DFS Tools and Settings

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

In this section

• DFS Tools

• DFS Registry Entries

• DFS Group Policy Settings

• Network Ports Used by DFS

• Related Information

DFS Tools

The following tools are associated with Distributed File System (DFS).

Dfscmd.exe: Distributed File System command-line tool

Category

Windows Server 2003 operating system tool.

Version compatibility

Windows Server 2003.

Dfscmd allows administrators to perform and script basic Distributed File System (DFS) tasks, such as configuring DFS roots, links, and targets.

Dfsgui.msc: Distributed File System snap-in

Category

Windows Server 2003 operating system tool.

Version compatibility

Windows Server 2003.

Dfsgui.msc is also part of the Windows Server 2003 Administration Tools Pack; you can install this pack on computers running Windows XP with Service Pack 1 (SP1) or later.

Dfsgui.msc allows administrators to create DFS namespaces, add and remove targets, set the Time to Live for targets, enable and disable referrals, enable replication for DFS root or link targets, create custom replication schedules and topologies, and so forth.

Dfsutil.exe: Distributed File System utility

Category

Windows Support Tools for Windows Server 2003.

Version compatibility

Windows XP, Windows 2000, and Windows Server 2003.

Dfsutil allows administrators to perform advanced DFS tasks, such as enabling root scalability mode, least expensive target selection, and same-site target selection. Dfsutil is also useful for determining the size of a namespace, exporting or importing namespaces, checking the site name of a computer or IP address, adding and removing root targets, and updating site information for root servers running Windows 2000 Server. When installed on DFS clients, Dfsutil can be used to view and clear the referral cache (PKT cache), domain cache (SPC cache), and MUP cache.

DFS Registry Entries

The information here is provided as a reference for use in troubleshooting or verifying that the required settings are applied. It is recommended that you do not directly edit the registry unless there is no other alternative. Modifications to the registry are not validated by the registry editor or by Windows before they are applied, and as a result, incorrect values can be stored. This can result in unrecoverable errors in the system. When possible, use Group Policy or other Windows tools, such as Microsoft Management Console (MMC), to accomplish tasks rather than editing the registry directly. If you must edit the registry, use extreme caution.

The following registry entries are associated with DFS.

For more information about registry entries, see the Registry Reference in the Tools and Settings Collection.

DFS Domain Controller Registry Entries

The following registry entries are located under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dfs on domain controllers. These registry entries are not used on DFS root servers unless the root server is also a domain controller. All entries are REG_DWORD.

DomainNameIntervalInSeconds

Registry path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dfs\Parameters\

Version

Domain controllers running Windows Server 2003.

Specifies how long (in seconds) domain controllers cache domain name referrals. The default value is 43,200 seconds (12 hours). The minimum is 600 seconds (10 minutes). There is no maximum value.

SiteCostedReferrals

Registry path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dfs\Parameters\

Version

Domain controllers running Windows Server 2003.

When set to 0 (the default), SYSVOL and NETLOGON referrals contain domain controllers in the client’s site listed first in random order, followed by a random list of domain controllers. When set to 1, SYSVOL and NETLOGON referrals sort domain controllers in order of lowest cost. Domain controllers in the clients site are at the top of the referral list, followed by domain controllers sorted by lowest cost.

DFS Domain Controller and Root Server Registry Entries

The following registry entries are located under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dfs on root servers and domain controllers. All entries are REG_DWORD.

DfsDnsConfig

Registry path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dfs\

Version

Domain controllers and root servers running Windows Server 2003.

When set to 1, specifies that this server will use fully qualified domain names (FQDN) in referrals. When set to 0 (the default), specifies that this server will use NetBIOS names in referrals.

LdapTimeoutValueInSeconds

Registry path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dfs\Parameters\

Version

Domain controllers and root servers running Windows Server 2003.

Determines the time-out value (in seconds) for DFS LDAP calls. The default value is 30 seconds, the minimum value is 3 seconds, and the maximum value is 300 seconds (5 minutes).

MaxClientsToCache

Registry path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dfs\Parameters\

Version

Domain controllers and root servers running Windows Server 2003.

Specifies the maximum number of entries that can be maintained in the client site cache. When this limit is hit, unused cached entries are dropped. Client site entries are regenerated as needed. The default value is 200,000 entries, and the minimum value is 20,000 entries. There is no maximum value.

QuerySiteCostTimeoutinSeconds

Registry path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dfs\Parameters\

Version

Domain controllers and root servers running Windows Server 2003.

Specifies the time-out period (in seconds) after which DsQuerySitesByCost API calls for site cost information in Active Directory will fail. By default, the time-out period is 30 seconds. The minimum value is 3 seconds, and the maximum value is 300 seconds (5 minutes). If DFS cannot determine a target’s site cost within this time-out period, DFS assumes the maximum possible cost for the target.

RootReferralTimeoutInSeconds

Registry path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dfs\Parameters\

Version

Domain controllers and root servers running Windows Server 2003.

Specifies how long (in seconds) domain controllers and root servers cache domain-based root referrals. The default and minimum value is 900 seconds (15 minutes). There is no maximum value.

