For security reasons (and for the sake of experience), I have implemented Microsoft DFS on our network file server. I did this so the file shares that users see on their machines don't show the server name hosting the shared directories. I also did this so an identical DFS set could be hosted on the backup server. Instead of backing up the data directory on the file server over ethernet, I backup the synced DFS Root off the backup server to tape.
Here is my dilemma. Currently the users see the following:
j:domainnameDFSRootshare1 instead of //servername/share
k:domainnameDFSRootshare2 instead of //servername/share
l:domainnameDFSRootshare3 instead of //servername/share
m:domainnameDFSRootsubdirectory1subdirectory2subdirectory3subdirectory4share4 instead of //servername/share
As you can see the first 3 shares are clean and short to the user. The 4th share is way to long and cumbersome in Windows Explorer. I would like to keep only one DFS root for the domain but shorten the share path to the M: drive (without moving the share4 directory to the DFS Root). The only way I can conceive doing this is to create a junction point inside the DFS set. Is this possible? Creating a junction point inside of a logical namespace. Basically I would create a junction point directory off the DFS Root that would point to the directory where share 4 is located.
m:domainnameDFSRootshared junctionpointdirectory that would point to
I'm pretty sure that I am just asking for trouble here but would enjoy any thoughts or responses you might have. Oh yeah -- for your readersadmins out there who use DFS, make sure you have the command prompt locked down. Even if an admin has DFS in place and has prohibited users from loading 3rd party utils/programs, a user can go to a dos prompt and type in c:netstat to figure out what server the share is on.
We start with a Domain Root DFS on a DC called MyDomainController. The DFS root looks like this:
\MyDomain.LocalMyDFSRoot = \MyDomainControllerDFSRoot = C:DFSRoot
Now I want the users to be able to access a subfolder on the Domain Controller (just keeping it simple for right now) with a physical name:
The ONLY share that exists is \MyDomainControllerDFSRoot but that doesn't stop me from creating a DFS link to a subfolder like this:
\MyDomain.LocalMyDFSRootMarketing = \MyDomainControllerDFSRootSharedDataDepartmentsMarketing
The only thing the user has to know is the much smaller \MyDomain.LocalMyDFSRootMarketing.
This can be done to other servers on the network. For example, let's say the Marketing folder was on another machine called MyFileServer. The MyFileServer has only 1 share called CompanyData:
\MyFileServerCompanyData = D:CompanyData
The Marketing data we want is at a downlevel directory like this:
We can create a DFS like this:
\MyDomain.locvalMyDFSRootCurrentQMrkMgt = \MyFileServerCompanyDataDepartmentsMarketingMrkManagementQ3
Works just fine! YOu can create multiple DFS Links to the same share and subdirectories. You can even link DFS to another DFS, although I am not sure why you would do this and it would be very easy to create cyclic links that result in errors reporting that the path name is too long.
Dig Deeper on Microsoft Active Directory Design and Administration
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.