Thursday, August 30, 2012

Mapping Drives in Logon Scripts


It sure seems like there should be. Mapping drives for users has been a task IT has needed to do since the first network drive. Yet getting those drives correctly provisioned to users isn’t a task that’s come easily – even with today’s newer technologies like PowerShell and Group Policy Preferences. In fact, some of those newer technologies might even be more difficult than our old friend the net use command, depending on what you need to accomplish.
Considering how mapped drives exist in companies everywhere, you’d think a super-simple solution would exist right inside Windows itself. Without help from third-party solutions, you’ll be surprised to find that…well…there isn’t.
Let’s take a look, however, at what you can do. I’ll start by looking at some of the ways people have provisioned mapped drives to users in the past. I’ll bet the very first solution you found was inside each user’s object. Even back before Active Directory, each individual user could be assigned a single mapped drive as their “Home Directory” (now called “Home Folder”) in their user environment profile.
 
Figure 1: User profile.
You can see in Figure 1 how each user profile has a place to connect a single home drive. Home drives are great, and you probably use them for network storage of user data, but home drives aren’t enough when you’ve got additional network drives that need to get mapped. If you need to map two or more drives, you’ve got to look elsewhere for a solution.

Mapping the Drive

It’s for this reason why many people’s second approach to mapping drives is achieved through logon scripts. Logon scripts extended the single drive limitation of home drives frankly because they’re completely malleable. You can create a logon script to accomplish whatever tasks you want, as long as your scripting prowess can handle the task.
You’ve surely created or modified a logon script before. With batch scripting, creating a mapped drive requires just a single line:
net use S: \\server\shared\finance
VBScript requires only one additional line to accomplish the same thing:
Set objNetwork = CreateObject("WScript.Network")
objNetwork.MapNetworkDrive "S:" , "\\server\shared\finance"
PowerShell, everyone’s favorite new scripting language, brings us back to a single line, but oh what a line it is!
(New-Object -ComObject WScript.Network).MapNetworkDrive("S:", “\\Server\shared\finance”)
While each of these three languages indeed maps the drive you’re looking for, each has their own problems and limitations that limit how effective they really are.
Remember that in order to use any of these, you’ll first have to accomplish a few things. First, you’ll have to actually create that script you want to deploy. Your script will probably include additional configurations over and above any drive mappings. Maybe you’ll set a few environment variables or pop up a dialog box with an acceptable use statement. All of these extra things you’ll need to add into that script and test to your satisfaction before you can use it.

Installing the Logon Script

Once created, deploying the script to users most often happens as a function of Active Directory Group Policy. Because you want these scripts to run at Logon, you’ll typically need to configure them in the User Configuration | Policies | Windows Settings | Scripts (Logon/Logoff) | Logon section of whatever Organizational Unit you’re interested in. Figure 2 shows the console where you’ll add a non-PowerShell script.
 
Figure 2: Logon properties.
Adding your batch or .VBS file to this location only creates a pointer to your logon script. You’ve also got to upload the script itself into Active Directory’s replicated SYSVOL folder by clicking the Browse button after choosing to Edit the properties of the script.
You’ve absolutely got to be careful if you haven’t tooled around much with SYSVOL. Too much or the wrong kind of file manipulation in this location can have deleterious effects on your Active Directory. Even more challenging is the pathing that Active Directory uses to simply get you to the right location. My script needed to be uploaded to \\company.pri\SysVol\company.pri\Policies\{846E224F-25CF-4516-BAA0-57AA19533EC9}\User\Scripts\Logon. Your path will be similar, but with a different domain and another very different GUID in place of mine.
Once installed and replicated around your Active Directory, your users should start mapping their drives as soon as their computer picks up the new Group Policy Object.

Decisions in Mapping Drives – The “In the Script” Way

You’re probably having a minor “a-ha!” moment at this point. “Yes, Greg,” you might be thinking, “mapping a drive or two still isn’t that difficult a procedure, but my needs are more complex than just a simple mapped drive. I have some users who need some drives some of the time. I also have other users who need other drives, but only in certain circumstances. Mapping drives for me isn’t an all-or-nothing situation!”
Here’s where you’ll find the true challenges in scripting solutions for mapping drives. Indeed batch, VBScript, PowerShell, and even the non-Microsoft languages like KIX and others have built-in capabilities for creating conditional statements. But what if the entire concept of a conditional statement sends shivers up your spine. How are you to make decisions in your logon scripts if your decisions are more complex than are your abilities in scripting?
Let me help you out with some of those complex script routines that might scare you. It’s this kind of complexity that keeps many administrators in fear of scripting itself. That said, with what I show you, it is possible to make at least some decisions in your drive mapping logon scripts.
One of the easiest ways to get users to unique drives is by naming the drives after their username. This is easy because the variable %username% automatically maps to a user at the time of their logon. This means that with batch scripting you could potentially map a unique drive with:
net use S: \\server\shared\finance\%username%
This is great if you’re looking for mapped drives that relate to usernames. Also, any environment variable that’s native or otherwise present at the user’s desktop could be used to map a drive. %username% is always available, but as you can imagine it’s of limited use.
I’ll bet that what you’re looking for is somewhat different. Many admins instead want to assign drive mappings based on group membership. That’s a task that requires a bit more scripting. You can accomplish this in VBScript with a few additional lines:
Set objNetwork = CreateObject("WScript.Network")
Set objUser = CreateObject("ADSystemInfo")
Set objCurrentUser = GetObject("LDAP://" & objUser.UserName)
strGroup = LCase(Join(objCurrentUser.MemberOf))
If InStr(strGroup, lcase("Finance")) Then
objNetwork.MapNetworkDrive "R:", "\\server\shared\finance"
End If
At the point of logon, the script above takes a look through all the groups in which the user is a member. If that user is in the Finance group, then the script will map the R: drive to the \\server\shared\finance share. You can add additional mapped drives by adding more If-Then statements. This script checks for finance, accounting, and IT group membership, then maps the corresponding R:, S:, or T: drive.
Set objNetwork = CreateObject("WScript.Network")
Set objUser = CreateObject("ADSystemInfo")
Set objCurrentUser = GetObject("LDAP://" & objUser.UserName)
strGroup = LCase(Join(objCurrentUser.MemberOf))
If InStr(strGroup, lcase("Finance")) Then
objNetwork.MapNetworkDrive "R:", "\\server\shared\finance"
End If
If InStr(strGroup, lcase("Accounting")) Then
objNetwork.MapNetworkDrive "S:", "\\server\shared\accounting"
End If
If InStr(strGroup, lcase("IT")) Then
objNetwork.MapNetworkDrive "T:", "\\server\shared\IT"
End If
Both of these are neat little scripts, but they’re also not terribly scalable. If you’ve got only two or three different groups in your Active Directory that require attention, you can probably replicate this code a few times and accomplish what you need. But if you’ve got more than a few (and who doesn’t), you can imagine the level of complexity that scales as the size of the script grows. More importantly, as your number of mapped drives grows in number you can see how drives might begin conflicting with each other.

