Guys, I could use some brighter minds then mine right now. :) To start off Ill describe what I am doing and then describe what is happening. I have a dfs domain name space. domain.net\fs. I have several folders like apps, departments etc. I also have a users folder that points to the location of where users documents are held. We are doing folder redirection for documents. (On a side note, we also folder redirect videos, favs, pictures, and music but until yesterday we were not using DFS for those) So I have Domain.net\fs\users that points to the users documents folder. I am in the process of building and bringing online new file servers as a cluster. I have been copying data off the old servers that were on local drives or old san devices. At the same time we want to use DFS for the other folder redirections as well that way we can hopefully minimize user interaction with the server directly. To set this up I have done the follow. I created a new Folder in dfs called Profiles which under that I have the target folders for Fav's, Music, Pictures, Vid, and Documents as well. I set up the target folders to point to the old server and the new server but with referral's turned off on the new server right now. The Documents folder points to the SAME folder as domain.net\fs\users points to. Ok. In Group Policy I set up a separate policy for each of these folders to keep it granular and adjustable. In the GP I am telling it to use the new dfs path of domain.net\fs\profiles\(redirected folder name) I have been testing this in our IT dept for almost a month and have had no real big issues except for certain folders being created because GP thought it was trying to move the files to a new location when in fact it wasn't supposed to be moved... therefore it deleted all the files. Yesterday, I implemented the Group Policies to a wider user base. This morning the phones lit up like a Christmas tree. Not everyone seems to be having a problem but several are. And out of that several some have been able to be fixed just by doing a gpupdate /force a second or 3rd time followed by a reboot. Others however are experiencing craziness. Since all clients are windows 7 machines, the user clicks on the documents library which should be redirected to domain.net\fs\profiles\(user)\documents When they click this link they get a big nasty error that says access denied. They are being redirected to the correct path. On the server no permissions have changed. If I browse to the path domain.net\fs\users they can get to their docs. The same goes for browsing straight to the folder share on the server. (\\servername\sharename) I don't see any event logs on their computer to tell me what is wrong and I honestly don't know where to look on the server for such authentication problems. I have checked applications, security and even the GP and DFS event logs. Any help would be greatly appreciated. Dusty Dusty

Hi, Thank you for your question. I am trying to involve someone familiar with this topic to further look at this issue. Regards, Leo Huang TechNet Subscriber Support If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.Leo Huang TechNet Community Support

Hello, Can the several users who are experiencing the issue access the DFS path or UNC path directly? Regards, DennyPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Denny, Yes I can use the "old" but still existing domain.net\fs\users and get to the folder find. I can also browse to the \\servername\users$ which is the shared folder name and get to my docs folder that way with no issues. Its only when I browse to domain.net\fs\profiles and try to drill down to my docs folder which again is pointing to the users$ share the same as what the domain\fs\users point to. Its very odd and there are no error logs that I am finding. I do have an update that one of the users after letting it sit overnight is not access their folder with all methods. I have not changed anything with group policy or dfs so I don't understand how it fixed its self but on the other hand Im glad it did. Thank you for all your willingness to help. DutyDusty

Hi, If we have the affected users log into another machine will the issue persist? Additionally, please help export the DFS structure using the following command and post it on our thread so that we can have a clear understanding regarding your DFS setup. Thanks dfsutil /root:\\domain.net\fs /export:C:\dfs.txt /verbose Regards, Denny Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

I am not sure if this will resolve your problem but i do have couple of link for you to take look at http://social.technet.microsoft.com/Forums/en-US/winserverGP/thread/a0052ce8-e588-4cce-afec-a08de8a1143b The Folder Redirection policy does not work if a previous user sets a redirected folder to an offline mode in Windows 7 or in Windows Server 2008 R2 http://support.microsoft.com/kb/2610379 You cannot access a DFS share through a mapped network drive on a computer that is running Windows 7 or Windows Server 2008 R2 http://support.microsoft.com/kb/983620 Accessing a folder under a mapped network drive to a Distributed File System Namespace (DFSN) folder target may fail on Windows Vista and later with error Access is Denied http://support.microsoft.com/kb/2385108

