ANAVEM
EnglishFrancais
ANAVEM
Reference
Languagefr
How to Configure DFS-R Folder Replication on Windows Server 2025

How to Configure DFS-R Folder Replication on Windows Server 2025

Set up DFS-R to replicate folders between Windows Server 2025 systems with unidirectional and multidirectional configurations, including verification and troubleshooting.

Emanuel DE ALMEIDAEmanuel DE ALMEIDA
3/15/2026 15 min 0
mediumdfs-r 9 steps 15 min

Why Configure DFS-R on Windows Server 2025?

DFS Replication (DFS-R) provides robust, block-level file synchronization between Windows servers, essential for maintaining data consistency across multiple locations. With Windows Server 2025's enhanced DFS-R implementation, you get improved Remote Differential Compression (RDC), better PowerShell automation, and tighter Active Directory integration.

DFS-R excels in scenarios like branch office file servers, disaster recovery setups, and distributed team collaboration. Unlike simple file copying, DFS-R uses intelligent algorithms to replicate only changed file blocks, dramatically reducing bandwidth usage and replication time for large files.

What Are the Key DFS-R Replication Models?

Windows Server 2025 supports two primary replication models. Unidirectional replication follows a hub-and-spoke pattern where one primary server distributes files to multiple read-only replicas—perfect for software distribution or reference data. Multidirectional replication creates a full mesh where all servers can modify files, ideal for collaborative environments but requiring careful conflict management.

The latest 2025 release includes enhanced staging quota management and improved conflict resolution algorithms, making multidirectional setups more reliable than previous versions. PowerShell cmdlets have also been expanded, allowing complete DFS-R management without the GUI.

What Prerequisites Must Be Met for DFS-R?

Success depends on proper Active Directory infrastructure with domain functional level Windows Server 2016 or higher. All participating servers must be domain-joined with identical NTFS permissions on replicated folders. Network connectivity requirements include specific firewall rules for RPC (TCP 135), SMB (TCP/UDP 445), and dynamic RPC ports (49152-65535). Planning folder structures and understanding bandwidth limitations before implementation prevents common deployment issues.

Implementation Guide

Full Procedure

01

Install DFS Replication Role on All Servers

Start by installing the DFS Replication feature on every server that will participate in folder replication. This includes both the primary and secondary servers.

Open PowerShell as Administrator and run the following command on each server:

Install-WindowsFeature -Name FS-DFS-Replication, RSAT-DFS-Mgmt-Con -IncludeManagementTools

This command installs both the DFS Replication service and the management tools. The installation typically takes 2-3 minutes per server.

Pro tip: Use PowerShell remoting to install on multiple servers simultaneously with Invoke-Command -ComputerName SERVER01,SERVER02 -ScriptBlock {Install-WindowsFeature -Name FS-DFS-Replication}

Verify the installation by checking the installed features:

Get-WindowsFeature -Name FS-DFS-Replication

The output should show Install State: Installed. Restart the servers if prompted, though it's typically not required for DFS-R installation.

02

Create and Configure Shared Folders

Create identical folder structures on all participating servers. The folders must have matching paths and permissions for DFS-R to work correctly.

On each server, create the folder structure. For this example, we'll use D:\ReplicatedData:

New-Item -Path "D:\ReplicatedData" -ItemType Directory -Force

Create the SMB share with appropriate permissions:

New-SmbShare -Name "ReplicatedData" -Path "D:\ReplicatedData" -FullAccess "Domain Admins" -ReadAccess "Domain Users"

Set NTFS permissions to match the share permissions:

$acl = Get-Acl "D:\ReplicatedData"
$accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule("Domain Users","ReadAndExecute","ContainerInherit,ObjectInherit","None","Allow")
$acl.SetAccessRule($accessRule)
Set-Acl "D:\ReplicatedData" $acl
Warning: Mismatched NTFS permissions between servers will cause replication failures. Always verify permissions are identical across all servers.

