DFS Namespace Setup Issue

Question

I am in the process of setting up a new DFS Namespace in our environment. This environment is a completely new. All servers are Server 2019 Datacenter. When setting up a Domain-based Namespace I get the following error:

\domain\Public: The namespace cannot be queried. Access is denied

After reading a multitude of articles on the subject, I am no closer to getting this working than when I first started.

One of the issues that I believe is causing this issue is that the user account being used is not a Domain Admin. Unfortunately, due to corporate policy, only very specific accounts can be a Domain Admin. After reading a lot of information, I found that I could delegate access to a group. This delegation is set in AD for System > Dfs-Configuration. I gave this group full permissions. I still get Access Denied. I then did the same to System > DFSR-GlobalSettings. Still no luck.

What permission might I be missing that would be causing this error?

Answer 1

Hi,

To create a domain-based namespace,need to be a member of the Domain Admins group in the domain where the namespace is configured.

Or if you want to delegate permission to users or groups, you can refer to the following steps:
Right-click the Namespaces node in the console tree
Then click Delegate Management Permissions.
Or use the Set-DfsnRoot GrantAdminAccounts and Set-DfsnRoot RevokeAdminAccounts. Windows PowerShell cmdlets (introduced in Windows Server 2012). For your reference:https://learn.microsoft.com/en-us/powershell/module/dfsn/set-dfsnroot?view=win10-ps
Last,you must also add the user to the local Administrators group on the namespace server.

If you also want to delegate other permission to manage the DFS, you can refer to the following link:https://learn.microsoft.com/en-us/windows-server/storage/dfs-namespaces/delegate-management-permissions-for-dfs-namespaces

Best Regards,

Answer 2

I have delegated permissions to a group that I am apart of.

I also have admin privileges on the server. Although, it is under a different group.

Answer 3

Hi，
So now i see you have delegated Management Permissions through Namespaces node in the console tree .
Also make sure that the account was in the the local Administrators group on the namespace server as following:

Answer 4

I am part of the local admins

Answer 5

Hi,
I would want to make sure that the local administrator group of which server the user has been added to.The DFS management server or the Namespace.

Here is the steps what i did:
1,On the DFS Management server, right click the Namespace and select the Delegate Management Permission.
2,I added the u30 to the local administrators group on server 1 as following:

3,I logon to the DFS management server and create the namespace 730 ,set the Namespace server as server 1, then the action was successful.

4,With the same steps 1,2,if i create a new Namespace and set the other server dc1 as the Namespace server, it would failed ,since u30 was not a local administrator on dc1 as following: