DFS Replication and Share Permissions

  • Thread starter Thread starter Fao, Sean
  • Start date Start date
F

Fao, Sean

Are there any special system level permissions (E.G. non user level
permissions) for the share and/or file system that need to be set in
order for replication between two or more servers, to occur properly? I
read the help files on best practices for creating a DFS on a Windows
2003 Server; however, no indication on exactly what permissions, if any,
should be set, have been indicated by the documentation.

Thanks in advance,

Sean
 
DFS makes use of the existing Windows NT NTFS permissions and share
permissions in place. You do not configure additional permissions in the
DFS. Replication is a system process and will be handled by Windows; as far
as I know, there is no need to configure specific permissions to allow
replication to happen.


--

Paul Williams
_________________________________________
http://www.msresource.net - Under construction, but coming soon...


Join us in our new forums!
http://forums.msresource.net
_________________________________________
 
ptwilliams said:
DFS makes use of the existing Windows NT NTFS permissions and share
permissions in place. You do not configure additional permissions in the
DFS. Replication is a system process and will be handled by Windows; as far
as I know, there is no need to configure specific permissions to allow
replication to happen.
Click to expand...

I wasn't very clear on my original post on what I actually needed so let
me try this again, being a little more explicit.

Drive E:\ is shared as Shares - No users should mount drives directly
E:\IT - Only IT Personnel
E:\Users - User Directories
E:\Work - Generic company related work

My intentions are to use the replication services in a DFS to replicate
a remote server, with no tape drive to another server, which does have a
tape drive, for backup purposes. I shared the root of E: so that I
didn't have to configure replication for three individual shares.

I configured the permissions for the root share on E: such that users
are unable to map drives directly to the share. I did, however, want to
verify that the FRS is still able to function properly.

Unfortunately, at the moment, replication services are not working
correctly at all. The event viewer (event ID 13508) on both servers
suggest that the two servers are unable to properly replicate with each
other (possibly due to a DNS problem). DNS does, however, appear to be
configured properly because I'm able to ping server 1 from server 2 and
vice versa, using each ones domain name.

It's entirely possible that I'm going about this entirely wrong because
I'm quite new to most of the features of Windows AD Services. I would
greatly appreciate any advice on the subject.

Thanks again,

Sean
 
By the way, just FYI, one server is running Windows 2003 Server, while
the other is a Windows 2000 Service Pack 3 system. Each one is in its
own site and are connected via point to point T1, which results in no
firewall restrictions between the two sites.
 
OK, sorry for the delay, I only just found this post again!!!

You'll have to use NTFS permissions to setup who can view, etc., and
therefore connect, to the folders. For example, granting only access to
E:\IT to IT, Administrators and SYSTEM will ensure no one else maps to this.
Also, granting no permissions to E:\ will mean that people can't map
directly to it.
My intentions are to use the replication services in a DFS to replicate
a remote server, with no tape drive to another server, which does have a
tape drive, for backup purposes. I shared the root of E: so that I
didn't have to configure replication for three individual shares.
Click to expand...

Hmmm, probably not a good idea. If you are using Directory Services DFS
then you cannot guarantee which share is accessed; it is also recommended
that you don't use DFS for dynamic data, that is, data that is subject to
frequent change such as documents, user folders, profiles, etc.

Also, huge amounts of data like this, especially if it's changing, will play
havoc with the NTFS USN Journal and replication all together. DFS
replicates the whole file when changed. So, a 457 page word doc with
pictures weighing in at 21.3MB that is reindexed because the font size
changed 0.5 will have to be replicated again -all 21.3MB of it. You may not
think that's too bad, but what about 300MB files?

This could be what is causing your FRS errors as well.

For the purposes that you require, I would look to an alternate solution.
There are third part apps that perform byte-level synchronisation, or for
archive purposes, I would probably look into scheduling robocop or xcopy at
the end of each day.

Post back if you need any more help or advice...


--

Paul Williams
_________________________________________
http://www.msresource.net - Under construction, but coming soon...
http://www.msresource.net/kb - Prototype, but there are docs...

Join us in our new forums!
http://forums.msresource.net
_________________________________________
 
Well, I was finally able to convince the company to spend some money on
a decent tape backup system rather than playing games. I'll be needing
to create a DFS for a few other shares at some point in the near future.
If I have any problems, I'll definitely stop back.

Thank you much for your help,

Sean
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Permission Problems in AD 5
DFS without replication 6
NTFRS Event ID 13562 after forced Deletion of DFS Configuration 0
DFS replication and the folder Ntfrs_PreExisting folders 5
Renaming DFS Folder 1
DFS Shares 1
dfs and security 1
DFS replication 4

Back
Top