When seeding a Windows DFS replication copy, do you need to copy security?
This blog entry from Microsoft covers the details about what you need to do to preseed a dfs replica.
From what I read the security matters.
One of the notes on the page specifically address security.
Critical note: do not pre-create the base folders that robocopy is copying and copy into them; let robocopy create the entire source tree. Under no circumstances should you change the security on the destination folders and files after using robocopy to pre-seed the data...
They suggest preseeding with a robocopy command like this.
Robocopy.exe “\\source server\drive$\folder path” “destination drive\folder path” /b /e /copyall /r:6 /xd dfsrprivate /log:robo.log /tee
The article also mentions that you can use DFSRDIAG to manuall compute a hash for a file that covers everything DFS checks. It gives a few examples on how to use this command to verify that your preseed replica is correct.
Related videos on Youtube
![Huron](https://i.stack.imgur.com/C0vvf.jpg?s=256&g=1)
Huron
Updated on September 18, 2022Comments
-
Huron almost 2 years
I may need to rebuild a 1TB Windows 2008 DFS replication folder between our UK and USA sites. It's good practise to seed the other copy before starting replication so that the bulk of the data doesn't need to be replicated during the initial replication.
However, I've never been sure whether this seed needs the security (access control lists) with the seed or whether you can use a simple copy of the files?
In the past we've used robocopy to external USB (which somebody took out with them) with the /sec flag which copies security but this has caused a few headaches when copying the data back off.
-
maweeras almost 13 years+1 for zoredache. Just note the "dfsrdiag filehash" is new to Windows Server 2008 R2. Its not available in Windows server 2008 itself.
-
Huron almost 13 yearsThanks for this, so yes, security should be copied. In fact, copyall does data, attributes, timestamps, ACL (security), ownership and auding
-
Huron almost 13 yearsLittle addendum - I said we've used /sec in the past whereas this article specifies /copyall which adds ownership & auditing information which previously we have not copied so that's worth knowing