Make a Replicated Folder Read-Only on a Particular Member
Updated: October 16, 2013
Applies To: Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2
A read-only replicated folder is a replicated folder on a particular member in which users cannot add or change files. This is convenient for read-only folders that you want to keep up-to-date with a central server (or servers). For example, software installation folders, or folders that contain published reports or documents. Read-only replicated folders are also used by read-only domain controllers (RODCs) to keep the SYSVOL shared folder updated while preventing local changes.
Read-only replicated folders can be updated only with content from a read-write member of the replication group. All other attempts to write to the folder will fail. This includes performing an authoritative restore operation using a backup program.
When you make a replicated folder read-only, DFS Replication overwrites any content on the read-only member that has not yet replicated back to a read-write member. For this reason, it is a good idea to backup the folder, create a diagnostic report of replication and check the replication backlog before you make a replicated folder that contains existing content read-only.
Making a replicated folder read-only or writeable
Using the Windows interface
Using a command line
To create make a replicated folder read-only or writeable by using Windows PowerShell, use the Set-DfsrMembership cmdlet. The DFSR Windows PowerShell module was introduced in Windows Server 2012 R2.
To make a replicated folder read-only or writeable by using the Windows interface
- Open DFS Management and then select the appropriate replication group in the console tree.
To use read-only replicated folders, the schema must include the Windows Server 2008 or newer schema additions. To view or manage replication groups that contain read-only replicated folders or members that are failover clusters, you must use the version of DFS Management that is included with Windows Server 2012 R2, Windows Server 2012, or Windows Server 2008 R2.
- On the Memberships tab, right-click the appropriate replicated folder and member and then click Make read-only , or Make read-write .
To make a replicated folder read-only or writeable by using a command line
Open a command prompt window and then type the following command (to make a read-only folder writeable again, replace
Dfsradmin membership set /RGName:<replication_group> /RFName:<replicated_folder> /MemName:<DOMAIN\Server>/RO:true
Read-only replicated folders can impact the performance of a file server when an existing folder is set to read-only, or if the replicated folder is stored on the same volume as the Windows operating system.
Changing the read-only or read-write status for a replicated folder causes DFS Replication to perform an initial replication and rebuild the DFS Replication database for the folder. On replicated folders that contain a large number of files, this can slow replication and consume system resources until the operation is complete.
Storing a read-only replicated folder on the same volume as the Windows installation will result in decreased performance for that volume. The performance decrease occurs primarily when loading the first mini-filter driver. If there are other mini-filter drivers installed, such as an antivirus program or backup program, the additional performance decrease of using a read-only replicated folder is small.
The DFS Replication mini-filter driver intercepts all create and open (IRP_MJ_CREATE) operations for the volume on which the read-only replicated folder is located, and then inspects the destination to see if it is located in a read-only replicated folder. If the destination is in a read-only replicated folder, the driver fails the request to ensure that the folder remains read-only. Inspecting each create and open operation on a volume can impact performance if the read-only replicated folder is located on the system volume or any other volume for which there are frequent create or open requests to many different files.