Default DFS configuration changes

The DFS service is used in ALL Active directory domains even if you dont really configure one yourself. The DFS service has some fixes that I always try to implement to get a smoother experience for both the end users and IT support crew. I have documented a couple of DFS registry configuration entries in this blog.

Below are a few default configuration changes I usually do. These are mostly recommendation from Microsoft.

Domain Controllers

The default DFS service installed on a Domain Controller doesnt make the client fallback to a closer Domain controller if it has been talking to a remote server.

Set the Sysvol Netlogon Target Failback value to 1 on all Domain Controllers. One simple way is to use a GPO with policy preferences targeted at the Domain Controller OU.

Reqular user DFS roots

I have meet lots companies that have problems with DFS when the endusers are on a VPN line. This is usually because a NetBIOS issue. The end user requests \domaindfssharefile.txt, but this only works at the office. The most usual case for this is that the DFS root referrals are given in NetBIOS names, which wont resolve outside the company. By changing the referrals to FQDN this issue is reduced.

Set the DFS DNS Config to 1 on all DFS servers before setting up the DFS namespace.

Leave a Reply