Decisions in Mapping Drives – The “How It’s Applied” Way

To combat these conflicting problems some scripters take a different tactic. Rather than adding the logic into the script directly, they create separate scripts that get applied based on the rules of Active Directory. This alternate way I’ll call the “how it’s applied” method rather than the “in the script” method.
Remember that any logon script can be applied based on the Organizational Unit of either the user or the computer. In the case of users, logon scripts are applied based on where in Active Directory a user’s account is located. If the user’s account is part of the Finance OU, you’ll assign their logon script to the Finance OU and know that they’ll get their assignments.
Scripts can also be assigned to OUs full of computers, even though such scripts are Startup and Shutdown scripts rather than Logon and Logoff scripts. In a perfect world, adding a startup script would allow drives to be mapped based on which computer the user is logging in. However, be aware that startup scripts don’t operate that way. A startup script runs as the computer “starts up”, before any user has attempted to login. Thus, you can’t easily use a startup script to map drives in this way, although other startup activities that aren’t user-centric are possible.
As you can imagine, this combination of users, computers, logons, and startups can immediately create a complex web of conditional statements. A user who is a member of multiple groups could have an overlap of drive letters. Different users logging into the same computer won’t get the same mapped drives. Chaos ensues!
 
Figure 3: Group Policy Preferences Item Level Targeting
By itself Active Directory deploys scripts based on that user’s or computer’s OU membership. You’ve got options based on user, or computer, but not necessarily both at the same time. Active Directory Group Policy Preferences get around some of these limitations through their use of Item Level Targeting, seen in Figure 3. There a Group Policy Preference that’s been targeted to a specific OU won’t actually be invocated unless the items resolve as true. In Figure 3, the drive mapping won’t be applied unless the user is a member of the Finance Users group. Remember that even Item Level Targeting is constrained by the OU where your configurations are located.

Tuesday, August 28, 2012

DFS Step-by-Step Guide for Windows Server 2008



Applies To: Windows Server 2008
The Distributed File System (DFS) technologies offer wide area network (WAN)-friendly replication as well as simplified, highly available access to geographically dispersed files. In Windows Server® 2008, DFS is implemented as a role service of the File Services role. The Distributed File System role service consists of two child role services:
·         DFS Namespaces
·         DFS Replication
If you are not familiar with DFS Namespaces and DFS Replication in Windows Server 2008, we recommend that you read the document titled "Overview of the Distributed File System Solution in Microsoft Windows Server 2003 R2" on the Microsoft® Web site (http://go.microsoft.com/fwlink/?LinkId=46801). The overview describes the benefits of DFS Replication and the improvements it offers over File Replication Service (FRS). For information about the enhancements of DFS introduced in Windows Server 2008, see "Distributed File System" on the Microsoft Web site (http://go.microsoft.com/fwlink/?LinkId=108012).
For information about DFS in Windows Server® 2008 R2, see the What's New in Distributed File System topic in Changes in Functionality from Windows Server 2008 to Windows Server 2008 R2.
For a list of recent changes to this topic, see the Change History section of this topic.


This step-by-step guide provides system requirements, installation instructions, and step-by-step walkthroughs for deploying DFS Namespaces and DFS Replication features in Windows Server 2008 in a lab environment.


Two step-by-step sections are provided in this guide. The following bulleted lists outline the requirements for completing each of the two step-by-step guides.


To complete all of the tasks in this section, you need a minimum of two servers configured in the test lab as follows:
·         One server must run Windows Server 2008. This is the server on which you will install the DFS Management snap-in to perform the tasks in this guide.
·         The second server must run Windows® Server 2003 SP1 or Windows Server 2003 R2 or Windows Server 2008.
·         To create domain-based namespaces in these tasks, you must have Active Directory® Domain Services (AD DS) deployed in the test lab. You must also be a member of the Domain Admins group or have been delegated the ability to create domain-based namespaces. For more information about delegation, see Delegate Management Permissions for DFS Namespaces.
·         To deploy DFS Replication in the namespace, you must have extended the schema to include the new DFS Replication objects in AD DS. For specific configuration requirements, see the section "Installing Windows Server 2008 and Distributed File System" later in this guide.
You can complete a subset of tasks if you have a single server or if you do not have AD DS deployed in the test lab.


To complete all of the tasks in this section, you need to configure the test lab as follows:
·         You need a minimum of three file servers. All three servers must have Windows Server 2003 R2 or Windows Server 2008 and the DFS Replication service installed. One of the servers must have the DFS Management snap-in installed. Follow the procedures in "Installing Windows Server 2008 and Distributed File System" later in this guide to install the service and snap-in.
·         The test lab must have AD DS installed. Depending on the version of your schema, you might need to extend the schema using the instructions described in "Updating the AD DS schema" later in this guide.
Before beginning either step-by-step section, it is important to review the following requirements and limitations of DFS Replication, as well as the Limitations and Requirements section of DFS Replication: Frequently Asked Questions (FAQ).
·         Servers in a replication group must be in the same forest. You cannot enable replication across servers in different forests.
·         Replicated folders must be stored on NTFS volumes.
·         Antivirus software must be compatible with DFS Replication. Contact your antivirus software vendor to check for compatibility. 
·         DFS Replication might not work across firewalls when replicating between branch offices without a virtual private network (VPN) connection because it uses the remote procedure call (RPC) dynamic endpoint mapper. Additionally, configuring DFS Replication using the DFS Management snap-in does not work when a firewall is enabled. To enable DFS Replication to work through a firewall, you can define a static port using the Dfsrdiag.exe command-line tool. For more information about using DFS Replication across a firewall, see the "Limitation and Requirements" section in DFS Replication: Frequently Asked Questions (FAQ).


The following sections provide instructions for installing Windows Server 2008 and the DFS Management snap-in.


To use DFS Replication, the domain must use the Windows Server 2003 or higher domain functional level. To use all functionality of DFS Namespaces, your environment must meet the following minimum requirements:
·         The forest uses the Windows Server 2003 or higher forest functional level. 
·         The domain uses the Windows Server 2008 or higher domain functional level.
·         All namespace servers are running Windows Server 2008.

If your environment supports it, choose the Windows Server 2008 mode when you create new domain-based namespaces. This mode provides additional features and scalability, and also eliminates the possible need to migrate a namespace from the Windows 2000 Server mode. For information about migrating a namespace to Windows Server 2008 mode, see Migrate a Domain-based Namespace to Windows Server 2008 Mode.
Note:
For information about the minimum requirements to use DFS Namespaces, see Prepare to Deploy DFS Namespaces; for information about the minimum requirements to use DFS Replication, see Review Requirements for DFS Replication.

For instructions on how to update the AD DS schema, see Running Adprep.exe.
After the schema is updated as necessary, you can install the DFS components by using the following procedures.
Add Roles Wizard page
What to enter
Before You Begin
Click Next after you verify that the requirements listed on the page have been met.
Select Server Roles
Select the File Services check box.
File Services
Click Next.
Select Roles Services
Select the Distributed File System check box to install both DFS Namespaces and DFS Replication.
To install DFS Namespaces or DFS Replication individually, select the check box that corresponds to the part of DFS that you want to install.
Create a DFS Namespace
Select the Create a namespace later using the DFS Management snap-in in Server Manager check box.
Confirmation
Click Install to install the file server role and DFS.
Installation Progress
This page is automatically replaced by the Installation Results page when installation is completed.
Installation Results
Note any errors, and then click Close to close the wizard.


During Setup, follow the on-screen prompts to install Windows Server 2008. Refer to the section "Lab Requirements" earlier in this guide for details about which servers must run Windows Server 2008 and which servers can run Windows Server 2003 R2 or Windows Server 2003 SP1.
After Windows Server 2008 is installed, you can install the DFS components and open the DFS Management snap-in by using the following procedures.
Note:
The method below using the Server Manager tool enables you to install DFS as a part of the file server role. This method also installs other file server tools, such as File Server Resource Manager and File Server Management.




