My best practices for sharing

These are some things I do think about when helping a customer with their shares:

Backups, The shares, Formating, Previous versions. [Read more…]

Find granted rights in a directory structure

So.

A long long long time ago I needed to find all rights that were set. So I wrote a script that lets me pipe the information to a CSV file.

There is a similar tool from Sysinternals called Access Enum, but:

  1. It outputs a txt file that is harder to work with afterwords.
  2. I didnt think of it when I needed it done.

So grab it from the Technet Gallery page.

 

 

Using DFS during company split

During a company split I was put in charge of file services.

The company were splitting of a part of the company with specific requirements:

  • Minimize user required interaction
  • Users have to be able to use homefolders from both sides
  • New company wanted to use redirection instead of only homedirectories

With these requirements we decided to use a DFS root. This allows me to create a fake new home server and share and point to the old server. This allows new clients access through the new layout, and old systems the old homedirectory. Due to the requirements we needed to keep the SID history.

[Read more…]

Plan a structure for Homedirectories and Redirected folders

This post discusses some ways of planing for homedirectories.

The logic is the same for redirected folders. With the big difference is that with redirected folders you create folders for My Documents, Desktop and Favorites within each userfolder.

Different methods:

  • Individual shares
  • One giant share
  • One leveled share
  • “Equal” split on a couple of share

[Read more…]

Using powershell and SIDs to change ACLs

Recently I needed to create lots of users and homedirectories. This gave a me an challenge. How can I grant rights on a homefolder in seconds after creating an user.

If you create a user and then a folder, then set the rights. Go to the properties>securities tab, if you search for the user it takes a while before the domain controller has information about the new user.

So how do you create thousands of users without setting long delays to allow for Active Directory replication? You turn to SIDs. The SID is the Security Identifier of the account, its the SID that is saved in the ACL.

If you go into the securites tab now you should see the SID unless you are already talking to the same DC that created the user.

So I got a comment from Francis Favorini that I could simplify the account creation and SID retrieval parts. So I implemented those parts too.

Getting an error while removing an DFS namespace server

I have seen a few get the following error while trying to remove obsolete DFS namespace servers. Usually the server has been removed permanently before removing the server from the DFS namespace. More than once have I seen people being a bit to smart for their own good, by removing the namespace server using ADSIedit.

How to get:

  • Permanently remove a namespace server
  • Use adsiedit to cover up the misstake by removing the namespace server in the DFS configuration
  • Get baffled by it still being in the DFS Managment console
  • Trying to remove the server the correct way

Result:

What to do:

Readd the namespace server to the DFS Configuration using ADSIedit.

Use the correct way of removing an obsolete DFS root server using the correct command:

Remove an obsolete namespace server on a Windows 2000 Server
Remove an obsolete namespace server on a Windows 2003 Server
Remove an obsolete namespace server on a Windows 2008 and newer Server

Remove an obsolete DFS nameserver Windows 2008 and newer

A simple explanation how to remove an obsolete DFS namespace server from a Windows 2008/2008r2 Server. Since Microsoft removed the Support tools with Windows 2008 and replaced them with RSAT, there is no need to install any tools anymore. Just a command and happiness.

Getting an error about:

See my blog entry about errors removing DFS namespace server

Remove an obsolete DFS nameserver Windows 2003

A simple explanation how to remove an obsolete DFS namespace server from a Windows 2003 Server:

  • Download & Install Windows Support Tools for Windows 2003

Getting an error about:

See my blog entry about errors removing DFS namespace server

Remove an obsolete DFS nameserver Windows 2000

A simple explanation how to remove an obsolete DFS namespace server from a Windows 2000 Server:

  • Download & Install Windows Support Tools for Windows 2000

Getting an error about:

See my blog entry about errors removing DFS namespace server

DFS Consolidation root

Why a DFS Consolidation root?

DFS Consolidation roots are a way geting rid of old servers while keeping the name functionality of the old servers.

Consider the company Acme Computing. They are an old company with lots of old file server all over the place. New IT management has decided that all shared data should be available on the same file server. So this is kind of easy, lets just copy all the data to the new server, but wait.. There are old systems that have hardcoded paths to the old servername, this would break them. Some people might suggest just inheriting the share names and add the old names as alternative names of the server. This might work with the smaller companies but all you have done is complicated the fileserver even more. If we look at DFS, we can use an DFS consolidation root to trick the systems that the old paths are alive too. You cant configure a domainbased DFS namespace as a Consolidation root only standalone roots.

What happens (simplified)?

[Read more…]