RTRR file permissions not preserved

Questions about using Windows AD service.
Post Reply
joddug
First post
Posts: 1
Joined: Fri Sep 22, 2017 3:44 am

RTRR file permissions not preserved

Post by joddug » Sat Sep 23, 2017 1:29 am

I want to enable multiple domain controllers in a fully redundant fashion on my network such that if one has a major failure, the other will take over seamlessly. I have a pair of TVS-471's (running 4.3.3.0154) with one configured as a domain controller using logon scripts etc.

I attempted to configure the other TVS-471 as an additional domain controller and duplicated all netlogon scripts (correcting for the new server path) etc. to the correct folders. I also created an RTRR sync to the domain users folders on the additional domain controller so that all files were identical on both servers.

I have enabled enhanced folder permissions on the server and Replicate ACL and extended attributes in RTRR.


The two primary issues I run into are as follows:


1. RTRR does not appear to preserve the file and folder level permissions from the primary DC to the additional DC.
2. When users login, the scripts do not process correctly or at all when authenticated by the additional DC.

Has anyone had success in creating a server cluster of sorts with a pair of TVS units? I'm trying to create as close to a seamless failover environment as possible and would appreciate any guidance available. The qnap guide falls short and I cant seem to locate this information in the discussion boards.


Thank You,

User avatar
storageman
Experience counts
Posts: 4796
Joined: Thu Sep 22, 2011 10:57 pm

Re: RTRR file permissions not preserved

Post by storageman » Mon Sep 25, 2017 4:08 pm

So with 1, you have "Replicate ACL and extended attributes" on.
2.Does the client PC secondary DNS setting point to a domain DNS server?

I don't believe you can elevate the additional domain controller if you lose the primary domain controller.
Qnap's additional domain controller is purely to improve authentication speed/reliability rather than allow for a failover scenario.

Also read this
https://helpdesk.qnap.com/index.php?/Kn ... -nas-units


I agree the documentation and purpose is vague.

Post Reply

Return to “Windows Domain & Active Directory”