  1. Click Start, point to All Programs, point to Administrative Tools, and then click Server Manager.
  2. In the console tree of Server Manager, right-click the Roles node, and then click Add Roles.
  3. Follow the steps in the Add Roles Wizard, and supply the information described in the following table.


Use the following procedure if the file server role has already been added.



  1. Click Start, point to All Programs, point to Administrative Tools, and then click Server Manager.
  2. In the console tree of Server Manager, right-click the Files Services node, and then click Add Role Services.
  3. Follow the steps in the Add Roles Services Wizard, and supply the information described in the following table.


Add Role Services Wizard page
What to enter
Select Role Services
Select the Distributed File System check box to install both DFS Namespaces and DFS Replication.
To install DFS Namespaces or DFS Replication individually, select the check box that corresponds to the part of DFS that you want to install.
Create a DFS Namespace
Click Create a namespace later using the DFS Management snap-in in Server Manager check box.
Confirmation
Click Install to install the file server role and DFS.
Installation Progress
This page is automatically replaced by the Installation Results page when installation is completed.
Installation Results
Note any errors, and then click Close to close the wizard.

Description: noteNote
Installing DFS Management also installs Microsoft .NET Framework 2.0, which is required to run the DFS Management snap-in.

·         Click Start, point to All Programs, point to Administrative Tools, and then click DFS Management.
You can also use the DFS Management snap-in hosted by Server Manager to manage DFS Namespaces and DFS Replication.


The DFS Management snap-in is the graphical user interface (GUI) tool for managing DFS Namespaces and DFS Replication. This snap-in is new and differs from the Distributed File System snap-in in Windows Server 2003. Therefore, before you begin using DFS Namespaces and DFS Replication, you might want to review the components of this snap-in, which are shown in the following figure and described in the sections that follow.
Description: Art Image

The console tree has two nodes, Namespaces and Replication, from which you can manage namespaces and DFS Replication.

The following figure shows the elements under the Namespaces node in the console tree.
Description: Art Image
As the figure shows, the Namespaces node contains the namespaces you create as well as any existing namespaces you add to the console display. In the previous figure, one namespace is shown, \\Contoso.com\Public. Under each namespace is a hierarchical view of folders. Folders that have targets use a special icon to differentiate them from folders that do not have targets.
Description: noteNote
If you are not familiar with namespace terminology, see the section "Introduction to Namespaces" later in this guide.

The following figure shows the elements under the Replication node in the console tree.
Description: Art Image
As the figure shows, the Replication node contains the replication groups you create as well as any existing replication groups that you add to the console display. A replication group represents a group of servers that participates in the replication of data. For more information about replication groups, see "Introduction to DFS Replication" later in this guide.

The contents of the details pane change according to what you have selected in the console tree. For example, if you select a namespace in the console tree, you see tabs named NamespaceNamespace ServersDelegation, and Search in the details pane. If you select a replication group, you see tabs named MembershipsConnections,Replicated Folders, and Delegation. You can double-click objects in the details pane to view their properties.

The Action pane shows two types of tasks: common tasks and tasks that apply to the selected object. If the Action pane is not visible, you can open it using the following steps: click the View menu, click Customize, and then click the Action pane option in the Customize View dialog box.

The following sections introduce namespaces and walk you step-by-step through the process of deploying a namespace in a test lab. The tasks in these sections are designed for administrators who are new to DFS Namespaces as well as administrators who have experience using DFS in Windows Server 2003 and Windows® 2000 Server. These tasks walk you through deployment steps and point out aspects of the DFS Management snap-in that are new or significantly different from previous DFS management tools.
If you have not used DFS in Windows Server 2003 or Windows 2000 Server, we recommend that you read the introduction section that follows to learn more about namespaces before you begin the tasks.


DFS Namespaces enables you to group shared folders located on different servers by transparently connecting them to one or more namespaces. A namespace is a virtual view of shared folders in an organization. When you create a namespace, you select which shared folders to add to the namespace, design the hierarchy in which those folders appear, and determine the names that the shared folders show in the namespace. When a user views the namespace, the folders appear to reside on a single, high-capacity hard disk. Users can navigate the namespace without needing to know the server names or shared folders hosting the data.
The path to a namespace is similar to a Universal Naming Convention (UNC) path of a shared folder, such as \\Server1\Public\Software\Tools. If you are familiar with UNC paths, you know that in this example the shared folder, Public, and its subfolders, Software and Tools, are all hosted on Server1. Now, assume you want to give users a single place to locate data, but you want to host data on different servers for availability and performance purposes. To do this, you can deploy a namespace similar to the one shown in the following figure. The elements of this namespace are described after the figure.
Description: DFS Namespaces technology elements
·         Namespace server. A namespace server hosts a namespace. The namespace server can be a member server or a domain controller.
·         Namespace root. The root is the starting point of the namespace. In the previous figure, the name of the root is Public, and the namespace path is \\Contoso\Public. This type of namespace is known as a domain-based namespace, because it begins with a domain name (for example, Contoso) and its metadata is stored in AD DS. Although a single namespace server is shown in the previous figure, a domain-based namespace can be hosted on multiple namespace servers.
·         Folder. Folders help build the namespace hierarchy. Folders can optionally have folder targets. When users browse a folder with targets in the namespace, the client computer receives a referral that directs the client computer to one of the folder targets.
·         Folder targets. A folder target is a UNC path of a shared folder or another namespace that is associated with a folder in a namespace. In the previous figure, the folder named Tools has two folder targets, one in London and one in New York, and the folder named Training Guides has a single folder target in New York. A user who browses to \\Contoso\Public\Software\Tools is transparently redirected to the shared folder \\LDN-SVR-01\Tools or \\NYC-SVR-01\Tools, depending on which site the user is in.

When creating a namespace, you must choose one of the following namespace types:
·         A stand-alone namespace
·         A domain-based namespace
Choose a stand-alone namespace if any of the following conditions apply to your environment:
·         Your organization does not use Active Directory Domain Services (AD DS). 
·         You need to create a single namespace with more than 5,000 DFS folders in a domain that does not meet the requirements for a domain-based namespace (Windows Server 2008 mode). 
·         You want to increase the availability of the namespace by using a failover cluster.
Description: noteNote
To check the size of a namespace, right-click the namespace in the DFS Management console tree, click Properties, and then view the namespace size in theNamespace Properties dialog box.
Choose a domain-based namespace if any of the following conditions apply to your environment:
·         You want to ensure the availability of the namespace by using multiple namespace servers.
·         You want to hide the name of the namespace server from users. Choosing a domain-based namespace makes it easier to replace the namespace server or migrate the namespace to another server.
In addition, if you choose a domain-based namespace, you must choose one of the following namespace modes:
·         Windows 2000 Server mode
·         Windows Server 2008 mode.
The Windows Server 2008 mode includes support for access-based enumeration and increased scalability. The domain-based namespace introduced in Windows 2000 Server is now referred to as "domain-based namespace (Windows 2000 Server mode)."
To use the Windows Server 2008 mode, the domain and namespace must meet the following minimum requirements:
·         The domain uses the Windows Server 2008 domain functional level.
·         All namespace servers are running Windows Server 2008.
If your environment supports it, choose the Windows Server 2008 mode when you create new domain-based namespaces. This mode provides additional features and scalability, and also eliminates the possible need to migrate a namespace from the Windows 2000 Server mode.
If your environment does not support domain-based namespaces in Windows Server 2008 mode, use the existing Windows 2000 Server mode for the namespace.
The characteristics of each namespace type and mode are described in the following table.

