What's New in Distributed File System

Applies To: Windows Server 2008 R2

What are the major changes?

Distributed File System (DFS) Namespaces and DFS Replication offer simplified, highly available access to files, load sharing, and WAN-friendly replication. In the Windows Server® 2008 R2 operating system, Microsoft has added a number of features and improvements to existing features.

The following changes to DFS Namespaces are available in Windows Server 2008 R2:

  • DFS Management support for enabling access-based enumeration

  • Performance counters

  • Performance improvements for large namespaces

  • DFS Management support to selectively enable namespace root referrals

  • Improved Dfsdiag.exe command prompt Help text

The following changes to DFS Replication are available in Windows Server 2008 R2:

  • Failover cluster support

  • Read-only replicated folders

  • Read-only domain controllers have read-only SYSVOL folders

  • Additional DFS Replication diagnostic functionality in the Dfsrdiag.exe command-line tool

The Help topics for DFS Management are updated with information about the new features, and the majority of topics include improvements. The changes, when appropriate, were also made to the Windows Server 2008 help topics.

For more information, see DFS Management, DFS Replication: Frequently Asked Questions (FAQ), or DFS Namespaces: Frequently Asked Questions on Microsoft TechNet.

Who will be interested in this feature?

Administrators of large networks who want to organize and increase the availability of shared folders by creating a namespace and administrators who want to keep folders synchronized between servers in an efficient manner by using DFS Replication will be interested in this feature.

What new functionality does DFS Namespaces provide?

The following changes are available in Windows Server 2008 R2 for DFS Namespaces:

  • DFS Management support for enabling access-based enumeration

  • Performance counters

  • Performance improvements for large namespaces

  • DFS Management support to selectively enable namespace root referrals

  • Improved Dfsdiag.exe command prompt Help text

DFS Management support for enabling access-based enumeration

Access-based enumeration displays only the files and folders that a user has permissions to access. If a user does not have Read (or equivalent) permissions for a folder, Windows hides the folder from the user's view. For example, if you enable access-based enumeration on a shared folder that contains many users' home directories, users who access the shared folder can see only their personal home directories; other users' folders are hidden from view.

You can enable access-based enumeration in two complementary locations:

  • When you enable access-based enumeration on a shared folder by using Share and Storage Management, Windows displays folders and files in the NTFS file system to network users only if they have Read (or equivalent) permissions to the folders and files.

  • When you enable access-based enumeration on a namespace by using DFS Management (or the Dfsutil command, which is also supported in Windows Server 2008), Windows displays folders in the namespace to network users only if the namespace administrator has given them Read permissions to the DFS folders.

Tip

To provide access-based enumeration across a namespace and all folder targets (shared folders that are linked from a DFS folder), enable it on the namespace and on all shared folders that act as folder targets in the namespace.

Windows Server 2008 R2 includes the ability to enable and configure access-based enumeration for a namespace by using DFS Management or the Dfsutil command. This capability works with namespaces that are hosted on servers running Windows Server 2008 R2 or Windows Server 2008. To enable access-based enumeration of DFS folders from a computer running Windows Server 2008, you must use the Dfsutil command.

For more information, see the following topics on Microsoft TechNet:

Performance counters

DFS Namespaces in Windows Server 2008 R2 includes three performance counters that you can use to monitor various aspects of DFS Namespaces:

  • DFS Namespace Service API Queue. Shows the number of requests (made using the NetDfs API) in the queue for the DFS Namespace service to process.

  • DFS Namespace Service API Requests. Shows performance information about requests (such as creating a namespace) made to the DFS Namespace service.

  • DFS Namespace Service Referrals. Shows performance information about various referral requests that are processed by the DFS Namespace service.

For more information, see Windows Performance Monitor (https://go.microsoft.com/fwlink/?LinkId=132016).

Performance improvements for large namespaces

DFS Namespaces in Windows Server 2008 R2 performs faster than the Windows Server 2008 version in the following conditions:

  • When hosting large domain-based namespaces in Windows Server 2008 mode with 5,000 DFS folders (links) or more, the DFS Namespaces service requires significantly less time to start.

  • When hosting very large domain-based namespaces in Windows Server 2008 mode with more than 300,000 DFS folders.

Note

When hosting namespaces with more than 50,000 folders, starting the DFS Namespace service can take an extended period of time (up to several hours depending on the configuration). To eliminate downtime while the namespace is starting and to maximize performance, use a domain-based namespace (Windows Server 2008 mode) with multiple namespace servers for redundancy.

In September 2009, Microsoft representatives will present more information about the performance and scalability improvements of DFS Namespaces at the 2009 Storage Developer Conference (https://go.microsoft.com/fwlink/?LinkId=157789).

Improved Dfsdiag.exe command prompt Help text

The command prompt Help and error messages for the Dfsdiag command (Dfsdiag /?) are rewritten. They are clearer and more descriptive.