Verify the share creation:

Get-SmbShare -Name "ReplicatedData"

Test access from another server to ensure network connectivity and permissions are working correctly.

03

Create a New Replication Group

Now create the DFS Replication Group that will manage the folder synchronization. We'll start with a unidirectional setup (hub-and-spoke model).

Open DFS Management from Server Manager: Tools > DFS Management. Alternatively, launch it directly:

dfsmgmt.msc

In the DFS Management console:

  1. Right-click Replication in the left pane
  2. Select New Replication Group
  3. Choose Replication group for data collection for unidirectional replication
  4. Enter a descriptive name like "DataReplication-Primary"
  5. Add a description: "Primary data replication from SERVER01 to branch servers"

For PowerShell automation, create the replication group with this command:

New-DfsReplicationGroup -GroupName "DataReplication-Primary" -DomainName "yourdomain.com" -Description "Primary data replication group"
Pro tip: Use descriptive naming conventions that include the replication direction and purpose. This helps with management when you have multiple replication groups.

Verify the replication group creation:

Get-DfsReplicationGroup -GroupName "DataReplication-Primary"

The command should return the group details including the domain name and description you specified.

04

Configure Primary and Secondary Members

Add servers to the replication group and designate the primary member (source) and secondary members (destinations).

In the DFS Management wizard, continue with member configuration:

  1. Select the primary member (source server, e.g., SERVER01)
  2. Browse and select the folder to replicate: D:\ReplicatedData
  3. Click Add to include secondary members (destination servers)
  4. For each secondary member, specify the local path: D:\ReplicatedData

Using PowerShell, add members to the replication group:

# Add primary member
Add-DfsrMember -GroupName "DataReplication-Primary" -ComputerName "SERVER01"

# Add secondary members
Add-DfsrMember -GroupName "DataReplication-Primary" -ComputerName "SERVER02", "SERVER03"

Configure the replicated folder and set the primary member:

# Set primary member with read/write access
Set-DfsrMembership -GroupName "DataReplication-Primary" -FolderName "ReplicatedData" -ContentPath "D:\ReplicatedData" -ComputerName "SERVER01" -PrimaryMember $true

# Set secondary members with read-only replication
Set-DfsrMembership -GroupName "DataReplication-Primary" -FolderName "ReplicatedData" -ContentPath "D:\ReplicatedData" -ComputerName "SERVER02"
Set-DfsrMembership -GroupName "DataReplication-Primary" -FolderName "ReplicatedData" -ContentPath "D:\ReplicatedData" -ComputerName "SERVER03"
Warning: Only one server should be designated as the primary member in a unidirectional setup. Multiple primary members will cause conflicts and data corruption.

Verify member configuration:

Get-DfsrMembership -GroupName "DataReplication-Primary"

Check that the primary member shows PrimaryMember: True and secondary members show PrimaryMember: False.

05

Configure Replication Schedule and Bandwidth

Set up the replication schedule and bandwidth throttling to control when and how fast data replicates between servers.

In the DFS Management wizard, configure the schedule:

  1. Choose Replicate continuously using specified bandwidth for real-time sync
  2. Set bandwidth limit (e.g., 1024 KB/s) or select Full bandwidth for LAN environments
  3. Alternatively, choose Replicate during specified days and times for scheduled replication

For PowerShell configuration, set up a custom schedule:

# Create a schedule for business hours only (8 AM to 6 PM, Monday-Friday)
$schedule = New-Object System.Collections.Hashtable
$schedule.Add("Monday", "08:00-18:00")
$schedule.Add("Tuesday", "08:00-18:00")
$schedule.Add("Wednesday", "08:00-18:00")
$schedule.Add("Thursday", "08:00-18:00")
$schedule.Add("Friday", "08:00-18:00")

# Apply bandwidth throttling (512 KB/s)
Set-DfsrConnectionSchedule -GroupName "DataReplication-Primary" -SourceComputerName "SERVER01" -DestinationComputerName "SERVER02" -ScheduleType UseSchedule -BandwidthDetail @{"08:00-18:00" = 512}

For continuous replication with full bandwidth (recommended for LAN environments):

Set-DfsrConnection -GroupName "DataReplication-Primary" -SourceComputerName "SERVER01" -DestinationComputerName "SERVER02" -DisableConnection $false
Pro tip: For WAN links, limit bandwidth to 70% of available capacity during business hours to prevent network saturation. Use full bandwidth during off-hours for faster catch-up.

