Network Layout

1

nslookup test.com

Name: test.com
Addresses: 2002:bf79:1e1f::bf79:1e1f
2002:bf79:1e1e::bf79:1e1e
191.121.30.31
191.121.30.30

ping test.com

Pinging test.com [2002:bf79:1e1e::bf79:1e1e] with 32 bytes of data:
Reply from 2002:bf79:1e1e::bf79:1e1e: time<1ms
Reply from 2002:bf79:1e1e::bf79:1e1e: time<1ms
Reply from 2002:bf79:1e1e::bf79:1e1e: time<1ms
Reply from 2002:bf79:1e1e::bf79:1e1e: time<1ms

net view \\test.com\ will display all shares on DC1 domain controller.

If the client computer resolves the test.com to 2002:bf79:1e1f::bf79:1e1f (DC2), net view \\test.com\ will display all shares on DC2.

Even though I uncheck the IPv6 protocol binding, I still get the IPv6 addresses. Why?

2

Run IPCONFIG on DC1:

3

The IPv6 address comes from 6to4 virtual adapter. I don't want it. How do I disable it?

netsh interface 6to4 set state disabled

netsh interface isatap set state disabled

netsh interface teredo set state disabled

I create a script which includes the three command lines.

Create three Global Security Groups: GG_Marketing, GG_Production, GG_Sales

dsadd group "cn=GG_Marketing,dc=test,dc=com"

dsadd group "cn=GG_Production,dc=test,dc=com"

dsadd group "cn=GG_Sales,dc=test,dc=com"

dsadd user "cn=Sarah,dc=test,dc=com"

dsadd user "cn=Louis,dc=test,dc=com"

dsadd user "cn=Mary,dc=test,dc=com"

dsmod group "CN=GG_Marketing,DC=Test,DC=COM" -addmbr "CN=Sarah,DC=Test,DC=COM"

dsmod group "CN=GG_Production,DC=Test,DC=COM" -addmbr "CN=Louis,DC=Test,DC=COM"

dsmod group "CN=GG_Sales,DC=Test,DC=COM" -addmbr "CN=Mary,DC=Test,DC=COM"

I have to use the Windows Explorer to add Domain Admins group to the shared permission (FULL CONTROL).

I don't want the UNC path \\test.com\ to expose the shares on domain controllers. I create all hidden shares. All the shares will be exposed from DFS namespace.

Marketing data is in DC1.

mkdir c:\marketing

icacls c:\Marketing /grant GG_Marketing:M

net share Marketing$="c:\Marketing" /Grant:GG_Marketing,Change /REMARK:"Marketing Data space" /Cache:Manual

Production data is in DC2.

mkdir c:\production

icacls c:\Production /grant GG_Production:M

net share Production$="c:\Production" /Grant:GG_Production,Change /REMARK:"Production Data space" /Cache:Manual

Sales data is in Image server.

mkdir c:\Sales

icacls c:\Sales /grant GG_Production:M

net share Sales$="c:\Sales" /Grant:GG_Sales,Change /REMARK:"Sales Data space" /Cache:Manual

Add File Services with DFS Namespaces on Image, DC1, and DC2 without creating a namespace

4

Create a namespace: vanarts on DC1

5

A namespace starts from a shared folder: c:\dfsroots\vanarts with shared name: vanarts.

6

7

8

Because the Vanarts namespace is hosted on DC1, if it is down, you cannot access the vanarts.

Add namespace server

9

Disconnect DC1 from network

Client computers can still browse the Vanarts namespace except that the Marketing folder cannot be accessed.

You can also add the image computer (Domain Member server) as a namespace server.

Add a folder target:

10

Make sure you have a shared folder:Marketing$ on Image computer with neccessary permissions.

11

12

If you have a large amount of data to be replicated, you might adjust the staging path and quota. I had an trouble to replicate 500 GB data. The replication cannot be completed, even I waited for 3 days.

13

Read-only replica

14

 

Referral

A referral is a list of folder targets.

Download Microsoft Remote Server Administrator Tools for Vista and Windows 7

After the RSAT is installed, Turn Windows features on or off under Programs and Features.

DFSUTIL cache referral

Within a site, the folder target is ordered randomly.

From client one, run dfsutil cache referral

You might get:

15

From client two, run dfsutil cache referral

You might get:

16

The DFS evenly distributes the workload. There is drawback with the feature. The \\test.ccom\vanarts\marketing folder is associated with two folder targets:

Vista1 computer: dfsutil cache referral

0:[\DC1\Marketing$] AccessStatus: 0 ( ACTIVE TARGETSET )
1:[\IMAGE\Marketing$]

When the user copies a large data, e.g. 10GB, because the replication latency, or the replication schedule, or the replication problem, the Win7 computer might not get it.

Win7 computer: dfsutil cache referral

0:[\IMAGE\Marketing$] State: 0x110 ( ACTIVE TARGETSET )
1:[\DC1\Marketing$] State: 0x00

How about always list \\IMAGE\Marketing$ folder target on top of ther list?

17

How about disable the referral?

18

You can control the replication bandwidth.

19