Set up Services for Network File System in Windows Server 2008

Set up Services for Network File System in Windows Server 2008

The Microsoft Services for NFS continues to be the part of the operating system in Windows Server 2008 and seems we will see more improvements when Windows Server 2008 R2 is released.

In Windows Server 2008, a major change from the Windows Server 2003 R2 is the elimination of User Name Mapping service. Although, you can still use an existing UNM server to fetch the UNIX Identity information on a Windows Server 2008 system, it doesn’t provide an option to install it on W2K8 system.

The other and newer option to use is Active Directory Lookup that debuted with Windows Server 2003 R2 and is yet to get accepted widely.

Using this feature, you can configure the Server for NFS and Client for NFS to directly fetch the UNIX identity information from Active Directory. This feature simplifies the identity management because now you just have to populate the information in just your Active Directory backend and it can be used to identify the UNIX users accessing the Windows NFS shares.

There are some glitches with this feature that I’ll talk about in a post of its own. For now, let’s move on to find out how we can enable the NFS services on a Windows Server 2008 box.

You can install Services for Network File System using the Add Roles Wizard from the Server Manager. To install Services for Network File System feature, the File Server role must be installed if it has already not been done. If the File Server role has not been added already, you can add this role and the Services for Network File System feature in a single go.

To get started, start Server Manager and click on the Add Roles link to start the Add Roles wizard. After you have followed the screens below, the necessary components and services will be added to your system –

From now on, you can manage most of the server and client configuration option from the Services for Network File System MMC snap-in –

To configure how it should fetch the UNIX identity information, right click on the top most node in the left pane in this MMC snap-in and click on Properties. You will be presented with the following dialog box and you can make your choices to use Active Directory Lookup by providing your Active Directory domain name and/or the server name of the system running User Name Mapping service –

Note: Active Directory Lookup feature is RFC2307 compliant and will work only when you have populated the RFC2307 attributes for the user and group objects in Active Directory. The attributes uidNumber and gidNumber contain the unique UID and GID information for users and groups.

The sharing of the folders over NFS remains more or less same as seen in the following screen shots –


UNIX side activities after you have installed the Services for Network File System and have exported some folders over NFS are same as documented here –

Comments (10)

  1. harti says:

    Seems like the ability to add additional mappings has really gone. This makes using the NFS in large AD environments actually tricky. In the past we could provide different mappings between the Unix-root user and AD accounts on different servers so that each top-level OU in the AD has its own root account. If all the mappings now come from AD this is not possible anymore. Or do I miss something?

  2. sfu says:

    I believe this should work by manually assigning the UID=0 and GID=0 to all such accounts.

    – Ashish

  3. Lou says:

    Can a Windows2008 share be made available to both a NFS (linux) client and a WXP/Windows7 CIFS client?

  4. sfu says:

    Pretty much.

    You might want to enable KeepInheritance setting to make permissions compatible with both – NFS and CIFS – client at the same time.

  5. SDOG says:


    Our AD is running in mixed mode with 2003 and 2008 domain controllers.  I have a 2003 File server that uses the user mapping service for NFS and it works great.   Unfortunately I need to migrate the file server to a  Windows Server 2008 R2 file server.

    Ive installed all the services needed for  Services for NFS but it seems like unix accounts are mapping to windows AD user accounts beause i keep getting permission denied (on the unix box) on specific folders AFTER i successfully mount the share.

    Is Active Directory required to be running on Windows 2008 natively for Services for NFS to work?

  6. sfu says:

    @SDOG – yes, you will need AD to map the accounts if you are not going to keep the UNM/W2K3 server for long. You can use it till it's there.

    What is the AD schema version? Is it W2K3? or W2K3 R2 or later?

  7. @ Ashish says:

    Thats the problem.  Im not keeping the windows 2003 file server.  I need to migrate it to a 2008 R2 box ASAP.

    Using dsquery I can see that AD is at 2008 R2 (object version 47) however were still using Windows 2003 R2 Domain controllers.

  8. sfu says:

    In that case, you can use the script documented in…/getting-ad-lookup-to-work-without-unix-attributes-tab.aspx to populate the information in AD and ge things going. It only requires the uidNumber/gidNumber attributes to be populated to work.

  9. Pete says:

    I have a both Windows 2008 R2 server and a Windows 7 Ultimate  machines.  I installed the Utilities and SDK Subsystem for Unix Based Applications on the Windows 7 box, however only NFS client gets installed.  I compared nfs* files in both WindowsSystem32 directories (2008 Server & Windows 7), and saw both were identical, however the Windows 7 box was missing several NFS service dlls & exes.  Is there anyway to implement NFS Server in Windows 7?

  10. sfu says:

    @Pete – unfortunately, no.