Share via

Delegate Management Permissions for DFS Namespaces

  • Article

Applies To: Windows Server 2008

The following table describes the groups that can perform basic namespace tasks by default, and the method for delegating the ability to perform these tasks.

Task Groups that Can Perform this Task by Default Delegation Method

Create a domain-based namespace

Domain Admins group in the domain where the namespace is configured

Right-click the Namespaces node in the console tree, and then click Delegate Management Permissions. You must also add the user to the local Administrators group on the namespace server.

Add a namespace server to a domain-based namespace

Domain Admins group in the domain where the namespace is configured

Right-click the domain-based namespace in the console tree, and then click Delegate Management Permissions. You must also add the user to the local Administrators group on the namespace server to be added.

Manage a domain-based namespace

Local Administrators group on each namespace server

Right-click the domain-based namespace in the console tree, and then click Delegate Management Permissions.

Create a stand-alone namespace

Local Administrators group on the namespace server

Add the user to the local Administrators group on the namespace server.

Manage a stand-alone namespace*

Local Administrators group on the namespace server

Right-click the stand-alone namespace in the console tree, and then click Delegate Management Permissions.

Create a replication group or enable DFS Replication on a folder

Domain Admins group in the domain where the namespace is configured

Right-click the Replication node in the console tree, and then click Delegate Management Permissions.

* Delegating management permissions to manage a stand-alone namespace does not grant the user the ability to view and manage security by using the Delegation tab unless the user is a member of the local Administrators group on the namespace server. This issue occurs because the DFS Management snap-in cannot retrieve the discretionary access control lists (DACLs) for the stand-alone namespace from the registry. To enable the snap-in to display delegation information, you must follow the steps in article 314837 in the Microsoft Knowledge Base (https://go.microsoft.com/fwlink?linkid=46803).