Putting login scripts on a none DC in AD environment.

Posted on 2005-04-06
Last Modified: 2012-05-05
Good day everyone.  I have a question about implementing login scripts on 2003 server in AD environment to map shared drives when the user logs in.  The problem that I am having is, the company that I am working for has a DC at each site, but only our central office has the control of the DC's and they won't give anyone else access because we just migrated recently to AD and they want to make sure that nothing goes wrong at this point in time.  Now I am switching our Novell file server to 2003 server, and I wanted to create login scripts for the shares to be mapped automatically as the users log in, but since I don't have access to the DC I can’t do this using GPO’s or VBScripts.  So since I don't have access to the DC and to get the headquarters to do any of this for me is pretty much impossible, I was wondering if it's possible to create a basic batch file login script, create a share on this new file server that's not a DC/BDC just a basic 2003 files server, and store these scripts in the share.  Then in AD under user properties, profile tab point the profile path to the share that the login scripts are located on \\servername\share, and under the logon script tab put the login script name xxxx.bat.

I created a basic batch file and I placed it in the startup folder of my machine just to make sure that the script is ok and everything was fine, the shares were mapped with no problems, and I even put a basic net send command just to make sure that I see the .bat file execute.  When I did all this under my users properties profile tab in AD and tried to log in nothing happened, but I was getting an popup when login out about "not being able to copy roaming profile"  So is it even possible to store the login scripts on a none DC server?  And then point to them by using the Profile tab under user properties? And if not, any other options that I might have?

I know the easiest thing to do, would be store the scripts on DC and use VBScripts or GPO’s, but like I said that's not an option in this strange case of mine, take way to long to coordinate any of this with head office IT staff.  

Help would be appreciated,

Question by:bbarac
    LVL 12

    Accepted Solution

    By setting a network share path on the AD user properties, you are activating roaming profiles.  The path will be used to store all the user's profile information and should be owned and/or under full control of that users.  It must *not* be a directory shared by many users.  Also, the "Startup" folder is part of your user profile, so if you point the user profile to a new directory, it will be created from scratch as a copy of whatever is in the "Default User" profile.

    Actually, there can be two Startup folders involved....on for "All Users" and one in the specific user profile.  

    I think there is a simpler way to solve your problem.   Don't touch the AD user properties...leave the users on local profiles.  Use an "All Users" startup folder short cut pointing to a UNC Path (\\servername\share\whatever.bat) instead of a mapped drive letter.  That way you don't need to have a drive letter mapped to the

    The main problem with what I am suggesting is that is a computer-based method instead of a user-based method.  You have to modify the "All Users" profile on every PC.  All users logging onto a physical PC will execute the same logon script (so long as they have access rights to it).  However, you can use system variable like %username% or %userprofile% to take user-specific map to a private share.

    Also, you could set each user up with a network home directory (but not with a roaming profile).   In this scenario you would have to create a share for each users, but it would just be private storage for each user.   I believe this private share will be mapped without any logon script.

    If you want to go the roaming profile route you have to:
    - create a share for each users
    - set the AD properties to use this profile
    - add the appropriate batch file shortcut to each user's personal Startup folder


    Author Comment

    You see what I was trying to also avoid is having to go to each pc and having to put the script in the startup folder.  What I will try to do is map a share on the DC to the file server which is where the login scripts are located.  Also I will create one script that will call this scrip, and this will go under users properties profile tab, logon scripts.  So I will have to get the head office to do a mapon the DC to the file server where the script is because this way I can still manage the scripts, and won't have to manually load the scripts in the machines startup folder.  Not sure if this will work but I will see.

    Thanks for your help.

    Author Comment

    Ok still doesn't work.  Can somebody tell me why this will not work, create script to map shared drives and I put this script on a local machine that is not a DC, I also created a share on that machine and that's where the .bat file is located.  I got AD users and computers, and in the users properties profile tab under Logon scripts I put \\machinename\share\file and this is the share where the script is located.  I try to log in and out and nothing happends.  Also I have complete rights to that share.  A friend of mine tries the same thing in his company and it works for him, the only difference between the two is that he is part of Domain Admins group but that should not make any difference considering that I can specify the path to the batch files under Logon Scripts section and save it no problem.

    Any suggestions anyone???

    Featured Post

    Do You Know the 4 Main Threat Actor Types?

    Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

    Join & Write a Comment

    Preface Having the need * to contact many different companies with different infrastructures * do remote maintenance in their network required us to implement a more flexible routing solution. As RAS, PPTP, L2TP and VPN Client connections are no…
    by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
    Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
    In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now