1

I wondered why a stand-alone namespace "Can be hosted by a failover cluster to increase the availability of the namespace." while a domain namespace "[...] cannot be a clustered resource in a failover cluster."

The Microsoft doc further states, that a domain namespace needs to be configured to use only local storage. What imposes that restriction on domain namespaces?

Zin
  • 13
  • 2

1 Answers1

0

This restriction is imposed by the usage of the domain namespace as default storage for all the sysvol (AD Policy store) information. If you haven't migrated from FRS, I'd recommend to do that.

Datastores with high security requirements (like SAM, Policys, AD-Replication) must reside on local storage, aka 'directly controlled by windows'. Otherwise Microsoft would have to run every Cluster/Software/Hardware/NIC/SAN configuration throuch a certification program. That'd be a tough job - not just for DCs.

bjoster
  • 4,805
  • 5
  • 25
  • 33
  • Thanks bjoster, luckily there's no [FRS](https://blogs.technet.microsoft.com/filecab/2014/06/25/streamlined-migration-of-frs-to-dfsr-sysvol/) running here. What about the DFS Namespaces role running on a **member server**. It shouldn't have stored the high security data locally. Those should only reside on the DC, shouldn't they? – Zin Jan 09 '19 at 14:24
  • Domain (DFS) namespaces are running in a *domain*, not on a local server. you can open up the DFS mmc everywhere and manage your DFS. That's why it's so sensitive. – bjoster Jan 09 '19 at 14:26
  • I still can't see that sensitive data being stored on a namespace server. Can you show me where it is stored on a member server hosting a namespace? I could only find C:\DFSRoots which only contains folders. Could it be, that the restriction not about DFSN but DFSR? – Zin Jan 10 '19 at 07:32