DFS Management support to selectively enable namespace root referrals

When a DFS client first attempts to access a domain-based namespace, a domain controller provides a list of namespace servers to the client. This list of namespace servers is known as a root referral. In Windows Server 2008 R2, you can selectively enable or disable referrals to specific namespace servers. This enables an administrator to temporarily take a namespace server offline while performing maintenance.

To disable referrals to a namespace server, the namespace server must be running Windows Server 2008 R2, Windows Server 2008, or Windows 2000 Server. (Windows Server 2003 and Windows Server 2003 R2 are not supported.)

To enable or disable a namespace server in Windows Server 2008 R2, use the following procedure:

Enable or disable referrals to a namespace server

  1. In DFS Management, select the appropriate namespace, and then click the Namespace Servers tab.

  2. Right-click the appropriate namespace server, and then click Disable Namespace Server or Enable Namespace Server.

Note

To enable or disable a namespace server by using a command line in Windows Server 2008 R2 or Windows Server 2008, use the Dfsutil Property State command.

What new functionality does DFS Replication provide?

The following changes are available in Windows Server 2008 R2 for DFS Replication:

  • Failover cluster support for DFS Replication

  • Read-only replicated folders

  • Read-only domain controllers have read-only SYSVOL folders

  • Additional DFS Replication diagnostic functionality in the Dfsrdiag.exe command-line tool

Failover cluster support for DFS Replication

DFS Replication in Windows Server 2008 R2 includes the ability to add a failover cluster as a member of a replication group. To do so, see Add a Failover Cluster to a Replication Group (https://go.microsoft.com/fwlink/?LinkId=155085).

The DFS Replication service on versions of Windows prior to Windows Server 2008 R2 is not designed to coordinate with a failover cluster, and the service will not fail over to another node.

Read-only replicated folders

A read-only replicated folder is a replicated folder on a particular member in which users cannot add or change files. This is convenient for read-only folders that you want to keep up-to-date with a central server (or servers). For example, you might want to create read-only replicated folders for software installation folders or for folders that contain published reports or documents. Read-only replicated folders are also used by read-only domain controllers (RODCs) to keep the SYSVOL shared folder updated while preventing local changes.

Prior to Windows Server 2008 R2, the only way to simulate a read-only replicated folder was to manually set share permissions and ACLs on the folders to prevent accidental changes or additions, requiring additional administrative effort and increasing the likelihood of mistakes.

To use read-only replicated folders on Windows Server 2008 R2, see Make a Replicated Folder Read-Only on a Particular Member (https://go.microsoft.com/fwlink/?LinkId=155093).

Read-only domain controllers have read-only SYSVOL folders

In Windows Server 2008 it is possible to make changes to the SYSVOL folder of a RODC. These changes persist until the DFS Replication service can overwrite the changes with data from a read-write domain controller or from the DFS Replication staging folder.

In Windows Server 2008 R2, the SYSVOL folder on RODCs is a read-only replicated folder. This prevents users or administrators from altering files in the folder.

Additional DFS Replication diagnostic functionality in the Dfsrdiag.exe command-line tool

The Dfsrdiag.exe command-line tool includes three new command-line switches that provide enhanced diagnostic capabilities:

  • Dfsrdiag.exe ReplState. Provides a summary of the replication status across all connections on the specified replication group member. It initiates a snapshot of the internal state of the DFS Replication service and gathers a list of the updates that are currently being processed (downloaded or served) by the service.

  • Dfsrdiag.exe IdRecord. Displays the DFS Replication ID record and version for the file or folder that you specify by using its path or its Unique Identifier (UID). The DFS Replication service creates an ID record for every file and folder that it replicates, and you can use the ID record and its version information to determine if a file has replicated properly to a particular member.

  • Dfsrdiag.exe FileHash. Computes and displays the hash value that is generated by the DFS Replication service for a particular file. The hash value is used to compare two files—if the hash value for two files is identical, so are the files.

    For example, if you use a portable hard drive to copy the contents of a replicated folder to a replication group member before the initial replication, it is often useful to verify whether the files that you copied (for example, the attributes, timestamps, and access control lists (ACLs)) are identical to the version of the files on the authoritative replication group member. If the files are identical, the DFS Replication service doesn’t download any portion of the file during replication (except for its metadata, which the service uses to determine that the files are identical).

Which editions include these features?

The following editions of Windows Server 2008 R2 can host DFS namespaces:

  • Windows Server 2008 R2 Standard

  • Windows Server 2008 R2 Enterprise

  • Windows Server 2008 R2 Datacenter

  • Windows Server 2008 R2 for Itanium-Based Systems

The following editions of Windows Server 2008 R2 can act as a member of a DFS Replication group:

  • Windows Server 2008 R2 Standard

  • Windows Server 2008 R2 Enterprise

  • Windows Server 2008 R2 Datacenter

For more information about the requirements for DFS Namespaces and DFS Replication, see DFS Management (https://go.microsoft.com/fwlink/?LinkId=155073) on Microsoft TechNet.

Additional references

For information about what is new in Distributed File System in Windows Server 2008, see Distributed File System.