The following script deals with two DFS related problems that sometimes occur with namespaces that were created before Windows Server 2008.
Let’s say your Active Directory Domain was created years ago with Windows Server 2003, 2000 or NT. Even if you’ve done your Domain- and Namespace-Server migrations up to Server 2016 there maybe is something you’ve missed.
Problem number one
With Server 2008 Microsoft implemented Access Based Enumeration (ABE) to DFS but you have to migrate your namespace to “Windows Server 2008 mode” to use this feature. This means that you have to recreate your namespace. Doing this via the GUI could be a real pain if your servers are hosting many or very large namespaces.
Problem number two
Maybe you’ve done your domain migration from one version of Windows Server to the next one and so on. Now you’ve decided that it’s time to get rid of this old WINS server and finally go DNS only. What happened in my case was, that connecting my DFS Shares got slower after deleting the WINS Server. Why? Because my Namespace and all of my Folder Targets were NETBIOS based. So all my connection requests were using NETBIOS first and then DNS as a fallback. That’s not very effective but there is a solution: Get your DFS to use DNS only. To do this you have to set a registry Key on all Domain Controllers and Namespace Servers. If that’s done you can change your Namespace addresses to FQDN addresses and change your folder target addresses to FQDN addresses too.
Solution: PowerShell
REMINDER: There is no guarantee that this script will be working in your environment. It’s strictly recommended to test it before using it with productive data. I’m not responsible if you use this one without testing and your namespace goes boom.
<# .SYNOPSIS This script recreates DFS Namespaces in Server 2008 mode with DNS only .DESCRIPTION This script recreates DFS Namespaces in Server 2008 mode in a DNS only environment. .NOTES Author : Jan Francsi .LINK https://www.francsi.de/category/IT #> # Module Import-Module ActiveDirectory # Import all DFS Roots hosted by this server that are not standalone $dfsnRoots = Get-DfsnRoot -ComputerName $env:computername |Where type -NotMatch "Standalone" # Do for all DFS Roots on the local Server foreach ($root in $dfsnRoots) { #Remember servers $serverList = Get-DfsnRootTarget -Path $root.path #How many servers? $serverCounter = $serverList.Count # Get name of namespace $backuptarget = "C:\temp\" + ($root.path).Replace("\", "-") + ".xml" New-Item -ItemType Directory -Force -Path C:\temp dfsutil.exe root export $root.path $backuptarget #Prompt to alter the Backup file (FQDN) $message = "Please edit the following export and change NETBIOS names to FQDN: " + $backuptarget + " Press any key to continue..." Write-Host -NoNewLine $message $null = $Host.UI.RawUI.ReadKey('NoEcho,IncludeKeyDown') $localTargetPath = "" #Remove all other amespace servers and activate FQDN foreach ($namespaceserver in $serverlist) { if (!(($namespaceserver.TargetPath).Contains($env:computername)) ) { Remove-DfsnRootTarget -TargetPath $namespaceserver.TargetPath -Path $root.path $ausgabe = "Removed " + $namespaceserver.TargetPath echo $ausgabe } if (($namespaceserver.TargetPath).Contains($env:computername) ) { $localTargetPath = $namespaceserver.TargetPath $ausgabe = "localTargetPath " + $localTargetPath echo $ausgabe } # Get hostname from $namespaceserver URI $hntemp = ($namespaceserver.TargetPath).Replace("\\", "") $end = $hntemp.IndexOf("\") $hn = $hntemp.SubString(0,$end) #Set DFS FQDN parameter Set-DfsnServerConfiguration -ComputerName $hn -UseFqdn $true # DNS only Domain Config if (!(($namespaceserver.TargetPath).Contains($env:computername)) ) { Try { $s = New-PSSession -ComputerName $hn -ErrorAction Stop Invoke-Command $s -ScriptBlock {Param($path)dfsutil server registry DfsDnsConfig set $path} -ArgumentList $root.path | Out-Null Remove-PSSession $s } Catch { Write-Host "Remote Server connection error" } } else { dfsutil server registry DfsDnsConfig set $root.path } } #Replicate changes repadmin /syncall dfsrdiag pollad #Remove root Remove-DfsnRoot -Path $root.path #Replicate changes repadmin /syncall dfsrdiag pollad # Restart Dfs Stop-Service dfs; Start-Service dfs Start-Sleep -s 5 # Restore Namespace as Server 2008 version New-DfsnRoot -TargetPath $localTargetPath -Type DomainV2 -Path $root.path #Replicate changes repadmin /syncall dfsrdiag pollad #Add remaining targets foreach ($namespaceserver in $serverlist) { if (!(($namespaceserver.TargetPath).Contains($env:computername)) ) { New-DfsnRootTarget -Path $root.path -TargetPath $namespaceserver.TargetPath $output = "Added " + $namespaceserver.TargetPath + " to " + $root.path echo $output } } #Import backup dfsutil.exe root import set $backuptarget $root.path }