Characteristic
Stand-Alone Namespace
Domain-based Namespace (Windows 2000 Server Mode)
Domain-based Namespace (Windows Server 2008 Mode)
Path to namespace
\\ServerName\RootName
\\NetBIOSDomainName\RootName
\\DNSDomainName\RootName
\\NetBIOSDomainName\RootName
\\DNSDomainName\RootName
Namespace information storage location
In the registry and in a memory cache on the namespace server
In AD DS and in a memory cache on each namespace server
In AD DS and in a memory cache on each namespace server
Namespace size recommendations
The namespace can contain more than 5,000 folders with targets
The size of the namespace object in AD DS should be less than 5 megabytes (MB) to maintain compatibility with domain controllers that are not running Windows Server 2008. This means no more than approximately 5,000 folders with targets.
The namespace can contain more than 5,000 folders with targets
Minimum AD DS domain-functional level
AD DS not required
Windows 2000 mixed
Windows Server 2008
Minimum supported namespace servers
Windows 2000 Server
Windows 2000 Server
Windows Server 2008
Support for access-b ased enumeration (if enabled)
Yes, requires Windows Server 2008 namespace server
No
Yes
Supported methods to ensure namespace availability
Create a stand-alone namespace on a failover cluster.
Use multiple namespace servers to host the namespace. (The namespace servers must be in the same domain.)
Use multiple namespace servers to host the namespace. (The namespace servers must be in the same domain.)
Support for using DFS Replication to replicate folder targets
Supported when joined to AD DS domain
Supported
Supported

The tasks in this section walk you through the process of deploying a namespace that looks similar to the namespace shown in the figure that appears in "Introduction to Namespaces" earlier in this guide.

In this task, you create a new namespace using the DFS Management snap-in.

  1. In the console tree of the DFS Management snap-in, right-click the Namespaces node, and then click New Namespace.
  2. Follow the steps in the New Namespace Wizard and supply the information described in the following table.

New Namespace Wizard page
What to enter
Namespace Server
Enter the name of the server to host the namespace. The server can be a domain controller or a member server.
Namespace Name and Settings
In Name, type Public.
Namespace Type
If AD DS is deployed in your test lab and you are a member of the Domain Admins group or have been delegated permission to create domain-based namespaces, choose Domain-based namespace. Otherwise, choose Stand-alone namespace. For more information about namespace types, see "Namespace types and modes" earlier in this guide.
To learn how a member of the Domain Admins group can delegate permission to create domain-based namespaces, see Delegate Management Permissions for DFS Namespaces.
Review Settings and Create Namespace
Click Create to create the namespace.
Confirmation
Click Close to close the wizard.
When the wizard finishes, your new namespace will be added to the console tree. Double-click the Namespaces node, if necessary, to view your namespace, which should be similar to the following figure.
Description: Art Image
To browse the new namespace, type the following command in the Run dialog box, substituting either the server name (if you created a stand-alone namespace) or the domain name (if you created a domain-based namespace) as appropriate:
\\ server_or_domain \Public
For information about how to migrate an existing namespace to Windows Server 2008 mode, see Migrate a Domain-based Namespace to Windows Server 2008 Mode.

If you created a domain-based namespace, perform this task to specify an additional server to host the namespace. Doing so increases the availability of the namespace and enables you to place namespace servers in the same sites as users. If you created a stand-alone namespace, you must skip this task because stand-alone namespaces only support a single namespace server.

  1. In the console tree of the DFS Management snap-in, right-click \\domain\Public, and then click Add Namespace Server.
  2. In Namespace server, type the name of another server to host the namespace, and then click OK.
After you finish this procedure, click the \\domain\Public namespace in the console tree and review the contents of the Namespace Servers tab in the details pane, which should look similar to the following figure. Notice that two UNC paths are listed. The site of each namespace server is also displayed.
Description: Art Image

You can delegate management permissions so that users who are not members of the Domain Admins group can create domain-based namespaces, and you can delegate management permissions so that users or groups can manage existing namespaces. In this section, you will delegate permissions to manage the namespace you created in the previous task.

  1. In the console tree of the DFS Management snap-in, right-click \\server_or_domain\Public, and then click Delegate Management Permissions.
  2. Type the name of a user or group that you want to manage the namespace, and then click OK.
After you finish this procedure, review the contents of the Delegation tab in the details pane. It should look similar to the following figure.
Description: Art Image
Notice that the user or group you added shows "Explicit" in the How Permission Is Granted column. "Explicit" means that you can remove the user or group from the delegation list by right-clicking the user or group, and then clicking Remove. Any users or groups that show "Inherited" have inherited management permissions from AD DS, and you cannot remove them from the delegation list using the DFS Management snap-in.
Description: noteNote
To delegate the ability to create domain-based namespaces, see Delegate Management Permissions for DFS Namespaces.

In this task, you add three folders to the namespace. Two of the folders will have folder targets. The hierarchy of the folders you will add is shown in the "Elements of a Namespace" figure earlier in this guide.

  1. In the console tree of the DFS Management snap-in, right-click \\server_or_domain\Public, and then click New Folder.
  2. In Name, type Software, and then click OK.
Note that the previous procedure creates a new folder in the namespace to build depth in the namespace hierarchy. You are not specifying the name of an existing folder, nor will you store data in this folder. This folder will not have folder targets that direct clients to other servers.
After you finish this procedure, the Software folder is added to the console tree as shown in the following figure. (You might need to double-click the\\server_or_domain\Public root to display the Software folder.
Description: Art Image
Next, you add two folders with targets to the namespace. You create one folder named Tools within the Software folder, and you create another folder named Training Guides directly under the root named Public.

  1. In the console tree of the DFS Management snap-in, right-click the Software folder, and then click New Folder.
  2. In Name, type Tools.
  3. Click Add to add a folder target.
  4. Click Browse to open the Browse for Shared Folders dialog box.
  5. In Server, enter the name of the server that will host the Tools shared folder.
  6. Click New Shared Folder.
  7. In the Create Share dialog box, in the Share name box, type Tools, and then enter the local path where you want the shared folder to be created. If the folder does not exist, you are prompted to create it. Click OK to close all dialog boxes.
After you finish this procedure, the Tools folder is added to the console tree as shown in the following figure. (You might need to double-click the Software folder to display the Tools folder.) Notice the icon next to the Tools folder and how it differs from the Software folder’s icon. This icon appears next to all folders that have targets to differentiate them from folders that do not have targets.
Description: Art Image
Now, select the Tools folder and review the contents of the Folder Targets tab in the details pane. Notice there is a single path shown. This means that only one server hosts the folder target that corresponds to the Tools folder. If that server becomes unavailable, the shared folder is also unavailable.
To increase the availability of the Tools folder, you can add a second folder target.

