Solved

Synchronize Local and Roaming Profiles

Posted on 2007-11-14
4
2,451 Views
Last Modified: 2012-08-14
I'm setting up roaming profiles for users who normally logon to the local machine. All users settings are stored locally. I'd like to have it setup so that users always get their settings whether they're logging in the server or local machine. So in case I bring down the server the user can still access their files. The machines are xp professional and the server is Windows 2003 Standard. I've tested how to do this by:

- renaming the local profile (user.temp)
- creating the user in AD and setting the profile path
- login as the user to set the user name
- delete the user name (created by domain login)
- rename the local profile to user (remove the .temp)
- I add the user/domain to the user's folder and give full rights so the user has user/domain and user/machine name in the security tab of the user's folder with both set to full rights
- I then copy the profile from the local machine to server using "copy to" to overwrite the domain profile

I give the domain/user full rights to roaming profile on the server and notice the Profile key for the local user is there as "unknown" but has full rights. If I open regedit on the local machine and navigate to the user's profile list I see the same key.

It seems it works in that if I logon and create folders on either profile - login to "this machine" as the user or login to domain as the user the folders are there. The only thing is wallpaper and system tray icons are not present although the programs are there in the Programs menu...any idea why?

If I just copy the local profile to server and login to the domain, I get all the settings but another folder is created - user.domain and doesn't sync with the local profile. I have home folders for users as well on the server but again if the server is down they can't access it. I also will not do folder redirection as it requires another machine to store the files (which I do not have). If users store files in My documents or the desktop (normally they do) then I want them to always have access to it.

0
Comment
Question by:tracyms
  • 2
  • 2
4 Comments
 
LVL 51

Expert Comment

by:Netman66
ID: 20280378
If you use Roaming profiles then once the user logs on once their profile is local and on the server.  Using cached credentials (off the domain) still gets them into this profile.

The local profile is different that the domain profile - the NTUSER.DAT is HKCU so a domain account is not the same as a local account.

You want to migrate settings to the new domain profile using either USMT 3.0 or this tool:  http://www.forensit.com/Profwiz/index.htm
0
 

Author Comment

by:tracyms
ID: 20281149
Thanks Netman66,
I'm not sure I understand...I have tested creating a user from scratch in AD and logged in as the new user - everything fine, no problem. If I login under "this machine" and not use the domain login I get a folder with user.machine name - not the original profile created by the domain login.

I used the file and transfer wizard before when testing this (not sure if it would equal the migration tools you recommened.

I don't know what happens if I take the server down and a user tries to login to the domain - maybe this is what you're referring to about a cached copy...after pc doesn't find the domain, will it use the one the domain created or add user.machinename?
0
 
LVL 51

Accepted Solution

by:
Netman66 earned 500 total points
ID: 20281762
That's the point.

If you logon to the domain, a local copy of the profile will be created.  You then can logon using the Domain credentials even when not connected to the domain - this is accomplished using "cached credentials" from the domain account.

There should be no need for a local account at all after you create the domain profile and use that tool to move the local profile settings to the domain profile.
0
 

Author Comment

by:tracyms
ID: 20285777
Thanks, makes sense.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
Synchronize a new Active Directory domain with an existing Office 365 tenant
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now