DFS nightmare.

  • We have two file servers that are setup with DFS. I've tested replication, and ran some diagnostics but everything shows as healthy.

    Under our \namespace\fileshares, we have things like \Users, \Software, etc. For many people during random times of random days, all the shares will disappear, but they can still see \Users. If you click on \Users, you'll see only your name, which is how it should be. I'm redoing the permissions for this folder because then when it stops acting up, users can traverse over to other user folders (but not see their documents, they can merely see that there are other user folders).

    There's not just an issue with \Users, it goes deeper. Checking the permissions on \Fileshares, I don't see any glaring issues. Domain Users have read permissions so they can get to \Software, but even a domain admin sometimes will see that share disappear. If you map a drive directly to one of the servers, everything is fine. So you would think there is an issue with DFS.


  • Microsoft's model is:

    user 1,2,3,4 > Global Security Group > Domain Local Group > $resource

    I noticed someone put in domain\Users (which is a built-in group), instead of using Domain Users. I'm skeptical to think that this works because of security group nesting... Domain Users is a member of domain\Users (built-in) but I have never saw someone use that built-in group before....