Denny, Here is the DFS txt file. JAEL is the old file server. JAEL-NEW is a Temp server I set up as JAEL was having major issues. FILESERVER-1 is the new Cluster server. I do Not have any referals on right now to anything but JAEL as I am waiting on the Replication for Documents(FS-Docs) to get caught up. I changed the replication over to the domain.net\fs\profiles path instead of domain.net\fs\users which will be going away after this next week once we can make sure almost everyone has updated their policy to point to the new path of the folder. Since these last 2 people don't seem to have anymore issues I have not had anyone complain about this error, but I would like to try and figure out if I have some sort of problem with my setup. I want to be able to turn on referalls to fileserver-1 and not experience any issues like files not matching up or disappearing etc. <?xml version="1.0"?> <Root Name="\\DOMAIN\fs" Comment="Faculty Staff Shares" State="1" Timeout="300" Attributes="32768" > <Target Server="DAVID" Folder="fs" State="2" /> <Target Server="SOLOMON-NEW" Folder="fs" State="2" /> <Link Name="users" Comment="My Documents (Faculty/Staff)" State="1" Timeout="1800" > <Target Server="jael" Folder="users$\facultystaff" State="2" /> <Target Server="JAEL-NEW" Folder="Users$\facultystaff" State="1" /> </Link> <Link Name="publications" State="1" Timeout="1800" > <Target Server="jael" Folder="publications$" State="2" /> <Target Server="JAEL-NEW" Folder="Publications$" State="1" /> <Target Server="fileserver-1.DOMAIN.net" Folder="Publications$" State="1" /> </Link> <Link Name="Projects" State="1" Timeout="1800" > <Target Server="martha" Folder="departments$" State="2" /> <Target Server="fileserver-1.DOMAIN.net" Folder="Projects$" State="1" /> </Link> <Link Name="profiles\facultystaff\pictures" State="1" Timeout="1800" > <Target Server="JAEL" Folder="MyPictures$" State="2" /> <Target Server="fileserver-1.DOMAIN.net" Folder="MyPictures$" State="1" /> </Link> <Link Name="departments" Comment="F/S Departments" State="1" Timeout="1800" > <Target Server="jael" Folder="departments$" State="2" /> <Target Server="JAEL-NEW" Folder="Departments$" State="1" /> <Target Server="fileserver-1.DOMAIN.net" Folder="Departments$" State="1" /> </Link> <Link Name="usergroups" Comment="Needs to migrate to \common" State="1" Timeout="1800" > <Target Server="jael" Folder="usergroups$" State="2" /> <Target Server="JAEL-NEW" Folder="Usergroups$" State="1" /> <Target Server="fileserver-1" Folder="Usergroups$" State="1" /> </Link> <Link Name="common" State="1" Timeout="1800" > <Target Server="JAEL" Folder="common$" State="2" /> <Target Server="JAEL-NEW" Folder="Common$" State="1" /> <Target Server="fileserver-1.DOMAIN.net" Folder="Common$" State="1" /> </Link> <Link Name="profiles\facultystaff\favorites" State="1" Timeout="1800" > <Target Server="jael" Folder="favorites$" State="2" /> <Target Server="fileserver-1.DOMAIN.net" Folder="Favorites$" State="1" /> </Link> <Link Name="Organizations" State="1" Timeout="1800" > <Target Server="martha" Folder="organizations$" State="2" /> <Target Server="fileserver-1.DOMAIN.net" Folder="Organizations$" State="1" /> </Link> <Link Name="profiles\facultystaff\documents" State="1" Timeout="1800" > <Target Server="jael-new.DOMAIN.net" Folder="users$\facultystaff" State="1" /> <Target Server="jael" Folder="users$\facultystaff" State="2" /> <Target Server="fileserver-1.DOMAIN.net" Folder="FSdocs$" State="1" /> </Link> <Link Name="media\upload" State="1" Timeout="1800" > <Target