tracyms
asked on
Synchronize Local and Roaming Profiles
I'm setting up roaming profiles for users who normally logon to the local machine. All users settings are stored locally. I'd like to have it setup so that users always get their settings whether they're logging in the server or local machine. So in case I bring down the server the user can still access their files. The machines are xp professional and the server is Windows 2003 Standard. I've tested how to do this by:
- renaming the local profile (user.temp)
- creating the user in AD and setting the profile path
- login as the user to set the user name
- delete the user name (created by domain login)
- rename the local profile to user (remove the .temp)
- I add the user/domain to the user's folder and give full rights so the user has user/domain and user/machine name in the security tab of the user's folder with both set to full rights
- I then copy the profile from the local machine to server using "copy to" to overwrite the domain profile
I give the domain/user full rights to roaming profile on the server and notice the Profile key for the local user is there as "unknown" but has full rights. If I open regedit on the local machine and navigate to the user's profile list I see the same key.
It seems it works in that if I logon and create folders on either profile - login to "this machine" as the user or login to domain as the user the folders are there. The only thing is wallpaper and system tray icons are not present although the programs are there in the Programs menu...any idea why?
If I just copy the local profile to server and login to the domain, I get all the settings but another folder is created - user.domain and doesn't sync with the local profile. I have home folders for users as well on the server but again if the server is down they can't access it. I also will not do folder redirection as it requires another machine to store the files (which I do not have). If users store files in My documents or the desktop (normally they do) then I want them to always have access to it.
- renaming the local profile (user.temp)
- creating the user in AD and setting the profile path
- login as the user to set the user name
- delete the user name (created by domain login)
- rename the local profile to user (remove the .temp)
- I add the user/domain to the user's folder and give full rights so the user has user/domain and user/machine name in the security tab of the user's folder with both set to full rights
- I then copy the profile from the local machine to server using "copy to" to overwrite the domain profile
I give the domain/user full rights to roaming profile on the server and notice the Profile key for the local user is there as "unknown" but has full rights. If I open regedit on the local machine and navigate to the user's profile list I see the same key.
It seems it works in that if I logon and create folders on either profile - login to "this machine" as the user or login to domain as the user the folders are there. The only thing is wallpaper and system tray icons are not present although the programs are there in the Programs menu...any idea why?
If I just copy the local profile to server and login to the domain, I get all the settings but another folder is created - user.domain and doesn't sync with the local profile. I have home folders for users as well on the server but again if the server is down they can't access it. I also will not do folder redirection as it requires another machine to store the files (which I do not have). If users store files in My documents or the desktop (normally they do) then I want them to always have access to it.
ASKER
Thanks Netman66,
I'm not sure I understand...I have tested creating a user from scratch in AD and logged in as the new user - everything fine, no problem. If I login under "this machine" and not use the domain login I get a folder with user.machine name - not the original profile created by the domain login.
I used the file and transfer wizard before when testing this (not sure if it would equal the migration tools you recommened.
I don't know what happens if I take the server down and a user tries to login to the domain - maybe this is what you're referring to about a cached copy...after pc doesn't find the domain, will it use the one the domain created or add user.machinename?
I'm not sure I understand...I have tested creating a user from scratch in AD and logged in as the new user - everything fine, no problem. If I login under "this machine" and not use the domain login I get a folder with user.machine name - not the original profile created by the domain login.
I used the file and transfer wizard before when testing this (not sure if it would equal the migration tools you recommened.
I don't know what happens if I take the server down and a user tries to login to the domain - maybe this is what you're referring to about a cached copy...after pc doesn't find the domain, will it use the one the domain created or add user.machinename?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks, makes sense.
The local profile is different that the domain profile - the NTUSER.DAT is HKCU so a domain account is not the same as a local account.
You want to migrate settings to the new domain profile using either USMT 3.0 or this tool: http://www.forensit.com/Profwiz/index.htm