Avatar of cestor
cestor
 asked on

Folder redirection not working- may be GPO/AD ???

I have just built a new DC with win2k server 2003. Client machines that were on an old DC have now been added to the new domain. There are 2 relevant shares on the new DC-
documents
profiles
The contents of these are their My Documents and Roaming Profile respectively that were copied from the old DC. Permissions have been reset on them such that the users are now the owners on those folders and have Full Control.
In the profile tab on Active Directory Users & Computers, users have been given a profile path \\newserver\profiles\%username% and a local path for their home folder of c:\documents\%username%

When I switch on verbose logging I get the following in userenv.log on the local machine

USERENV(2c0.2c4) 11:32:14:799 ReconcileFile: Unable to open temporary file
USERENV(2c0.b50) 11:33:07:565 GetGPOInfo:  Local GPO's gpt.ini is not accessible, assuming default state.
USERENV(2c0.b50) 11:33:32:440 ProcessGPOs: Extension Folder Redirection ProcessGroupPolicy failed, status 0x4ee.

When the user logs on they get the following messages in the local machine event log- 16 Userenv Information messages culminating in

Event Type:      Information
Event Source:      Userenv
Event Category:      None
Event ID:      1031
Date:            18/09/2006
Time:            11:33:07
User:            NT AUTHORITY\SYSTEM
Computer:      BLAH
Description:
Group Policy objects to be applied: "Default Domain Policy" .

and I then have 16 Folder Redirection Information Event ID 401 messages as below:

Entering folder redirection extension
Flags = 0x40
Group Policy Object name = {31B2F340-016D-11D2-945F-00C04FB984F9}
File system path = \\newdomain.com\sysvol\newdomain.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\User
Directory path = LDAP://CN=User,CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=newdomain,DC=com
Display name = Default Domain Policy
Found folder redirection settings for policy Default Domain Policy.
The user was found to be a member of the group s-1-1-0. The corresponding path was \\newserver\Documents\%username%.
Successfully obtained redirection data for My Documents, (Flags: 0x11).
Successfully obtained redirection data for My Pictures, (Flags: 0x2).
Successfully gathered folder redirection settings for policy Default Domain Policy.
Redirecting folder My Documents to \\newserver\Documents\%username%.


 and then ending with

Event Type:      Error
Event Source:      Folder Redirection
Event Category:      None
Event ID:      106
Date:            18/09/2006
Time:            11:33:32
User:            NEWDOMAIN\fred
Computer:      BLAH
Description:
Failed to perform redirection of folder My Documents. The full source path was <\\oldserver\Documents\fred>. The full destination path was <\\newserver\Documents\fred>. At least one of the shares on which these paths lie is currently offline.



Event Type:      Error
Event Source:      Userenv
Event Category:      None
Event ID:      1085
Date:            18/09/2006
Time:            11:33:32
User:            NT AUTHORITY\SYSTEM
Computer:      BLAH
Description:
The Group Policy client-side extension Folder Redirection failed to execute. Please look for any errors reported earlier by that extension.


---
Note that I can browse the SYSVOL share from the client machine and see the contents of gpt.ini
I have the latest service packs on both client and server

I have tried deleting the local copy of the profile from the client machines but this has not fixed it.


Windows Server 2003

Avatar of undefined
Last Comment
rgonser

8/22/2022 - Mon
rgonser

You dont have a GPO setting in your default domain policy trying to redirect My Doc's to the old share do you? If so, remove it. Then, go ahead and leave the User account properties set to default and make a GPO to do this redirection.

Make a GPO named USER_MyDoc_redir1

Under :User Configuration > Folder Redirection > My Documents
Create the settings you want (one share, folder for every use, DONT put \\new\documents\%USERNAME% in the field Windows will add that for you, just put "\\new\documents").

Apply this GPO to the domain or the OU containing your user acccounts.

Good luck!
cestor

ASKER
No - the new DC did not copy over the old group policies. The root Path for Group Policy- Default Domain Policy -My Documents properties is \\newserver\documents
rgonser

Then your GPO is being applied sucessfully, check your permissions, heres what I would do:

Share Permissions: FULL CONTROL.
NTFS Permissions: MODIFY (on their individual folders)
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23
cestor

ASKER
Yes,
NTFS Permissions are that the users are the owners on those folders and have Full Control.
Shares are set to Full Control
rgonser

What happens when you do a GPO modeling on a user account? Or a gpresult. (note: you can do GPO modeling from the GPMC)
cestor

ASKER
what should I be modelling or what should the command line be for gpresult?
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
cestor

ASKER
sorry -= here is the output


Microsoft (R) Windows (R) XP Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001

Created On 18/09/2006 at 14:35:11



RSOP results for NEWDOMAIN\micah on CLIENT: Logging Mode
------------------------------------------------------

OS Type:                     Microsoft Windows XP Professional
OS Configuration:            Member Workstation
OS Version:                  5.1.2600
Domain Name:                 NEWDOMAIN
Domain Type:                 Windows 2000
Site Name:                   Default-First-Site-Name
Roaming Profile:             \\hub\profiles\fred
Local Profile:               C:\Documents and Settings\fred.NEWDOMAIN.000
Connected over a slow link?: No


