Network and Storage Protocols

Best Practices for CIFS homedir and group directory layouts?

wovensystemsit
8,734 Views

I have a new FAS2050 filer and am in process of planning a migration of my employee base Windows based data from a Windows 2003 file server.

What I want to do is create a file structure that allows for a secure private home directory for each user with and Active Directory account which get automatically mapped at login, the same way it does for them presently. 

Currently Home Folder path on the Profile tab in Active Directory Users and Computers, maps to \\WindowsServer\Users\username.  This layout created a file structure where all users home directories are underneath that top level \Users folder andd required manually modifying the perrmissions on each user's home directory folder in order to lock it down.

What I would prefer is to have a home directory layout where each user home directory can be created under that top level folder where the permissions are automatically applied at the time the folder gets created via the Active Directory Profile tab.  The only two people who should have full permissions on the user's home directory are the folder's owner, and the Domain Admins.

Can anyone point me at any Best Practices to make suggestions on the best way to lay out my directory structure?

Thanks!

2 REPLIES 2

amiller_1
8,734 Views

So....not sure how helpful...but this doc does mention some items to minimize cluster failover time when doing CIFS home directories.....

http://media.netapp.com/documents/tr-3367.pdf

and then points off to the docs....

http://now.netapp.com/NOW/knowledge/docs/ontap/rel7261/html/ontap/filesag/accessing/task/t_oc_accs_managing_home_directories.html

or 7.3.1 if you're running that....

http://now.netapp.com/NOW/knowledge/docs/ontap/rel731/html/ontap/filesag/accessing/task/t_oc_accs_managing_home_directories.html

The documentation is pretty thorough on this actually.

chriskranz
8,734 Views

Doing CIFS home directories on the filer is really great, and the filer really helps you with this, even down to setting quota's if you wish.

You basically define the style you want your users to get mapped to (generally I use "ntname") and the filer will translate a generic path for every single user. So all you need to do is map your users to "\\filername\~" and this gets translated to their own personal home directory.

The home directory doesn't need to all be in the same volume either, so you can tier users separately, or departmentalise their volumes if you wish.

The only thing it doesn't do (please correct me if it now does), is create these folders for you. Usually when you setup a home directory from within AD it will create it for you, but as the filer is here creating a top level share for you, AD wouldn't understand that. A work around is to set an admin share above the users home directories (so if your users home directories were in /vol/home_dirs/users/, you would create a share off /vol/home_dirs), then when creating a new user, enter their home directory as this path. Windows has access, so will create the folder, then go back and change it to "\\filer\~".

There may be a better way, but I haven't setup home directories in awhile now, so sorry if this is a bit misleading.

The docs Andrew pointed out are a great resource though. Read up on "cifs homdir" and it'll give you some good options. Also look into using Qtree's. Even if you don't want hard quota's, putting in soft quota's are a great way to get visibility of what storage people are using.

Public