Microsoft KB Archive/920728

= How to automatically assign administrative rights for all DFS replication groups in a domain on a computer that is running Windows Server 2003 R2 or Windows Vista =

Article ID: 920728

Article Last Modified on 11/28/2006

-

APPLIES TO


 * Microsoft Windows Server 2003 R2 Standard Edition (32-bit x86)
 * Microsoft Windows Server 2003 R2 Enterprise Edition (32-Bit x86)
 * Microsoft Windows Server 2003 R2 Datacenter Edition (32-Bit x86)
 * Microsoft Windows Server 2003 R2 Standard x64 Edition
 * Microsoft Windows Server 2003 R2 Enterprise x64 Edition
 * Microsoft Windows Server 2003 R2 Datacenter x64 Edition
 * Windows Vista Beta 2
 * Windows Vista Ultimate
 * Windows Vista Business
 * Windows Vista Enterprise

-



INTRODUCTION
This article describes how to automatically assign administrative rights for all Distributed File System (DFS) replication groups in a domain on a computer that is running Microsoft Windows Server 2003 R2 or Windows Vista.



MORE INFORMATION
Currently, for every replication group that is created, a domain administrator or a user account that has the appropriate rights may assign administrative rights for the replication group.

The replication group configuration layout in the Active Directory directory service includes the DFSR-GlobalSettings object and the DFSR-LocalSettings object. The DFSR-GlobalSettings object contains the definition of the replication group, the topology of the replication group, and the replicated folders. The DFSR-GlobalSettings object is located under the System object. The DFSR-LocalSettings object describes the membership of a computer in a specific replicated folder. The DFSR-LocalSettings object is located under the computer object of the computer that is involved in the replication.

To grant a user administrative rights for a replication group, follow these steps:
 * 1) Grant the user full access to the replication group object and to the child objects of the replication group object.
 * 2) Grant the user full access to the DFS replication objects under each computer object for all computers that are members of the replication group.

DFS replication can replicate data from one computer to another computer. A user who can configure DFS replication on a specific computer is typically the local administrator of that computer. To automatically assign administrative rights for DFS replication groups, a user must be the local administrator for all the member computers in the replication group.

To automatically assign administrative rights for all DFS replication groups in a domain, follow these steps:
 * 1) Add an access control entry on the DFSR-GlobalSettings object for each user or for each group that is an administrator of the replication group. (An access control entry is a permission entry in a discretionary access control list.) This step gives the user full access to all replication group-related objects, but does not let the user create replication groups.

Note The access control entry must give full access to the user and must apply only to child objects.
 * 1) Make each user the local administrator of each computer that is a member of a replication group.

Keywords: kbhowto KB920728

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.