NFS: Services for Network File System should use an RFC 2307-based identity mapping solution

Published: April 27, 2010

Updated: February 2, 2011

Applies To: Windows Server 2008 R2

This topic is intended to address a specific issue identified by a Best Practices Analyzer scan. You should apply the information in this topic only to computers that have had the File Services Best Practices Analyzer run against them and are experiencing the issue addressed by this topic. For more information about best practices and scans, see Best Practices Analyzer.

Operating System

Windows Server 2008 R2


File Services






Services for Network File System is configured to use the User Name Mapping Service.


The compatibility of Services for Network File System is limited because it performs identity mapping by using a deprecated, proprietary technology instead of by using an identity mapping solution based on the RFC 2307 industry standard.


Implement an RFC 2307-based identity mapping solution such as Active Directory Domain Services (AD DS), Active Directory Lightweight Domain Services (AD LDS), or other compliant Lightweight Directory Access Protocol (LDAP) stores.

Membership in the local Administrators group, or equivalent, on the server that you plan to configure, is the minimum required to complete this procedure.

To configure Server for NFS to use an RFC 2307-based identity mapping source

  1. Open an elevated Command Prompt window. (Click Start, point to All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator.)

  2. Type nfsadmin mapping to display and configure identity mapping settings.

  3. To configure identity mapping settings for an LDAP server, type nfsadmin mapping config adlookup=yes addomain=domainname.

Additional references

Specify How Server for NFS Obtains Windows User and Group Information (