  1. In the console tree of the DFS Management snap-in, right-click the Tools folder, and then click Add Folder Target.
  2. Click Browse to open the Browse for Shared Folders dialog box.
  3. In Server, enter the name of another server that will host the Tools shared folder. Be sure to enter a different server from the one you specified in the previous procedure.
  4. Click New Shared Folder.
  5. In the Create Share dialog box, in the Share name box, type Tools, and then enter the local path where you want the shared folder to be created. If the folder does not exist, you are prompted to create it. Click OK to close all dialog boxes.
  6. You are prompted to choose whether to create a replication group for these folder targets. For now, click No. You will enable DFS Replication on this folder in a later task.

  1. In the console tree of the DFS Management snap-in, right-click \\server_or_domain\Public, and then click New Folder.
  2. In Name, type Training Guides.
  3. Click Add to add a folder target.
  4. Click Browse to open the Browse for Shared Folders dialog box.
  5. In Server, enter the name of the server that will host the Training Guides shared folder.
  6. Click New Shared Folder.
  7. In the Create Share dialog box, in the Share name box, type Training Guides, and then enter the local path where you want the shared folder to be created. If the folder does not exist, you are prompted to create it. Click OK to close all dialog boxes.
When you finish these procedures, your namespace will look like the following figure.
Description: Art Image

You can use the DFS Management snap-in to rename folders or move folders to another location in the namespace. This is useful if you need to change a folder name or restructure the namespace.
In this task, you rename the Training Guides folder to Training Demos and move it to the Software folder. Currently, your namespace should look similar to the following figure.
Description: Art Image

  1. In the console tree of the DFS Management snap-in, right-click the Training Guides folder, and then click Rename Folder.
  2. In the Rename Folder dialog box, in New name, type Training Demos.


·         In the console tree of the DFS Management snap-in, click the Training Demos folder, and then drag it to the Software folder.
After you finish these procedures, your namespace should look like this:
Description: Art Image

In this task, you enable DFS Replication on the Tools folder. If you recall from "Task 4: Add Folders to the Namespace," you created two folder targets for the Tools folder. Because users can be directed to either one of the folder targets, you need to ensure that the contents of the folders are kept synchronized.
If you are familiar with File Replication Service (FRS) in Windows Server 2003, you know that FRS is only supported in domain-based namespaces. In Windows Server 2008, you can use DFS Replication in both stand-alone and domain-based namespaces. Therefore, you can complete this task regardless of the type of namespace you created in "Task 1: Create a Namespace."
Description: ImportantImportant
To perform this task, you need to have AD DS deployed in your test lab environment, and you must be a member of the Domain Admins group or have been delegated the ability to create replication groups to perform this task.
Description: ImportantImportant
After you complete this task, replication does not begin immediately. The topology and DFS Replication settings must be replicated to all domain controllers, and each member in the replication group must poll its closest domain controller to obtain these settings. The amount of time this takes depends on AD DS replication latency and the long polling interval (60 minutes) on each member.

  1. In the console tree of the DFS Management snap-in, right-click the Tools folder, and then click Replicate Folder.
  2. Follow the steps in the Replicate Folder Wizard and supply the information in the following table.

Replicate Folder Wizard page
What to enter
Replication Group and Replicated Folder Name
Accept the defaults.
Replication Eligibility
Accept the defaults.
Primary Member
If the folder targets are empty, choose either member. If both folder targets contain content, choose the member that has the most up-to-date content.
Topology Selection
Select Full mesh.
Replication Group Schedule and Bandwidth
Select Replicate continuously using the specified bandwidth.
Review Settings and Create Replication Group
Click Create to create the replication group.
Confirmation
Click Close to close the wizard.
Replication Delay
Click OK to close the dialog box that warns you about the delay in initial replication.
After you finish the previous procedure, navigate to the Replication node in the console tree. Notice that a new replication group has been created, as shown in the following figure.
Description: Art Image
If you are not familiar with DFS Replication terminology, a replication group is a set of servers, known as members, that participates in the replication of one or more replicated folders. A replicated folder is a folder that is kept synchronized on each member. When you enable DFS Replication on a folder with targets, the servers that host the folder targets become members of the replication group, and the folder targets are associated with the replicated folder. The name of the replication group matches the namespace path (Contoso.com\Public\Software\Tools), and the name of the replicated folder matches the folder name (Tools).
From the Replication node, you can manage aspects of DFS Replication, such as the schedule and bandwidth usage, file and subfolder filters, and the topology (a framework of replication paths between members). On the Replicated Folders tab in the details pane, you can also view the namespace path that corresponds to the replicated folder, as shown in the following figure.
Description: Art Image
If you navigate back to the Tools folder in the Namespaces node, notice that the Replication tab in the details pane shows that the Tools folder is being replicated using DFS Replication.
Description: Art Image
If one of the folders targets contained data when you enabled DFS Replication, you can verify that replication has completed by clicking the Folder Targets tab, right-clicking the folder target that initially held no data, and then clicking Open in Explorer. After the initial replication delay, the files in this folder target should match the files in the target that initially held the data.
Another way to view the status of replication is to create a diagnostic report. You will do this in the following task.

In this task, you create a diagnostic report to check the status of replication. The type of diagnostic report you create in this task is a health report. The health report is an .html file that shows the health of replication and replication efficiency. This report includes error and warning events, replication statistics, backlogged files, and other information for each member of the replication group.

  1. In the console tree of the DFS Management snap-in, under the Replication node, right-click the \\domain\Public\Software\Tools replication group, and then clickCreate Diagnostic Report.
  2. Follow the steps in the Diagnostic Report Wizard and supply the information in the following table.

Diagnostic Report Wizard page
What to enter
Type of Diagnostic Report or Test
Accept the defaults.
Path and Name
Accept the defaults.
Members to Include
Accept the defaults.
Options
Ensure that Yes, count backlogged files in this report is selected, select the server that has the most up-to-date files from Reference Member, and then select the Count the replicated files and their sizes on each member check box.
Review Settings and Create Report
Click Create to create the diagnostic report.
Confirmation
The wizard closes automatically, and the diagnostic report appears.
Review the health report created for the Tools replication group. In particular, take a look at the following sections:
·         Note the DFS Replication bandwidth savings. This savings will change over time as files are added and changed. 
·         Review any errors or warnings, if any, for the members. These are typically event log errors that appear in the member's respective DFS Replication event log.
·         In the informational section for each member, review the replicated folder status (the status will be "Normal" after initial replication is complete) and other information. Notice that the primary member will show different statistics from the non-primary member; this is because data originated from the primary member and replicated to the non-primary member during initial replication.
The Diagnostic Report Wizard creates the health report by default. Note that you can set the wizard to perform the following operations as well:
·         Run a propagation test.
·         Create a propagation report.
A propagation test measures replication progress by creating a test file in a replicated folder. A propagation report provides information about the replication progress for the test file created during a propagation test.


