Nicole Rappe
c4d3f4735b
5.4 KiB
Purpose
If you want to ensure that data is safely replicated across multiple file servers in a domain environment, you will want to set up DFS "namespaces". These are network shares that are distributed across multiple file servers, and appear as one network share. They replicate to eachother automatically, keeping both in sync with eachother. The document below outlines the process of deploying DFS across two (2) file servers.
!!! info "Assumptions"
It is assumed that you have at least two Windows Server based servers already set-up, both are running the correct Editions of Windows Server (e.g. "Standard"), are activated, and are domain joined with sensible hostnames (e.g. LAB-FPS-01 and LAB-FPS-02), and that both have statically-assigned IP addresses.
Installing Server Roles
The first step you want to perform is installing the necessary roles on both servers.
- Navigate to "Server Manager > Manage > Add Roles and Features
- Click "Next" through the windows of the role wizard until you reach the "Server Roles" page
- Expand "File and Storage Services"
- Expand "File and iSCSI Services"
- Check "File Server"
- Check "DFS Namespaces"
- Check "DFS Replication"
- Expand "File and iSCSI Services"
- Click the "Next" button
- Click the "Next" button
- Click the "Install" button and wait for the installation to finish.
Create & Configure Network Shares
The next step in the process is to ensure that the network shares that will be shared via DFS have sane permissions. You will want to ensure the following minimum permissions are configured.
!!! warning "Replicate Folders and Permissions Across all File Servers" It is important for you to understand that every member server of the DFS namespaces and replication need to be configured identically, with the same local drive letters and folder structures.
**NOTE**: The data for the shares only needs to exist on one server to ensure it can be replicated across to the other member servers of the DFS namespaces. During DFS configuration, this server is designated as the "Primary Member". This server's folder contents are treated as authoritative for the initial sync and replicate to the other members of the DFS namespace.
| Permission Type | User / Group | Access Level | Details |
|---|---|---|---|
| Share | Authenticated Users |
Full Control | This is to ensure that only domain authenticated users can access the share. |
| NTFS | SYSTEM |
Full Control | This is so DFS replication can properly function. |
| NTFS | Share_Admins |
Full Control | This is a security group I created for admins to manage the data on network shares unilaterally. |
| NTFS | <Any Users / Groups That Need Access> | Modify | This is for anyone who needs access to these specific files / folders. |
!!! info "Disable Permission Inheritance" It's just more organized to keep permission inheritance turned-off for the share, so parent folder permissions don't influence it, which could cause unexpected issues in the future if the parent's permissions were changed.
DFS Breakdown
At this point, we need to create a DFS "Namespace". This is basically a logical representation of either a single or a group of individual folders on one or more file servers. The files and folders appear under a singular location like \\bunny-lab.io\Projects\Scripting. In this example, Projects is the namespace (Its not a real folder with data), and Scripting is a folder replicated across one or more file servers, mapping to a real (generally hidden) network share like \\LAB-FPS-01\Projects$\Scripting. In this example, there is a network share located at Projects$ that (organizationally) correlates to the Projects DFS namespace, but you should not put files and folders in this root location, as it can cause issues or introduce potential corruption.
DFS Configuration
Now, we need to start working on actually setting up DFS now that the shares exist (and are configured identically) on all member servers. You can choose to do these steps on any of the member servers, but I recommend using the lowest number server (e.g. LAB-FPS-01). The configurations will be automatically replicated across to all member servers from the server you choose to configure, so in reality, it really doesn't matter which server you choose.
Create Namespace(s)
- Navigate to "Server Manager > Tools > DFS Management"
- In the left-hand sidebar, right-click "Namespaces" > "New Namespace..."
- Choose a member server (e.g.
LAB-FPS-01) then click "Next" - Give a name to the namespace (e.g.
Projects) then click "Next"- You do not need to click on the "Edit Settings" button. Just leave all of the settings as-is with
All users have read-only permissionsas this permission controls the namespace configuration data permissions inC:\DFSRoots\<Namespace>
- You do not need to click on the "Edit Settings" button. Just leave all of the settings as-is with
- Click "Next"
- Ensure that the "Domain-based namespace" radio button is checked, and the "Enable Windows Server 2008 mode" is checked.
- The domain-based namespace example should look something like this:
\\bunny-lab.io\Projects
- The domain-based namespace example should look something like this:
- Click "Next"
- Choose a member server (e.g.
- At this point, the namespace was created and you can move onto linking folders to the namespace to make their data appear inside of it and replicate to other member servers.
Link Folders to Namespace(s)
At this point, we need to configure