3

Suppose I have two sites - A and B - both with 5/5 Mbps WAN links that are connected via L2L VPN. Each Site is defined in AD Sites 'n Services with its own domain controllers, etc. The problem is that for folder redirection to work "well" I would ideally like the folder redirection to occur based on which site the user hails from - for example, if user in site A, folder redirection would work with a share on A. Or, if the user happens to move to B, the folders would redirect to a location on B. Finally, the storage servers responsible for A and B's redirection (the locations they are pointed to) would replicate. Is this type of functionality possible in Group Policy/AD? Or do I have to use a single "abstracted" share that can route to the appropriate, replicated store based on subnet?

tacos_tacos_tacos
  • 3,250
  • 18
  • 63
  • 100

1 Answers1

4

You can do this one of two ways.

The way that I would recommend is as follows:

  1. Create a DFS namespace for your shares, something like \\domain\users should do.

  2. Add both servers to this DFS root.

  3. Check the box so that clients prefer (or are required) to use a server located in their AD site. Yes, it's smart enough to determine this using subnets defined in AD Sites & Services

  4. Set up replication between the two shares using DFS-R.

  5. Make a GPO that redirects to \\domain\users and link it like you would any other OU. DFS is smart enough to refer them to the closest server based on info in AD Sites and Services.

The other way would be:

  1. Set up DFR-R between the two servers, but don't add them to a namespace. This means the shares will be replicated, but won't share a common domain-based path.

  2. You can link GPOs to sites, not just OUs. Link a GPO at each site that points to \\server1\users for site 1 and like one that points to \\server2\users at site 2.

I prefer the first choice, because using a DFS namespace makes file server upgrades a breeze and it allows you to only have to maintain one GPO, while still allowing users that might roam to either site to dynamically map whatever server is closest.

Either way, DFS (in whether it's replication, namespaces, or both) should be involved.

MDMarra
  • 100,734
  • 32
  • 197
  • 329
  • Awesome, thanks very much for the dfs namespace suggestion – tacos_tacos_tacos Aug 06 '12 at 14:56
  • I'm sure you're aware Microsoft [does not support](http://blogs.technet.com/b/askds/archive/2010/09/01/microsoft-s-support-statement-around-replicated-user-profile-data.aspx) a scenario such as this one where users could potentially be failed-over to another file server, modify stale/unreplicated data and experience data loss when DFS's "last writer wins" conflict resolution strategy overwrites newer data with old. Based on your experience, do you find Microsoft's concerns overstated? Or do you have a specific strategy to address this problem? – I say Reinstate Monica Jan 08 '15 at 22:06