COMPUTER SETTINGS
------------------
    CN=CLIENT,CN=Computers,DC=NEWDOMAIN,DC=com
    Last time Group Policy was applied: 18/09/2006 at 14:26:50
    Group Policy was applied from:      newserver.NEWDOMAIN.com
    Group Policy slow link threshold:   500 kbps

    Applied Group Policy Objects
    -----------------------------
        Default Domain Policy

    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
        Local Group Policy
            Filtering:  Not Applied (Empty)

    The computer is a part of the following security groups:
    --------------------------------------------------------
        BUILTIN\Administrators
        Everyone
        SophosAdministrator
        BUILTIN\Users
        NT AUTHORITY\NETWORK
        NT AUTHORITY\Authenticated Users
        CLIENT$
        Domain Computers
       

USER SETTINGS
--------------
    CN=fred bloggs,CN=Users,DC=newdomain,DC=com
    Last time Group Policy was applied: 18/09/2006 at 13:31:33
    Group Policy was applied from:      newserver.newdomain.com
    Group Policy slow link threshold:   500 kbps

    Applied Group Policy Objects
    -----------------------------
        Default Domain Policy

    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
        Local Group Policy
            Filtering:  Not Applied (Empty)

    The user is a part of the following security groups:
    ----------------------------------------------------
        Domain Users
        Everyone
        BUILTIN\Administrators
        BUILTIN\Users
        NT AUTHORITY\INTERACTIVE
        NT AUTHORITY\Authenticated Users
        LOCAL
cestor

ASKER
ignore my last posting please- here is gpresult run on the client machine
--------------------------------------------------------------------------------------

Microsoft (R) Windows (R) XP Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001

Created On 18/09/2006 at 14:35:11



RSOP results for NEWDOMAIN\fred on CLIENT: Logging Mode
------------------------------------------------------

OS Type:                     Microsoft Windows XP Professional
OS Configuration:            Member Workstation
OS Version:                  5.1.2600
Domain Name:                 NEWDOMAIN
Domain Type:                 Windows 2000
Site Name:                   Default-First-Site-Name
Roaming Profile:             \\hub\profiles\fred
Local Profile:               C:\Documents and Settings\fred.NEWDOMAIN.000
Connected over a slow link?: No


COMPUTER SETTINGS
------------------
    CN=CLIENT,CN=Computers,DC=NEWDOMAIN,DC=com
    Last time Group Policy was applied: 18/09/2006 at 14:26:50
    Group Policy was applied from:      newserver.NEWDOMAIN.com
    Group Policy slow link threshold:   500 kbps

    Applied Group Policy Objects
    -----------------------------
        Default Domain Policy

    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
        Local Group Policy
            Filtering:  Not Applied (Empty)

    The computer is a part of the following security groups:
    --------------------------------------------------------
        BUILTIN\Administrators
        Everyone
        SophosAdministrator
        BUILTIN\Users
        NT AUTHORITY\NETWORK
        NT AUTHORITY\Authenticated Users
        CLIENT$
        Domain Computers
       

USER SETTINGS
--------------
    CN=fred bloggs,CN=Users,DC=newdomain,DC=com
    Last time Group Policy was applied: 18/09/2006 at 13:31:33
    Group Policy was applied from:      newserver.newdomain.com
    Group Policy slow link threshold:   500 kbps

    Applied Group Policy Objects
    -----------------------------
        Default Domain Policy

    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
        Local Group Policy
            Filtering:  Not Applied (Empty)

    The user is a part of the following security groups:
    ----------------------------------------------------
        Domain Users
        Everyone
        BUILTIN\Administrators
        BUILTIN\Users
        NT AUTHORITY\INTERACTIVE
        NT AUTHORITY\Authenticated Users
        LOCAL
ASKER CERTIFIED SOLUTION
rgonser

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
cestor

ASKER
hmm..not sure about that -the 1085 error is happening on the client-side, not the server. But I like your idea about the permissions so I will give it a try and then respond.
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
Stephen Manderson

You might want to look at the Share permissions of the folder itself, Even although you may have set the permissions for the contents of c:\documents\ and UNC path to the owner. The Share Permissions may not be set, not allowing anyone to access the UNC path, Could explain as to why the SYSVOL can be accessed as its set up with the shared folder permissions when you set up the DC.

SO I would right click the shared folder itself c:\documents\ and go to properties then Sharing then view them permissions. And just test with everyone to see if they can redirect. The folder permissions (Not Share) will stop them accessing each others folders.

Just an idea
Steve
cestor

ASKER
ok, I found the error. The cause, in case anyone else ever runs into the same problem was because the My Documents folder had been set for Offline Files in the old domain and was still trying to sync with the old server. This was overriding the group policy and causing the redirect to fail.
Points go to rgonser who steered me in that direction!
rgonser

Glad to hear you got it fixed!
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.