Whilst trying to add a new cluster for file shares to take over from the previous one we found that whilst replication worked to migrate the files, we could not remove or disable the old paths from the Folder Targets.
Access Denied – obviously some kind of permission issue, but try as we might comparing ACL’s between systems we couldn’t see where the issue was.
It all came down to the power of my Google Fu.
The first screenshot on the page I turned up was a 100% clue that this was where I’d find my answer.
For us the easy fix was to use ADSI Edit, expand the tree out to:
Default Naming Context + DC=domain, DC=local +- CN=System +-- CN=Dfs-Configuration
Then on my share
CN=shares when I looked at the attribute for
remoteServerName I could see both of my namespace servers. But when I checked the Security tab, in the list of permissions only one of the servers was listed.
The fix was to add the missing server and ensure it had the
Read all properties and
Write all properties permission.
We didn’t have to restart anything at all. The Domain Replication period was obviously short enough that we were able to see it work within a minute of the change being made.