Server="jael" Folder="upload$" State="2" /> </Link> <Link Name="sites\aus" State="1" Timeout="1800" > <Target Server="jael" Folder="sites$\AUS" State="2" /> <Target Server="fileserver-1.DOMAIN.net" Folder="Sites$\AUS" State="1" /> </Link> <Link Name="media\images" State="1" Timeout="1800" > <Target Server="jael" Folder="images$" State="2" /> </Link> <Link Name="sites\ggg" State="1" Timeout="1800" > <Target Server="gideon" Folder="main$" State="2" /> <Target Server="jael" Folder="sites$\GGG" State="2" /> <Target Server="fileserver-1.DOMAIN.net" Folder="Sites$\GGG" State="1" /> </Link> <Link Name="sites\dal" State="1" Timeout="1800" > <Target Server="deborah" Folder="main$" State="2" /> <Target Server="jael" Folder="sites$\DAL" State="2" /> <Target Server="fileserver-1.DOMAIN.net" Folder="Sites$\DAL" State="1" /> </Link> <Link Name="profiles\facultystaff\videos" State="1" Timeout="1800" > <Target Server="JAEL" Folder="MyVideos$" State="2" /> <Target Server="fileserver-1.DOMAIN.net" Folder="AppData$" State="1" /> </Link> <Link Name="sites\hou" State="1" Timeout="1800" > <Target Server="jael" Folder="sites$\HOU" State="2" /> <Target Server="HANNAH" Folder="main$" State="2" /> <Target Server="fileserver-1.DOMAIN.net" Folder="Sites$\HOU" State="1" /> </Link> <Link Name="media\chapel\windowsmedia" State="1" Timeout="1800" > <Target Server="media.DOMAIN.net" Folder="wmpub$" State="2" /> </Link> <Link Name="profiles\students\documents" State="1" Timeout="1800" > <Target Server="martha" Folder="users$" State="2" /> <Target Server="fileserver-1.DOMAIN.net" Folder="StudentDocs$" State="1" /> </Link> <Link Name="apps" State="1" Timeout="1800" > <Target Server="JAEL" Folder="applications$" State="2" /> <Target Server="JAEL-NEW" Folder="Applications$" State="1" /> <Target Server="fileserver-1.DOMAIN.net" Folder="applications$" State="1" /> </Link> <Link Name="profiles\facultystaff\music" State="1" Timeout="1800" > <Target Server="JAEL" Folder="MyMusic$" State="2" /> <Target Server="fileserver-1.DOMAIN.net" Folder="MyMusic$" State="1" /> </Link> <Link Name="install" Comment="Application Installation Sources" State="1" Timeout="1800" > <Target Server="noah" Folder="install$" State="2" /> </Link> <Link Name="media\chapel\flash" State="1" Timeout="1800" > <Target Server="media.DOMAIN.net" Folder="flash$" State="2" /> </Link> </Root> One other question. Is there a powershell command or something that I can run against both servers to verify the permissions are correct on the new server? I would hate users to not have the right permissions in case RoboCopy messed them up as its my understanding that replication doesn't fix permissions. Maybe Im wrong. Brano - Thanks for the links. Ill check them out. Dusty Dusty

Hi, We do not have a command or tool that we can run to verify the permisson between both servers automatically, but we can use icacls command to export the permission entries and check them manually. e.g: icacls c:\windows\* /save aclfile /t it will save the acls for all files under c:\windows and all its subdirectories to aclfile you can also use icacls c:\windows\ /restore aclfile command to restore the permission entries on another machine. Icacls: http://technet.microsoft.com/en-us/library/cc753525(v=WS.10).aspx Regards, DennyPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Thanks Denny. Ill give this a shot. I still have no idea what would cause the first issue I mentioned but I have not had any other users complain of this so we can ignore this for now. :) have a great day. DustyDusty