In this task, you change settings that optimize how targets are ordered in referrals. If you are not familiar with referrals, a referral is a list of targets that a client computer receives from a domain controller or namespace server when the user accesses a namespace root or folder with targets in the namespace. The referral tells the client which servers host the associated root target or folder target. So, for example, when a client navigates to \\server_or_domain\Public, the client receives a root referral that contains a list of root targets on the namespace servers. When the client then navigates to the Tools folder, which has folder targets, the client receives a folder referral that contains a list of folder targets that correspond to the Tools folder.
When a client requests a referral, the DFS service takes into account the site of the client and the site of the target and provides a referral with targets that are ordered according to the current referral ordering method. By default, targets in a client’s site are listed first in a referral in random order, followed by a list of targets outside of the client’s site, sorted by lowest cost.
To fine-tune how targets outside of a client’s site are ordered, you can change the ordering method for an entire namespace or for individual folders with targets. Changing the ordering method is an important consideration in namespaces whose targets span sites. For example, there might be situations in which you want to prevent the client from accessing targets outside of its own site. If so, you can configure the namespace root or folder with targets so that clients receive referrals only for targets within their own site.
To further optimize how targets are listed in referrals, you can set target priority, which overrides the ordering method. For example, you can specify that a target is always first or last in a referral, regardless of the client’s site, or you can specify that a target is always first or last among the targets that have the same connection cost. One common scenario for using target priority is when you have a "hot standby" server that is considered the server of last resort. In this scenario, you can specify that the standby server always appears last in referrals, and clients will fail over to this server only if all the other servers fail or become unavailable due to network outages.
In the following procedures, you verify the referral ordering method for the namespace and choose target priority of a folder target.

  1. In the console tree of the DFS Management snap-in, right-click \\server_or_domain\Public, and then click Properties.
  2. On the Referrals tab, in Ordering method, verify that Lowest cost is selected.
In the lowest cost ordering method, also called least expensive target selection or site costing in previous documentation, targets in a referral are ordered as follows:
  1. Targets in the same site as the client are listed in random order at the top of the referral.
  2. Targets outside of the client’s site are listed in order of lowest cost to highest cost. Referrals with the same cost are grouped together and within each group the targets are listed in random order.
This method ensures that clients do not traverse expensive wide area network (WAN) links to access targets when lower-cost targets are available. This ordering method works in both stand-alone and domain-based namespaces, as long as all namespace servers and all domain controllers are running Windows Server 2003 or Windows Server 2008.
Description: noteNote
If you do not want clients to access folder targets outside of their site, you can override the ordering method for individual folders. To do this, right-click a folder with targets in the console tree, click Properties, click the Referrals tab, and then click Exclude targets outside of the client’s site. Note that if no same-site targets are available, the client fails to access the folder because no folder targets are returned in the referral.
In the next procedure, you change the priority of one of the folder targets of the Tools folder.

  1. In the console tree of the DFS Management snap-in, click the Tools folder.
  2. In the details pane, on the Folder Targets tab, right-click one of the folder targets, and then click Properties.
  3. On the Advanced tab, click Override referral ordering, and then click Last among all targets.

In this task, you browse the namespace you created and view the referrals in the client’s referral cache as you browse portions of the namespace. Viewing referrals cached on the client is useful in troubleshooting scenarios. The following procedures assume you are performing these tasks from a client computer running Windows XP or Windows Server 2003.

  1. Click Start, click Run, type \\server_or_domain\Public, and then click OK.
Windows Explorer opens and your view of the namespace looks similar to the following figure:
Description: Art Image
  1. In Windows Explorer, click the Folders button to display the Public root in the folder tree.
  2. In the folder tree, right-click Public, and then click Properties to open the Properties dialog box.
  3. On the DFS tab, review the paths listed under Referral list. These are the root targets in the root referral that the client received when it accessed\\server_or_domain\Public. These should match the root targets you created earlier in this guide. The target marked Active is the target currently connected to your client computer.
  4. Click OK to close the dialog box.

  1. In Windows Explorer, double-click the Software folder. You should see two folders, Tools and Training Demos.
  2. Double-click the Tools folder to open it.
  3. In the folder tree, right-click the Tools folder, and then click Properties.
  4. On the DFS tab, review the paths listed under Referral list. These are the folder targets in the folder referral that the client received when it accessed\\server_or_domain\Public\Software\Tools. These should match the folder targets you created earlier in this guide. The target marked Active is the target currently connected to your client computer, which should be a different target from the one you marked as Last among all targets when you set the target priority.
  5. Click OK to close the dialog box.
  6. Click the Training Demos folder in the folder tree to open it.
  7. Right-click the Training Demos folder in the folder tree, click Properties, and then click the DFS tab. Notice that only one folder target is listed in the referral list. Your client computer is currently connected to this folder target.

In this task, disable the network card or turn off the server that hosts one of the root targets for the \\domain\Public namespace. Do the same for a server that hosts one of the folder targets for the Tools folder. After the network cards are disabled or the servers are turned off, repeat the procedures in "Task 9: Browse the Namespace." The procedures should work because another server continues to host the \\domain\Public namespace and the Tools folder.


This section walks you through the process of deploying DFS Replication in a test lab. Although it is not necessary to have completed the tasks in "Step-by-Step Guide to Deploying a Namespace," it is helpful to complete the previous section first so that you have an existing namespace in which to publish a replicated folder.

DFS Replication is the state-based, multimaster replication engine in Windows Server 2008. Although some DFS Replication concepts and processes are similar to the concepts and processes in File Replication Service (FRS), there are several important differences that you should be aware of before you deploy DFS Replication.

First, let’s review the basic concepts of DFS Replication. These concepts—replication groups, connections, members, and replicated folders—are illustrated in the following figure.
Description: Art Image
As this figure shows, a replication group is a set of servers, known as members, that participates in the replication of one or more replicated folders. A replicated folder is a folder that is kept synchronized on each member. In the previous figure, there are two replicated folders, Projects and Proposals. As data changes in each replicated folder, the changes are replicated across connections between the members. The connections between all members form the replication topology.
Creating multiple replicated folders in a single replication group simplifies the process of deploying replicated folders, because the topology, schedule, and bandwidth throttling for the replication group are applied to each replicated folder. To deploy additional replicated folders, you can use a short wizard to define the local path and permissions for the new replicated folder. Each replicated folder also has its own settings, such as file and subfolder filters, so that you can filter out different files and subfolders for each replicated folder.
The replicated folders stored on each member can be located on different volumes in the member, and the replicated folders do not need to be shared folders or part of a namespace, though the DFS Management snap-in makes it easy to share replicated folders and optionally publish them in an existing namespace. You will do both in one of the tasks later in this guide.
For more information about DFS Replication, see DFS Replication: Frequently Asked Questions (FAQ)..

When you first set up replication, you must choose a primary member. Choose the member that has the most up-to-date files that you want replicated to all other members of the replication group, because the primary member's content is considered "authoritative." This means that during initial replication, the primary member's files will always win the conflict resolution that occurs when the receiving members have files that are older or newer than the same files on the primary member.
The following explanations will help you better understand the initial replication process:
·         Initial replication does not begin immediately. The topology and DFS Replication settings must be replicated to all domain controllers, and each member in the replication group must poll its closest domain controller to obtain these settings. The amount of time this takes depends on AD DS replication latency and the long polling interval (60 minutes) on each member.
·         Initial replication always occurs between the primary member and the receiving replication partners of the primary member. After a member has received all files from the primary member, then that member will replicate files to its receiving partners as well. In this way, replication for a new replicated folder starts from the primary member and then progresses out to the other members of the replication group. 
·         When receiving files from the primary member during initial replication, the receiving members that contain files that are not present on the primary member move those files to their respective DfsrPrivate\PreExisting folder. If a file is identical to a file on the primary member, the file is not replicated. If the version of a file on the receiving member is different from the primary member’s version, the receiving member's version is moved to the Conflict and Deleted folder and remote differential compression (RDC) can be used to download only the changed blocks.
·         To determine whether files are identical on the primary member and receiving member, DFS Replication compares the files using a hash algorithm. If the files are identical, only minimal metadata is transferred.
·         After the initialization of the replicated folder, the "primary member" designation is removed. Initialization takes place after all files that exist before DFS Replication picks up the configuration are added to the DFS Replication database. The member that was previously the primary member is then treated like any other member and its files are no longer considered authoritative over those of other members that have completed initial replication. Any member that has completed initial replication is considered authoritative over members that have not completed initial replication.