Verify the schedule configuration:

Get-DfsrConnection -GroupName "DataReplication-Primary"

The output should show the connection state and any bandwidth limitations you've configured.

06

Configure Staging Quota and RDC Settings

Optimize replication performance by configuring staging quotas and Remote Differential Compression (RDC) settings.

Set staging quota (temporary storage for files being replicated). The default is 4% of the replicated folder size, but you may need to increase this for large files:

# Set staging quota to 10 GB (10240 MB)
Set-DfsrMembership -GroupName "DataReplication-Primary" -FolderName "ReplicatedData" -ComputerName "SERVER01" -StagingPathQuotaInMB 10240
Set-DfsrMembership -GroupName "DataReplication-Primary" -FolderName "ReplicatedData" -ComputerName "SERVER02" -StagingPathQuotaInMB 10240

Enable Remote Differential Compression for efficient bandwidth usage:

# Install RDC feature if not already installed
Install-WindowsFeature -Name RDC

# Enable RDC for the replication group
Set-DfsrMembership -GroupName "DataReplication-Primary" -FolderName "ReplicatedData" -ComputerName "SERVER01" -EnableRdc $true
Set-DfsrMembership -GroupName "DataReplication-Primary" -FolderName "ReplicatedData" -ComputerName "SERVER02" -EnableRdc $true

Configure conflict and deleted file retention:

# Set conflict folder quota to 2 GB and retention to 30 days
Set-DfsrMembership -GroupName "DataReplication-Primary" -FolderName "ReplicatedData" -ComputerName "SERVER01" -ConflictAndDeletedQuotaInMB 2048
Set-DfsrMembership -GroupName "DataReplication-Primary" -FolderName "ReplicatedData" -ComputerName "SERVER02" -ConflictAndDeletedQuotaInMB 2048
Pro tip: For folders with large files (>100MB), increase staging quota to 20-30% of the largest file size to prevent staging quota exceeded errors.

Verify the configuration:

Get-DfsrMembership -GroupName "DataReplication-Primary" | Select-Object ComputerName, StagingPathQuotaInMB, ConflictAndDeletedQuotaInMB

Check that RDC is enabled:

Get-WindowsFeature -Name RDC
07

Start Initial Synchronization

Complete the replication group setup and initiate the first synchronization between servers.

In the DFS Management wizard, review all settings and click Create to finalize the replication group. The wizard will:

  1. Create the replication group
  2. Add all specified members
  3. Configure the replicated folders
  4. Start initial synchronization

For PowerShell, force an immediate synchronization:

# Start replication service on all members
Restart-Service -Name DFSR -ComputerName "SERVER01", "SERVER02", "SERVER03"

# Force immediate synchronization
Sync-DfsReplicationGroup -GroupName "DataReplication-Primary" -SourceComputerName "SERVER01" -DestinationComputerName "SERVER02"

Monitor the initial sync progress. Create a test file on the primary server:

# Create test files on primary server
New-Item -Path "D:\ReplicatedData\test-file-$(Get-Date -Format 'yyyyMMdd-HHmmss').txt" -ItemType File -Value "DFS-R Test File Created: $(Get-Date)"
Warning: Initial synchronization can take several hours for large datasets. Don't interrupt the process or modify files during initial sync to prevent corruption.

