DFS Fix – Adding a Folder Target Fails with “Access Denied”

At first this may look like it’s a delegation thing. However quickly checking DFS delegation shows “Domain Admins” is already there. Let’s confirm that.

Ok that’s not the issue, let’s move on.

What you need to do to fix this is verify all your servers in the “namespace servers” tab have proper permission.

Each server in here needs proper permissions to the AD objects, by default they do. However these can get broken. So let’s verify that in AD.

Go to your Domain Controller and enable Advanced Features

Scroll down to DFS-Configuration, click on your namespace folder (not under it) My Namespace was called “Cfiles”.

Right click to properties.

If you see any “missing” accounts like below, then this is your issue.

Remove that offending account. That was probably one if your namespace servers, now go into DFSN and delete it from the namespace servers. It will ask you to forcefully remove it. Go ahead.

Now re-add your namespace server. You should not have any more issues adding a DFS target now.