The tasks in this section walk you through the process of deploying DFS Replication, adding a member to a replication group, publishing a replicated folder in a namespace, and creating a diagnostic report.


To enable DFS Replication, you use the New Replication Group Wizard to specify the members, topology, and default schedule and bandwidth for the replication group. In this task, you create a replication group named Data Distribution and two replicated folders named Antivirus Signatures and LOB Data.
Description: ImportantImportant
When you create a new replication group, replication does not begin immediately. The topology and DFS Replication settings must be replicated to all domain controllers, and each member in the replication group must poll its closest domain controller to obtain these settings. The amount of time this takes depends on AD DS replication latency and each member's long polling interval (60 minutes).
Before you enable replication, you will create two folders on one of the servers to be added to the replication group. You will then add files to the folders.



  1. On one server, create two separate (non-overlapping) folders named Antivirus Signatures and LOB Data.
  2. Add some files to each folder, but do not exceed the recommended limits described in the What are the supported limits of DFS Replication? entry of DFS Replication: Frequently Asked Questions (FAQ)..
  3. Optionally, create the same folders on the second server. You can add the same files or different files from the primary member. If you add the same files, the files will be used for prestaging and will not be re-replicated. If you add files that don’t exist on the primary member, those files will be moved to the PreExisting folder on the second member. (This folder is in the DfsrPrivate folder under the replicated folder’s local path.) If you want to observe how the primary member's content becomes authoritative during initial replication, use updated versions of the files you added to the primary member. These updated files will be moved to the Conflict and Deleted folder on the non-primary members.

Next, create a replication group to replicate files between the two servers.



  1. In the console tree of the DFS Management snap-in, right-click the Replication node, and then click New Replication Group.
  2. Follow the steps in the New Replication Group Wizard and supply the information in the following table.


New Replication Group Wizard page
What to enter
Replication Group Type
Select Multipurpose replication group.
Name and Domain
In Name of replication group, type Data Distribution.
Replication Group Members
Click Add to select at least two servers that will participate in replication. The servers must have the DFS Replication Service installed.
Topology Selection
Select Full mesh.
Replication Group Schedule and Bandwidth
Select Replicate continuously using the specified bandwidth.
Primary Member
Select the member that has the most up-to-date content that you want to replicate to the other member.
Folders to Replicate
Click Add to enter the local path of the LOB Data folder you created earlier on the first server. Use the name LOB Data for the replicated folder name. Repeat this procedure and enter the local path of the Antivirus Signatures folder.
Local Path of LOB Data on Other Members
On this page, you specify the location of the LOB Data folder on the other members of the replication group. To specify the path, clickEdit, and then in the Edit dialog box, click Enabled, and then type the local path of the LOB Data folder.
Local Path of Antivirus Signatures on Other Members
On this page, you specify the location of the Antivirus Signatures folder on the other members of the replication group. To specify the path, click Edit, and then in the Edit dialog box, click Enabled, and then type the local path of the Antivirus Signatures folder.
Review Settings and Create Replication Group
Click Create to create the replication group.
Confirmation
Click Close to close the wizard.
Replication Delay
Click OK to close the dialog box that warns you about the delay in initial replication.
After you finish the New Replication Group Wizard, click the new replication group named Data Distribution located under the Replication node in the console tree as shown in the following figure:
Description: Art Image
Notice the four tabs in the details pane: MembershipsConnectionsReplicated Folders, and Delegation. Each of these tabs displays different details about the selected replication group, its members, and its replicated folders. Review the following details about each tab.
·         On the Memberships tab, notice that entries on the tab are sorted by replicated folder and that there are two replicated folders listed. For example, the rows under the Replicated Folder: Antivirus Signatures heading are the members that host the Antivirus Signatures replicated folder. Double-click a member to view per-member, per-replicated folder properties on the GeneralReplicated FolderStaging, and Advanced tabs. For example, on the Advanced tab, you can view the location and size of the staging folder and Conflict and Deleted folder on the selected member.
·         On the Connections tab, two connections are listed. Each connection is a one-way replication path, so replication between two members requires two connections that replicate data in the opposite direction. Each connection has a schedule and other settings, such as a check box for enabling or disabling remote differential compression (RDC). Double-click a connection to view its settings.
·         On the Replicated Folders tab, notice that two replicated folders are listed and that they are not published in a namespace. Double-click a replicated folder to view its properties, such as file and subfolder filters.
·         On the Delegation tab, review the default users and groups granted permissions to manage the replication group. Any users or groups shown as "Inherited" have inherited management permissions from AD DS, and you cannot remove them from the delegation list using the DFS Management snap-in.

In this task, you add a third server to the Data Distribution replication group and specify where one of the two replicated folders, Antivirus Signatures, will be stored on the new member. You'll use a new feature in DFS Replication to specify that the LOB Data replicated folder is not replicated to the new member. You also will create a custom schedule that applies only to the connections to and from the new member.
Description: ImportantImportant
Replication does not begin immediately on the new member. The DFS Replication settings for the new member must be replicated to all domain controllers, and each member in the replication group must poll its closest domain controller to obtain these settings. The amount of time this takes depends on AD DS replication latency, the short polling interval (5 minutes) on the new member, and the long polling interval (60 minutes) on existing members.



  1. In the console tree of the DFS Management snap-in, right-click the Data Distribution replication group, and then click New Member.
  2. Follow the steps in the New Member Wizard and supply the information in the following table.


New Member Wizard page
What to enter
New Member
Enter the name of the server to add to the replication group. The server must have the DFS Replication Service installed.
Connections
Under Available members, click a member, and then click Add. Repeat this step to add the second member. The new member will replicate directly with both existing members.
Replication Schedule
Select Custom connection schedule, and then click Edit Schedule. In the Edit Schedule dialog box, click Details to expand the schedule, and then select the entry that begins Sunday 12:00 AM and then click Edit. In the Edit Schedule dialog box, under Bandwidth usage, click 128 Mbps.
Local Path of Replicated Folders
Select the Antivirus Signatures replicated folder, click Edit, click Enabled, and then enter the local path of the replicated folder to be created on the new member. When you close the Edit Local Path dialog box, notice that the LOB Data replicated folder shows , which means that this replicated folder will not be replicated to the new member. Because you want only the Antivirus Signatures folder to be replicated to the new member, you can ignore the warning message that appears.
Review Settings and Create Member
Click Create to add the new member to the Data Distribution replication group.
Confirmation
Click Close to close the wizard.
Replication Delay
Click OK to close the dialog box that warns you about the delay in initial replication.
After you finish the wizard, click Data Distribution in the console tree, and then review the contents of the Connections tab. It should look similar to the following figure:
Description: Art Image
Notice that in the Schedule Type column, connections to and from the new member show Custom Connection Schedule instead of Replication Group Schedule. These show Custom Connection Schedule because you chose a custom schedule when you added the new member. Creating custom schedules for individual connections enables you to fine-tune the replication interval and bandwidth used when replicating to specific members. Although it isn’t obvious in the user interface, each connection marked Custom Connection Schedule is a separate schedule. You can modify one schedule marked Custom Connection Schedule, but the other custom schedules are not affected.
Description: noteNote
To change how the items are grouped, click a column heading. For example, to group the items by schedule type, click the Schedule Type heading.
Entries marked Replication Group Schedule use the default replication schedule; this schedule is applied to all connections in the replication group that do not have a custom schedule. To modify the default replication schedule, right-click the Data Distribution replication group in the console tree, click Properties, and then click Edit Schedule. To change a connection schedule from a custom connection schedule to the replication group schedule or vice versa, on the Connections tab in the details pane, double-click the connection, click the Schedule tab, and then click Replication group schedule or Custom connection schedule.