Check replication status:

# Check for any backlog
Get-DfsrBacklog -SourceComputerName "SERVER01" -DestinationComputerName "SERVER02" -FolderName "ReplicatedData" -Verbose

Monitor Event Viewer for DFS Replication events:

Get-WinEvent -LogName "DFS Replication" -MaxEvents 10 | Format-Table TimeCreated, Id, LevelDisplayName, Message -Wrap

A successful initial sync will show Event ID 4104 (Initial sync completed) in the DFS Replication log.

08

Configure Multidirectional Replication (Optional)

Set up multidirectional (full mesh) replication where all servers can modify files and changes replicate to all other members.

Warning: Multidirectional replication increases complexity and the risk of conflicts. Only use when multiple servers need write access to the same data.

Create a new replication group for multidirectional setup:

# Create multidirectional replication group
New-DfsReplicationGroup -GroupName "Multi-DataReplication" -DomainName "yourdomain.com" -Description "Multidirectional data replication"

# Add all members
Add-DfsrMember -GroupName "Multi-DataReplication" -ComputerName "SERVER01", "SERVER02", "SERVER03"

Configure each member with read/write access (no primary member designation):

# Configure first member
Set-DfsrMembership -GroupName "Multi-DataReplication" -FolderName "SharedData" -ContentPath "D:\SharedData" -ComputerName "SERVER01" -ReadOnly $false

# Configure second member
Set-DfsrMembership -GroupName "Multi-DataReplication" -FolderName "SharedData" -ContentPath "D:\SharedData" -ComputerName "SERVER02" -ReadOnly $false

# Configure third member
Set-DfsrMembership -GroupName "Multi-DataReplication" -FolderName "SharedData" -ContentPath "D:\SharedData" -ComputerName "SERVER03" -ReadOnly $false

Create full mesh connections between all members:

# Create connections between all server pairs
Add-DfsrConnection -GroupName "Multi-DataReplication" -SourceComputerName "SERVER01" -DestinationComputerName "SERVER02"
Add-DfsrConnection -GroupName "Multi-DataReplication" -SourceComputerName "SERVER01" -DestinationComputerName "SERVER03"
Add-DfsrConnection -GroupName "Multi-DataReplication" -SourceComputerName "SERVER02" -DestinationComputerName "SERVER03"
Pro tip: In multidirectional setups, implement file locking mechanisms or user training to minimize simultaneous edits of the same files across different servers.

Verify the multidirectional configuration:

Get-DfsrMembership -GroupName "Multi-DataReplication" | Select-Object ComputerName, ReadOnly, PrimaryMember

All members should show ReadOnly: False and PrimaryMember: False for true multidirectional replication.

09

Verify and Test Replication

Perform comprehensive testing to ensure DFS-R is working correctly and troubleshoot any issues.

Test file creation and replication:

# Create test files on primary server
$testFile = "D:\ReplicatedData\replication-test-$(Get-Date -Format 'yyyyMMdd-HHmmss').txt"
Set-Content -Path $testFile -Value "Test file created on SERVER01 at $(Get-Date)"

# Wait 30 seconds then check if file appears on secondary servers
Start-Sleep -Seconds 30
Invoke-Command -ComputerName "SERVER02" -ScriptBlock { Get-ChildItem "D:\ReplicatedData\replication-test*.txt" | Select-Object Name, LastWriteTime }

Check replication health and backlog:

# Check replication health
Get-DfsrState -ComputerName "SERVER01", "SERVER02" | Format-Table ComputerName, State, LastError

# Check for any pending files in backlog
Get-DfsrBacklog -SourceComputerName "SERVER01" -DestinationComputerName "SERVER02" -FolderName "ReplicatedData"

Monitor replication performance:

# Get replication statistics
Get-DfsrFileHash -Path "D:\ReplicatedData" -ComputerName "SERVER01", "SERVER02" | Compare-Object -Property Hash -IncludeEqual

Test conflict resolution (for multidirectional setups):

# Create same filename on two servers simultaneously
Invoke-Command -ComputerName "SERVER01" -ScriptBlock { Set-Content "D:\SharedData\conflict-test.txt" "Content from SERVER01" }
Invoke-Command -ComputerName "SERVER02" -ScriptBlock { Set-Content "D:\SharedData\conflict-test.txt" "Content from SERVER02" }

# Check conflict resolution after 60 seconds
Start-Sleep -Seconds 60
Get-ChildItem "D:\SharedData\*conflict*" -Recurse
Pro tip: Use Get-DfsrBacklog regularly to monitor replication health. A consistently growing backlog indicates performance issues or connectivity problems.

