My best practices for sharing

These are some things I do think about when helping a customer with their shares:

Backups, The shares, Formating, Previous versions. [Read more…]

Find granted rights in a directory structure


A long long long time ago I needed to find all rights that were set. So I wrote a script that lets me pipe the information to a CSV file.

There is a similar tool from Sysinternals called Access Enum, but:

  1. It outputs a txt file that is harder to work with afterwords.
  2. I didnt think of it when I needed it done.

So grab it from the Technet Gallery page.



Using DFS during company split

During a company split I was put in charge of file services.

The company were splitting of a part of the company with specific requirements:

  • Minimize user required interaction
  • Users have to be able to use homefolders from both sides
  • New company wanted to use redirection instead of only homedirectories

With these requirements we decided to use a DFS root. This allows me to create a fake new home server and share and point to the old server. This allows new clients access through the new layout, and old systems the old homedirectory. Due to the requirements we needed to keep the SID history.

[Read more…]

Plan a structure for Homedirectories and Redirected folders

This post discusses some ways of planing for homedirectories.

The logic is the same for redirected folders. With the big difference is that with redirected folders you create folders for My Documents, Desktop and Favorites within each userfolder.

Different methods:

  • Individual shares
  • One giant share
  • One leveled share
  • “Equal” split on a couple of share

[Read more…]

Using powershell and SIDs to change ACLs

Recently I needed to create lots of users and homedirectories. This gave a me an challenge. How can I grant rights on a homefolder in seconds after creating an user.

If you create a user and then a folder, then set the rights. Go to the properties>securities tab, if you search for the user it takes a while before the domain controller has information about the new user.

So how do you create thousands of users without setting long delays to allow for Active Directory replication? You turn to SIDs. The SID is the Security Identifier of the account, its the SID that is saved in the ACL.

If you go into the securites tab now you should see the SID unless you are already talking to the same DC that created the user.

So I got a comment from Francis Favorini that I could simplify the account creation and SID retrieval parts. So I implemented those parts too.

DFS Consolidation root

Why a DFS Consolidation root?

DFS Consolidation roots are a way geting rid of old servers while keeping the name functionality of the old servers.

Consider the company Acme Computing. They are an old company with lots of old file server all over the place. New IT management has decided that all shared data should be available on the same file server. So this is kind of easy, lets just copy all the data to the new server, but wait.. There are old systems that have hardcoded paths to the old servername, this would break them. Some people might suggest just inheriting the share names and add the old names as alternative names of the server. This might work with the smaller companies but all you have done is complicated the fileserver even more. If we look at DFS, we can use an DFS consolidation root to trick the systems that the old paths are alive too. You cant configure a domainbased DFS namespace as a Consolidation root only standalone roots.

What happens (simplified)?

[Read more…]