When you created replicated folders in the previous tasks, you specified the local path of a folder on each member of the replication group. Unless the local path on each server was previously shared, users cannot access the replicated folders after they are created. To make replicated folders available to users, you must share them and, optionally, publish them in an existing namespace.
In this task, you publish the LOB Data replicated folder in the \\server_or_domain\Public namespace that you created in the DFS Namespaces step-by-step section. If you did not complete the previous step-by-step section or do not have a namespace in your test lab, skip this procedure.



  1. In the console tree of the DFS Management snap-in, under the Replication node, click the Data Distribution replication group.
  2. In the details pane, click the Replicated Folders tab, right-click the LOB Data replicated folder, and then click Share and Publish in Namespace.
  3. Follow the steps in the Share and Publish Replicated Folder Wizard and supply the information in the following table.


Share and Publish Replicated Folder Wizard page
What to enter
Publishing Method
Select Share and publish the replicated folder in a namespace.
Share Replicated Folders
For each member that shows [Shared Folder Needed] in the Action column, select the member, and then click Edit to create the new shared folder and adjust shared folder permissions if necessary. If the Action column shows Create shared folder: LOB Data or Existing Shared Folder, you can click Next.
Namespace Path
In Parent folder in namespace, type \\server_or_domain\Public\Software.
Review Settings and Share Replicated Folder
Click Share to share the replicated folders and publish the LOB Data replicated folder in the namespace.
Confirmation
Click Close to close the wizard.
After you finish the wizard, review the console tree and the Replicated Folders tab in the details pane. First, notice in the console tree that an LOB Data folder was added to the namespace and the folder icon indicates that the folder is replicated, as shown in the following figure.
Description: Art Image
Next, review the namespace path listed in the Replicated Folders tab, which should look similar to the following figure.
Description: Art Image
You can see that the LOB Data replicated folder is published in a namespace but the Antivirus Signatures replicated folder is not. To access the LOB Data folder in the namespace, in the Run dialog box, type \\server_or_domain\Public\Software\LOB Data.
Description: noteNote
If you want to stop publishing the LOB Data replicated folder in the namespace, you can right-click the replicated folder and then click Remove from Namespace.


In this task, assume that you have a hub server in a central hub or data center location and a branch server in a remote office. The branch server contains folders named Projects and Proposals that are very important to the branch office, but there is a concern that the backups performed at the branch office are performed incorrectly. You want to back up the Projects and Proposals folders from the data center to ensure that the backups are successful.
To accomplish this goal, you will set up a replication group for data collection purposes. This type of replication group consists of two members and one replicated folder for each folder that you want to back up from the hub server at the data center. The permissions that are set on the replicated folders on the branch server will be applied to the replicated folders on the hub server. You specify a single folder on the hub server under which subfolders for the replicated folders will be created. This enables you to back up multiple replicated folders from a single location on the hub server.
Description: ImportantImportant
When you create a new replication group, replication does not begin immediately. The topology and DFS Replication settings must be replicated to all domain controllers, and each member in the replication group must poll its closest domain controller to obtain these settings. The amount of time this takes depends on AD DS replication latency and each member's long polling interval (60 minutes).



  1. In Windows Explorer or from the command prompt, create a folder named Projects and a folder named Proposals on a server that will act as the branch server. The folders should be separate folders (that is, not nested in one another).
  2. Add some files to the Projects and Proposals folders on the branch server.
  3. In Windows Explorer or from the command prompt, create a folder named Branch_Backups on a server that will act as the hub server. Do not put data in this folder.
  4. In the console tree of the DFS Management snap-in, right-click the Replication node, and then click New Replication Group.
  5. Follow the steps in the New Replication Group Wizard and supply the information in following table.


New Replication Group Wizard page
What to enter
Replication Group Type
Select Replication group for data collection.
Name and Domain
In Name of replication group, type Branch Backups.
Branch Server
Type the name of a server that will act as the branch server.
Replicated Folders
Click Add. In the Add Folder to Replicate dialog box, type the local path of the Projects folder you created in Step 1. Repeat this step for the local path of the Proposals folder.
Hub Server
Type the name of a server that will act as the hub server. This is the server where you can back up the Projects and Proposals folders using backup software.
Target Folder on Hub Server
In Target folder, type the path of the folder you created in Step 3.
Replication Group Schedule and Bandwidth
Select Replicate continuously using the specified bandwidth.
Review Settings and Create Replication Group.
Click Create to create the replication group.
Confirmation
Click Close to close the wizard.
Replication Delay
Click OK to close the dialog box that warns you about the delay in initial replication.
After you finish the wizard, click the Branch Backups replication group in the console tree and view the Memberships tab in the details pane. Notice that two replicated folders were created, Projects and Proposals, as shown in the following figure:
Description: Art Image
In the previous figure, notice that the path of the Projects and Proposals replicated folders on server BO-08 (the hub server) are both within the C:\Branch_Backups folder. This enables you to back up both replicated folders from a single location on the hub.


In this task, you create a diagnostic report to check the status of replication. The type of diagnostic report you create in this task is a health report. The health report is an .html file that shows the health of replication and replication efficiency. This report includes error and warning events, replication statistics, backlogged files, and so forth for each member of the replication group.



  1. In the console tree of the DFS Management snap-in, under the Replication node, right-click the Branch Backups replication group, and then click Create Diagnostic Report.
  2. Follow the steps in the Diagnostic Report Wizard and supply the information in the following table.


Diagnostic Report Wizard page
What to enter
Type of Diagnostic Report or Test
Accept the defaults.
Path and Name
Accept the defaults.
Members to Include
Accept the defaults.
Options
Ensure that Yes, count backlogged files in this report is selected, select the server that has the most up-to-date files from Reference Member, and then select the Count the replicated files and their sizes on each member check box.
Review Settings and Create Report
Click Create to create the diagnostic report.
Confirmation
The wizard closes automatically, and the diagnostic report appears.
Review the health report created for the Branch Backups replication group. In particular, take a look at the following sections:
·         Note the DFS Replication bandwidth savings. This savings will change over time as files are added and changed. 
·         Review any errors or warnings, if any, for the members. These are typically event log errors that appear in the member's respective DFS Replication event log.
·         In the informational section for each member, review the replicated folder status (the status will be "Normal" after initial replication is complete) and other information. Notice that the primary member will show different statistics from the non-primary member; this is because data originated from the primary member and replicated to the non-primary member during initial replication.
The Diagnostic Report Wizard creates the health report by default. Note that you can also set the wizard to perform the following operations:
·         Run a propagation test.
·         Create a propagation report.
A propagation test measures replication progress by creating a test file in a replicated folder. A propagation report provides information about the replication progress for the test file created during a propagation test.