When seeding a Windows DFS replication copy, do you need to copy security

dfspreseedreplication

I may need to rebuild a 1TB Windows 2008 DFS replication folder between our UK and USA sites. It's good practise to seed the other copy before starting replication so that the bulk of the data doesn't need to be replicated during the initial replication.

However, I've never been sure whether this seed needs the security (access control lists) with the seed or whether you can use a simple copy of the files?

In the past we've used robocopy to external USB (which somebody took out with them) with the /sec flag which copies security but this has caused a few headaches when copying the data back off.

Best Answer

This blog entry from Microsoft covers the details about what you need to do to preseed a dfs replica.

From what I read the security matters.

One of the notes on the page specifically address security.

Critical note: do not pre-create the base folders that robocopy is copying and copy into them; let robocopy create the entire source tree. Under no circumstances should you change the security on the destination folders and files after using robocopy to pre-seed the data...

They suggest preseeding with a robocopy command like this.

Robocopy.exe “\\source server\drive$\folder path” “destination drive\folder path” /b /e /copyall /r:6 /xd dfsrprivate /log:robo.log /tee

The article also mentions that you can use DFSRDIAG to manuall compute a hash for a file that covers everything DFS checks. It gives a few examples on how to use this command to verify that your preseed replica is correct.

Best Answer

Related Solutions

Windows Server 2008 DFS Replication Over WAN Link – Feasibility

DFS-R pre-populated target folders STILL overwrite. How to avoid that

Related Topic