none
File Server DR Strategy with DFS Replication data. RRS feed

  • Question

  • Below is the existing Setup:

    Configured File and Print Servers (Windows Server 2008R2 Standard Sp1 - Physical) in 5 Branch locations.

    Server Names: AFS1, BFS2, CFS3, DFS4, EFS5.

    No backups configured for the Branch Location file servers, instead configured a DFSR replication to Central Hub Servers (Windows Server 2008R2 Standard Sp1 - VMs). This hub servers are two and configured with Failover Clustering file Servers and attached 20 TB Storage.

    Users will access the data directly on the Branch location File Servers and will do the modifications, these branch File server's data will be replicating to Central Hub Clustered servers using the DFSR Replication after the business hours. 

    Backup will be performed on Hub Servers on daily basis using the backup tool called EMC Networker.

    The idea behind, in case of data deleted or file server crashed in the Branch Locations, data can be recovered from two locations, one is Central Hub Server’s storage and Second one from backup tapes.  

    How the data shared: Under “F” drive, created a Top Folder called A (Branch Name) and under “A” folder, created the Share folders to users with required Shared and NTFS permissions. Data type is group data.

    Configured DFSR Replication to replicate “A” folder data to Central Hub Storage server’s drive “T” under this path T\AFS1\A. AFS1 is only having the group date and other branch servers are having the User home folders data as well.  All these 5 File Servers data is replicating to T Drive, using same method as AFS1 server.

    We are currently working on implementing a DR strategy as below manner.

    Let’s say, the branch location file server completely crashed and data wiped, in this scenario, will build a base server with Window Server 2008R2, install the file and Print services. Copying the data from Central Hub Drives. Configuring the permissions.

    So far good,

    But, when we compare the permissions, share permission are not replicated to T Drive on Central Hub Server, NTFS permissions replicated exactly from the Branch File server along with additional permissions, i.e. Creator Owner with Special permissions, these permissions seems to be inherited from the T Drive default security permissions.

    Removing the Creator Owner permission from T drive default permissions will cause for any permissions issue. Please guide me.


    ------------------

    Ravi Ch


    Saturday, July 11, 2015 7:59 PM

Answers

  • Hi,

    Thanks for your post.

    So did you mean the share permission are not replicated but NTFS permission replicated ok, right?

    When do DFS replication between servers, only the NTFS permissions are replicated. Share permissions are stored locally on the registry.

    We could backup and restore the Share permission with steps here:

    Saving and restoring existing Windows shares
    http://support.microsoft.com/kb/125996

    Removing the Creator Owner permission from T drive default permissions will cause for any permissions issue.

    By default, all objects inherit permissions from their container, the permission that allowed the user to create the object normally allows them to read, write, or modify the object they just created.

    Because of the way NTFS works you can normally safely remove the “Creator Owner” object from the root of all NTFS volumes and all folder structures that use it.

    For more detailed information, we could refer to:

    http://networkadminkb.com/KB/a80/creator-owner-explained.aspx

    Meanwhile, for file server related issue, i would suggest you could ask in file server forums:

    https://social.technet.microsoft.com/Forums/windowsserver/en-us/home?forum=winserverfiles

    Regards.


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com

    Tuesday, July 14, 2015 8:57 AM
    Moderator

All replies

  • Hi,

    Thanks for your post.

    So did you mean the share permission are not replicated but NTFS permission replicated ok, right?

    When do DFS replication between servers, only the NTFS permissions are replicated. Share permissions are stored locally on the registry.

    We could backup and restore the Share permission with steps here:

    Saving and restoring existing Windows shares
    http://support.microsoft.com/kb/125996

    Removing the Creator Owner permission from T drive default permissions will cause for any permissions issue.

    By default, all objects inherit permissions from their container, the permission that allowed the user to create the object normally allows them to read, write, or modify the object they just created.

    Because of the way NTFS works you can normally safely remove the “Creator Owner” object from the root of all NTFS volumes and all folder structures that use it.

    For more detailed information, we could refer to:

    http://networkadminkb.com/KB/a80/creator-owner-explained.aspx

    Meanwhile, for file server related issue, i would suggest you could ask in file server forums:

    https://social.technet.microsoft.com/Forums/windowsserver/en-us/home?forum=winserverfiles

    Regards.


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com

    Tuesday, July 14, 2015 8:57 AM
    Moderator
  • Hi,

    Any update about the issue?

    Regards.


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com

    Monday, July 20, 2015 5:54 AM
    Moderator