DFSR Setup and considerations

DFSR is actually relatively easy to setup.

There’s no need for me to re-invent the wheel or explain in tiny detail, as most of it has all been done before.

So, to start

MS blog about how it can work for you.

DFS Replication in Windows Server 2012 R2

How to set it up

DFSR Setup with screenshots

Another MS blog about how if you have a huge estate, you better use DFSRADMIN command line! (Yeah you’d better!)

DFS Replication and command line

 

Disable IE Enhanced Security

New server built. Need access to vSphere or any other web based, server or appliance web front.

Are you sure?

Do you trust this site?

Do you really trust this site?

Are you sure you trust this site?

Are you really sure you really trust this site?

Just turn it off via GPO

Disable IE Enhanced mode

In all fairness, some people have security concerns about using any browser on a server. I get that. If you’re using server 2012 R2, relatively recently updated and well… You aren’t an idiot, you’re probably OK using it to get media from a trusted site, or use your web based admin pages. Final decision lies with you!

There are situations and environments, where you may have apprentices, or non IT literate staff who are the IT staff; I’ve been involved with a lot of places where they don’t have anyone in an official IT capacity and the highest qualified person is the one who can change the lockscreen on their phone –  where you shouldn’t do this and in fact, should lock it all down as much as you can.

DFSR Monitoring Script (with email!)

Ah, good old DFSR, with it’s highly complex management algorithm that is at times, a Law Unto Itself. What do you mean that file is newer? I’m going to overwrite it with THIS one!

DFSR is also full of false truths and true lies. Event ID’s that don’t tell you what’s wrong. Logs that make out that everything is broken when it isn’t… Weeks of over written data that no one knew was happening… But sadly if you don’t have hardware replication, you probably use this. Don’t get me wrong, when it works properly, it’s great, but there’s sometimes quite a management overhead, plus a lot of time and experience involved when it needs to get fixed.

This link has an amazing script that was similar to part of my checks in a previous role, whereby I had a few scripts running as part of Daily Checks for the team, that reported on DFSR, Exchange and AD. It emailed pretty pictures and everything (you know how people love pretty pictures!) So as my first post towards Checks and DFSR management – the following link is fantastic.

DFSR Monitoring Script

I will say though, as part of any infrastructure related checks or notifications, it’s what works for you and your team. I had a great Project Manager once who said that if you get the process right, then everything works. If the process fails and a person followed the process, then the process needs changing. Which stands to reason – you need the process that people need to follow, that takes into consideration everything that needs to happen and there’s no point having a barrage of alerts sent to email, if the person involved doesn’t read them, understand them and put down somewhere he’s done all of the above.