SiteSupportIntervalInSeconds

Registry path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dfs\Parameters\

Version

Domain controllers and root servers running Windows 2000 Server and Windows Server 2003.

Specifies how long (in seconds) entries are maintained in the client site cache, target site cache, and site cost cache. The default value is 43,200 seconds (12 hours), and the minimum value is 300 seconds (5 minutes). Due to internal DFS processes, the entries in the client site cache and target site can remain for up to two times the value of this registry entry.

SyncIntervalinSeconds

Registry path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dfs\

Version

Domain controllers and root servers running Windows Server 2003.

Specifies how often domain-based root servers and domain controllers poll the primary domain controller (PDC) emulator master to obtain updated DFS metadata. The minimum value is 900 seconds (15 minutes), and the default value is 3600 seconds (60 minutes).

DFS Client Registry Entries

The following registry entries are available for DFS clients running Windows XP and Windows 2000 Server. All entries are REG_DWORD.

Client Referral Time to Live

Registry path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DfsClientDriver\Paramaters

Version

Client computers running Windows XP and Windows 2000.

Specifies referral Time To Live (TTL) values, overriding those provided by the server.

There are six keys that you can specify to control referral TTL values:

• MinReferralTTLThe minimum TTL for non-domain referrals, in seconds. The default is 300 (five minutes).

• MaxReferralTTLThe maximum TTL for non-domain referrals, in seconds. The default is 10080 (one week).

• MinDomainTTLThe minimum TTL for domain referrals, in seconds. The default is 900 (15 minutes).

• MaxDomainlTTLThe maximum TTL for domain referrals, in seconds. The default is 10080 (one week).

• ReferralTTLMultiplierThe number of failed attempts to validate a non-domain referral before the client will stop testing the referral. The minimum value is 1; the maximum is 100; the default is 4.

• DomainTTLMultiplierThe number of failed attempts to validate a domain referral before the client will stop testing the referral. The minimum value is 1; the maximum is 100; the default is 4.

DfsDcNameDelay

Registry path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\

Version

Client computers running Windows XP and Windows 2000.

Specifies the interval at which DFS clients discover new domains in the local forest and in trusted forests. This discovery process runs against a domain controller from the domain that is hosting the client's computer account. The default value for this entry is 900 seconds (15 minutes).

DisableDFS

Registry path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mup\

Version

Client computers running Windows Server 2003, Windows XP and Windows 2000.

When set to 0 (the default), clients can access DFS namespaces, including the SYSVOL and NETLOGON shared folders on domain controllers. When set to 1, disables DFS processing on the client.

ProviderCacheTimeoutInMinutes

Registry path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mup\

Version

Client computers running Windows Server 2003 or Windows XP.

Specifies the length of time that a multiple UNC provider (MUP) cache entry is held until it is reevaluated. The default and minimum value is 15 minutes, and the maximum value is 720 minutes (12 hours).

DFS Group Policy Settings

The following table lists and describes the Group Policy settings are associated with DFS.

Group Policy Settings Associated with DFS

Group Policy Setting and Path	Description
Computer Configuration\Administrative Templates\Network\Sets how often a DFS Client discovers DC’s	Configures how often a DFS client attempts to discover domain controllers on the network. By default, a DFS client attempts to discover domain controllers every 15 minutes. This value is specified in minutes. If you disable this setting or do not configure it, the default value (15 minutes) is used. The minimum value you can select is 15 minutes. If you specify a value of less than 15 minutes, the default value of 15 minutes is used.
User Configuration\Administrative Templates\Shared Folders\Allow DFS roots to be published	Determines whether the user can publish DFS roots in Active Directory. If you enable this setting or do not configure it, users can use the “Publish in Active Directory” option to publish DFS roots as shared folders in Active Directory. If you disable this setting, the user cannot publish DFS roots in Active Directory, and the “Publish in Active Directory” option is disabled. The default is to allow shared folders to be published when this setting is not configured.

For more information about Group Policy settings, see the Group Policy Settings Reference in the Tools and Settings Collection.

Network Ports Used by DFS

The following table lists the network ports used by DFS.

Network Ports Used by DFS

Service Name	Relevant Computers	UDP	TCP
NetBIOS Name Service	Domain controllers; root servers that are not domain controllers; servers acting as link targets; client computers acting as link targets	137	137
NetBIOS Datagram Service	Domain controllers; root servers that are not domain controllers; servers acting as link targets; client computers acting as link targets	138
NetBIOS Session Service	Domain controllers; root servers that are not domain controllers; servers acting as link targets; client computers acting as link targets		139
LDAP Server	Domain controllers	389	389
Remote Procedure Call (RPC) endpoint mapper	Domain controllers		135
Server Message Block (SMB)	Domain controllers; root servers that are not domain controllers; servers acting as link targets; client computers acting as link targets	445	445

Related Information

The following resources contain additional information that is relevant to this section.

• DNS Support for Active Directory Technical Reference

• Group Policy Settings Reference in the Tools and Settings Collection