Hi

I am experimenting with using DFS in a folder redirection scenario, my main purpose for this for two things:

• To replicate to another destination for backend backup purposes
• To obscure the underlying server names to make upgrades and replacements easier in the future

I am not using this as a multi-target scenario where if one server fails the other will pick it up.

I am using a Server 2008 R2 file server, this holds my main FR data, I then configured DFSR to replicate to a target on a server 2012 R2 file server. Currently users are redirected to the 2008 R2 server by name, this server will be decommissioned in the future. The client machine is Windows 7 for this example. In my test I am redirecting desktop, documents, appdata and favourites.

I am experiencing an odd issue though, below is what I have observed.

If the user logs in as a new user and DFS Namespace is used (\\domain.local\public\redirection\%username%\ ) then Sync Center shows no errors, the redirection works as expected from what I can tell.

If the user had already been using FR pointing to the server by name, and then they get the new policy applied which points them to the DFSR namespace, the folder policy gets applied and I can see the user is correctly referencing the DFS Namespace, but in sync center when I attempt a full sync I get an error in the sync results section access denied Redirection (\\domain.local\public) however, if I select to delete temporary files under the manage offline files, the problem goes away.

I have another issue as well with this, as an Administrator we sometimes drop files into users desktop or documents, however the ownership of these are set to Administrator, as with my scenario just mentioned the sync center then reports access denied on the files that were owned by the administrator. I order to fix this it appears that I have to do both setting the ownership for the user at their top level folder and allow it to propagate down to desktop, docs and so on. Additionally I then also have to give the user full control at their top level folder again propagating down through the rest.

I have the following questions:

1. Is there a way to get around the access denied error for the DFS Namespace by using some policy setting or command line (script) to delete the temporary files prior to the FR policy first being applied, or is the only way to do this by physically clicking that button?
2. Transferring the ownership and full permissions is rather time consuming but double, I guess I could script it but not sure what the correct code would be for this has someone got an example I can build on thats just handy to them?  

Many thanks

Steve

If the user had already been using FR pointing to the server by name

Hi,

I'm a little unclear this sentence, how did you using FR pointing to the server by name. Since you use DFS replication in a folder redirection, please note: "If the file share uses DFS Replication to replicate the contents with another server, users must be able to access only the source server to prevent users from making conflicting edits on different servers.".

For more detailed information, please see:

Deploy Folder Redirection with Offline Files

https://technet.microsoft.com/en-us/library/jj649078.aspx

For the sencond question,you could use the Icacls commands below to replace the ownership and give the user full control permissions at their top level folder.

icacls <Directory> /setowner <user account> /c /t

icacls <Directory> /grant <user account>:(OI)(CI)F /t

For more detailed information about Icacls, please see:

Icacls
http://technet.microsoft.com/en-us/library/cc753525.aspx

Best Regards,

Mandy

the user currently points to a server.... for example \\server1\folderedirection I get the problem described in sync center when I change the policy to poing to \\domain.local\public\redirection but I don't get the problem if the user has freshly logged onto the client machine, a user that has never logged onto the client before just gets redirected to the DFS location and does not have the issue in sync center.

ignore replication, it doesn't matter, and ignore the fact of having any second links, this is purely changing from a servername to a DFS namespace for FR. the data is still actually on the same server, ill do the migration of data later, at this stage I just want the users to be correctly connected to the DFS namespace

so any command based approach to cleaning the temporary files for a user?

thanks

Steve

Hi Steve,

Please try to rename the Offline Files cache to reflect a different DFS name. You could create a registry key FolderRedirectionEnableCacheRename then install the kb977229 hotfix. 

For more detailed information, you could refer to the articles below:

You are unable to update the target location of offline file shares in the Offline File client side cache without administrative permission in Windows Server 2008 R2 or in Windows 7
http://support.microsoft.com/en-us/kb/977229

How to change the File Server Share for Folder Redirection in a way that the W7 Client can still access the Data on the Users Share and not to have the complete Data synced over the wire?
http://blogs.technet.com/b/netro/archive/2013/12/23/how-to-change-the-file-server-share-for-folder-redirection-in-a-way-that-the-w7-client-can-still-access-the-data-on-the-users-share-and-not-to-have-the-complete-data-synced-over-the-wire.aspx

Best Regards,