Verify Event Logs for successful replication:

# Check for successful replication events
Get-WinEvent -FilterHashtable @{LogName='DFS Replication'; ID=4104,4614} -MaxEvents 5 | Format-Table TimeCreated, Id, Message

Event ID 4104 indicates successful initial synchronization, while 4614 shows successful file replication. Any error events (Warning or Error level) should be investigated immediately.

Frequently Asked Questions

What is the difference between DFS-R unidirectional and multidirectional replication?+
Unidirectional replication follows a hub-and-spoke model where one primary server distributes files to multiple read-only replicas, ideal for software distribution or reference data. Multidirectional replication creates a full mesh where all servers can modify files and changes replicate to all members, suitable for collaborative environments but requiring careful conflict management and higher bandwidth.
How do I troubleshoot DFS-R staging quota exceeded errors?+
Staging quota exceeded errors occur when the temporary storage for files being replicated is insufficient. Increase the staging quota using Set-DfsrMembership -StagingPathQuotaInMB to 20-30% of your largest file size. Monitor staging usage with Get-DfsrMembership and consider enabling Remote Differential Compression (RDC) to reduce staging requirements for large files.
What firewall ports need to be open for DFS-R to work properly?+
DFS-R requires TCP port 135 for RPC endpoint mapper, TCP/UDP port 445 for SMB file sharing, and dynamic RPC ports 49152-65535 for the actual replication traffic. Enable the 'File and Printer Sharing' Windows Firewall rule or create custom rules for these ports. For WAN environments, consider configuring static RPC ports to simplify firewall management.
How can I monitor DFS-R replication health and performance?+
Use Get-DfsrBacklog to check pending files between servers, Get-DfsrState to verify replication health, and monitor Event Viewer's DFS Replication log for events 4104 (initial sync complete) and 4614 (successful file replication). Set up automated monitoring with PowerShell scripts that alert when backlog exceeds thresholds or error events occur.
What are the best practices for DFS-R folder permissions and security?+
Ensure identical NTFS and share permissions across all replicated servers to prevent replication failures. Use domain security groups rather than local accounts for permission management. Avoid replicating system folders, databases, or files with exclusive locks. Implement proper backup strategies since DFS-R is not a backup solution—it replicates deletions and corruption along with valid changes.
Emanuel DE ALMEIDA
Written by

Emanuel DE ALMEIDA

Microsoft MCSA-certified Cloud Architect | Fortinet-focused. I modernize cloud, hybrid & on-prem infrastructure for reliability, security, performance and cost control - sharing field-tested ops & troubleshooting.

Tags
#dfs-r#windows-server#file-replication

Further Intelligence

Deepen your knowledge with related resources

How to Delegate Exchange Distribution List Management to End Users
tutorial
Networking

How to Delegate Exchange Distribution List Management to End Users

Deep Dive
How to Grant User Access to Another Mailbox in Microsoft 365 Admin Center
tutorial
Cloud Computing

How to Grant User Access to Another Mailbox in Microsoft 365 Admin Center

Deep Dive
How to Create a Hyper-V Cluster in Active Directory Domain with Windows Server 2025
tutorial
Networking

How to Create a Hyper-V Cluster in Active Directory Domain with Windows Server 2025

Deep Dive

Discussion

Share your thoughts and insights

You must be logged in to comment.

Log in
Loading comments...