    And if you worried about the permission to access dfs namespace folder.

    In fact, you need to check that if the user has permission to access the folder target (where the share folder located)

    For example, one of my folder target is my server dfs1 c drive, information folder. Another folder target is  my server dfs2 c drive information folder.

    Then I need to check whether user has permission for share folder \\dfs1\information and \\dfs2\information If there's enough information.  Then user could access from client with the path \\dong.com\public\Info

    Best Regards,

    Mary


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Contrassegnato come risposta enlil venerdì 18 maggio 2018 07:58
    venerdì 18 maggio 2018 06:49
    Moderatore
  • Hi enlil,

    >should i add the fodlers localname our the sharename?

    When you add the folder target. You could browse the server (like below is dfs2) and choose the sharefolder (like below is information folder) you want to be as the target folder.

    Best Regards,

    Mary


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Contrassegnato come risposta enlil venerdì 18 maggio 2018 07:58
    venerdì 18 maggio 2018 07:32
    Moderatore

Tutte le risposte

  • Hi!

    Let's have a look over your questions :-)

    Question: When creating more namespaces, do i need to create more resource groups
    Answer: Can you describe more what you mean by resource groups?

    Question: Do i need to create a folder in the namespace and create my shared folders in the created folder?
    Answer: You don't need to create a folder, you can have shared folders directly in the root (I would recommend to use folders to make it look nicer and easier to manage).

    Question: What about the rights, how should i setup the right for the folders, shared and ntfs?
    Answer:  For example, the namespace path is \\DFSNamespace\Share\IT(where IT the real location is in server1 G:\Share\IT). You go to the G drive find the folder IT to set related share and NTFS permission.

    Question: a different scenario, how should i configure Dfs for 2 branch offices?
    Answer: Can't really give a straight answer here since it's up to how you want it to be. But I would create two different DFSNamespaces (1 for each branch office) and then the shares to the respective branch office.

    More information about DFS can be found here:
    https://docs.microsoft.com/en-us/windows-server/storage/dfs-namespaces/dfs-overview

    If you have more questions, feel free to ask :-)

    Kind regards,
    Leon


    Blog: https://thesystemcenterblog.com  LinkedIn:   


    giovedì 17 maggio 2018 12:28
  • many thanks for the reply. i made a typo, with resource groups, i mean replication groups.
    giovedì 17 maggio 2018 13:58
  • Hi

    Okay :-)

    DFS Replication is not a must have, you can use it if you want to replicate data between different nodes which increases the data availability.

    Refer to this article for more information regarding DFSR.
    https://msdn.microsoft.com/en-us/library/bb540031(v=vs.85).aspx

    Kind regards,
    Leon


    Blog: https://thesystemcenterblog.com  LinkedIn:   

    • Contrassegnato come risposta enlil venerdì 18 maggio 2018 07:58
    giovedì 17 maggio 2018 14:04
  • Perfect.but is there a best practice a ailabl3 for ntfs and sharerights and policy for Dfs?Because i also still dont get the purpose of the dfsroot on the c drive and the permissions i need to set there.


    • Modificato enlil giovedì 17 maggio 2018 14:26
    giovedì 17 maggio 2018 14:22
  • Hi,

    The actual permissions should be applied to the folder targets, so the permission of \\domain\dfs will not affect your data of DFS folders. 

    No need to change anything in the DFSRoot folder.

    Kind regards,
    Leon


    Blog: https://thesystemcenterblog.com  LinkedIn:   

    • Contrassegnato come risposta enlil venerdì 18 maggio 2018 07:58
    giovedì 17 maggio 2018 14:33
  • Hi,

    DFS-R and DFS-N are two separate things, you can set them up independently of each other. It is based on your own requirement.

    Here is an example about deploying dfs, you could also take a look before your deploying.

    https://mizitechinfo.wordpress.com/2013/08/21/step-by-step-deploy-dfs-in-windows-server-2012-r2/

    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    And for dfs permission settings, DFS clients will respect the combination of NTFS and share permissions set on the particular target the client is trying to access.

    You could also refer to the blog below.

    https://blogs.technet.microsoft.com/filecab/2006/08/09/does-a-dfs-namespace-have-its-own-permissions/

    Best Regards,

    Mary


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Contrassegnato come risposta enlil venerdì 18 maggio 2018 07:58
    venerdì 18 maggio 2018 06:01
    Moderatore
  • many thanks for the reply. but when installing dfs, i also need to choose permissions for users in the c:\dfsroot. It can be read, modify and some other rights. IF the targets are only leading in the permission proces, whats the purpose of rights at c:\dfsroot?
    venerdì 18 maggio 2018 06:15
  • Hi!

    The DFS root is an object which consolidates your network shared folders and makes them available to network users as a single entry point.

    A DFS root has one of the following formats:
    \\ServerName\DFSRootName or \\DomainName\DFSRootName

    In DFS terms the Root is the share and a Link is a virtual Folder name to a remote server Share\folder.
    \\server\dfsroot\link ---> Where link points to \\server\share   or \\server\share\folder

     A link cannot be used to point to local d:\data, it must be a UNC path to a remote server.

    Kind regards,
    Leon


    Blog: https://thesystemcenterblog.com  LinkedIn:   

    • Contrassegnato come risposta enlil venerdì 18 maggio 2018 07:58
    venerdì 18 maggio 2018 06:18
  • ok, got it. Thats why i need to set rights. But normally readrights would be enough our will that conflict with targetrights?
    • Contrassegnato come risposta enlil venerdì 18 maggio 2018 07:58
    venerdì 18 maggio 2018 06:25
  • The default option which is the following should be enough.

    Kind regards,
    Leon


    Blog: https://thesystemcenterblog.com  LinkedIn:   

    venerdì 18 maggio 2018 06:28
  • Hi,

    Agree with Leon, in fact dfsroot folder is more like to be a place that save  the dfs  Link/ a referral. And the default permission is enough.

    This folder is created automatically when you configure a dfs namespace. In general, there's not need to assign another specific permission for domain user to access.

    For example, in my test lab, I create the dfs namespace  \\dong.com\public. Then in dfsroot folder there is a public

    And if you worried about the permission to access dfs namespace folder.

    In fact, you need to check that if the user has permission to access the folder target (where the share folder located)

    For example, one of my folder target is my server dfs1 c drive, information folder. Another folder target is  my server dfs2 c drive information folder.

    Then I need to check whether user has permission for share folder \\dfs1\information and \\dfs2\information If there's enough information.  Then user could access from client with the path \\dong.com\public\Info

    Best Regards,

    Mary


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Contrassegnato come risposta enlil venerdì 18 maggio 2018 07:58
    venerdì 18 maggio 2018 06:49
    Moderatore
  • Thanks. got it. Am testing now with homefolders. Both the folders(targets0 need to be created on the dfs fileservers, but the users homefolders will be replicated.

    But when creating a namespace and adding the folder, should i add the folders local name our the share name?


    • Modificato enlil venerdì 18 maggio 2018 07:57
    venerdì 18 maggio 2018 07:00
  • Hi enlil,

    >should i add the fodlers localname our the sharename?

    When you add the folder target. You could browse the server (like below is dfs2) and choose the sharefolder (like below is information folder) you want to be as the target folder.

    Best Regards,

    Mary


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Contrassegnato come risposta enlil venerdì 18 maggio 2018 07:58
    venerdì 18 maggio 2018 07:32
    Moderatore