Cleaning out NetBIOS Hostnames from your DFSs

So you have been using DFS for a while and is happy. But you still get some complaints. Smaller companies usually hear that employees have problems accessing the DFS from home on their own computers. In larger companies it is usually not allowed to use private computers anyway. But there we have the problem with partner or purchased companies having problems with the DFS. So what is up?

The common problem is that you still are using hostnames instead of FQDN. So what does that matter really? It works great on my workstation. Most commonly companies automatically tries with the domain that the computer is joined into. This works great for the employees computers but not others. So what is happening then? Suppose we have a company called Contoso with a domain called contoso.local (I know its bad to have a .local domain name). You request the DFS called \\contoso.local\dfs, you will then contact the domain controllers in contoso.local domain and get which file servers are working as the root servers. If the response only contains netbios names the clients will try to attach the domain suffix from DNS (Unless configured differently using GPOs).

So I was at a customers doing a brief DFS analysis. So these are the scripts I ran to check the domainbased DFS. So these are some screenshots from a non-production environment:

DFS-Domain-Target-Netbios

DFS-Domain-Root-Netbios

Scripts:

[Read more…]

Upgrading DFS 2000 to DFS 2008 mode

So you have just been asked to enable ABE on the DFS. But you cant enable it because your namespace is in 2000 mode. So how do we upgrade it? The boring answer is that you don’t, Microsoft doesn’t have an upgrade. But it is quite simple anyway.

Backup your current DFS-Namespace

First lets make sure that we have a copy of your current namespace. This is so we don’t have to rebuild it by hand. This a simple XML file that is the entire configuration both root servers and all links. Just replace the \\<domain.fqdn>\<Namespace> with your DFS namespace information, the file doesn’t really matter. When it is complete just look into the file and see what you got.

Remove the old namespace

This part is quite simple usually, just start with one DFS namespace server and remove them one after another. If you get stuck because the server is no longer alive, don’t worry. Just remove it by force. Once all you delete the last namespace server, the namespace is no more.

Setting up the new environment

Well this is a good time to think about doing it right. For instance were you using FQDN for your namespace servers? I say enable fqdn and lets go.

Now just create a new namespace with the same name as before. Since we are talking about a Namespace which is a bunch of NTFS junctions points I see no point moving the DFS share from the default of %Systemroot%\DFSRoots\NamespaceName. Just remember that everyone should have only Read Only access.

Then add the other namespace servers one after another.

Restore the namespace

So where are my hundreds of links, I cant remember them all. Well importing is as easy as the export we did earlier.. You didn’t skip that step right?

Now for the boring part. You should really test it to make sure it works. Remember that domain based DFS is carried in the AD with all replication delays that could incur..

 

This entry has been on my waiting list for a long time, but since it was a good match for my solution for a question on social I completed it.

Copying command line tools between windows machines

I needed to help diagnose a client computer and I needed the dfsutil tool, this tool is only available in the RSAT package. Usually no problems, just install it. But this time I needed to run dfsutil without installing it on the client. So I copied the executable file and tried to run it.. Well.. This is what happened:

That doesn’t look like it should. There is something missing, and no error message either. So I checked the binary from another language server, they were the same.. So the language is not in the file? Wait Windows has support for multiple languages. I’m missing the language and strings part. So where to find that part. Under the %Windir%\system32 directory there exists a en-us directory, and if I look in there I find a dfsutil.exe.mui file. When I copy that file to a directory named en-us at the same level as the .exe binary it works.

Using %USERNAME% in a DFS link path

So I was reading on technet social a question about using environment variables in DFS paths. In this case he wanted to use the %username% variable. I have also thought about how nice that could be, a little magic. And all users could have the same URN for there homedirectory. Just think how nice \\domain.local\dfs\MyHome feels. Well on with the blog, you cant. It doesn’t work. [Read more…]

Using DFS during company split

During a company split I was put in charge of file services.

The company were splitting of a part of the company with specific requirements:

  • Minimize user required interaction
  • Users have to be able to use homefolders from both sides
  • New company wanted to use redirection instead of only homedirectories

With these requirements we decided to use a DFS root. This allows me to create a fake new home server and share and point to the old server. This allows new clients access through the new layout, and old systems the old homedirectory. Due to the requirements we needed to keep the SID history.

[Read more…]

Plan a structure for Homedirectories and Redirected folders

This post discusses some ways of planing for homedirectories.

The logic is the same for redirected folders. With the big difference is that with redirected folders you create folders for My Documents, Desktop and Favorites within each userfolder.

Different methods:

  • Individual shares
  • One giant share
  • One leveled share
  • “Equal” split on a couple of share

[Read more…]

Getting an error while removing an DFS namespace server

I have seen a few get the following error while trying to remove obsolete DFS namespace servers. Usually the server has been removed permanently before removing the server from the DFS namespace. More than once have I seen people being a bit to smart for their own good, by removing the namespace server using ADSIedit.

How to get:

  • Permanently remove a namespace server
  • Use adsiedit to cover up the misstake by removing the namespace server in the DFS configuration
  • Get baffled by it still being in the DFS Managment console
  • Trying to remove the server the correct way

Result:

What to do:

Readd the namespace server to the DFS Configuration using ADSIedit.

Use the correct way of removing an obsolete DFS root server using the correct command:

Remove an obsolete namespace server on a Windows 2000 Server
Remove an obsolete namespace server on a Windows 2003 Server
Remove an obsolete namespace server on a Windows 2008 and newer Server

Remove an obsolete DFS nameserver Windows 2008 and newer

A simple explanation how to remove an obsolete DFS namespace server from a Windows 2008/2008r2 Server. Since Microsoft removed the Support tools with Windows 2008 and replaced them with RSAT, there is no need to install any tools anymore. Just a command and happiness.

Getting an error about:

See my blog entry about errors removing DFS namespace server

Remove an obsolete DFS nameserver Windows 2003

A simple explanation how to remove an obsolete DFS namespace server from a Windows 2003 Server:

  • Download & Install Windows Support Tools for Windows 2003

Getting an error about:

See my blog entry about errors removing DFS namespace server

Remove an obsolete DFS nameserver Windows 2000

A simple explanation how to remove an obsolete DFS namespace server from a Windows 2000 Server:

  • Download & Install Windows Support Tools for Windows 2000

Getting an error about:

See my blog entry about errors removing DFS namespace server