Solved

Moving Terminal Services Profiles

Posted on 2008-06-26
19
1,110 Views
Last Modified: 2013-11-21
I am trying to move our Terminal Services Profiles from one server to the other. Here is what i have done:
Created the share on the new server and gave Everyone Full share access
Added the Domain users group to the folder access lisst with the default rights.
Copied the users profile from the old server to the new and deleted the old profile.

When I log in as that user they log in with a brand enw profile. when they log off there is a new fiolder on the old server with their newly created profile.
For some reason it is ignoring the newly created profile completely.
0
Comment
Question by:mwalker-mdb
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
19 Comments
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 21880055
have you changed the location on the actual account?
0
 

Author Comment

by:mwalker-mdb
ID: 21880060
Yes and it still doesn't move.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 21880090
its premissions, you should have used xcopy to copy them over as your permissions are now screwed

test one account for me. Grant Authentication users full control share permissions on the root. On the users profile, grant the user full control in security settings, as well as making sure they are the owner
0
Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 

Author Comment

by:mwalker-mdb
ID: 21880179
No difference. It still re-creates the profile directory on the old server. It totally ignores the settings in AD.
Is it possible it is a setting in a Group Policy? I don't know if you can set that through a policy.
I will check that out. Any other ideas?

0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 21880229
you can set roaming profile stuff through GPO yeah....but if you set an account setting it overrides anyway
0
 

Author Comment

by:mwalker-mdb
ID: 21880231
Yeah and I checked all the GPO's and there is no setting. I thought this was going to be easy.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 21880267
have you got multiple DC's?
0
 

Author Comment

by:mwalker-mdb
ID: 21880273
Three DC's.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 21880275
has replication occured on all DC's?
0
 

Author Comment

by:mwalker-mdb
ID: 21880284
Yes. I forced replication.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 21880307
can you confirm the settings have taken on each server (just confirm the prof path for me)
0
 

Author Comment

by:mwalker-mdb
ID: 21880314
The change is on all servers
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 21880331
in that case i have no idea, usually a profile path is a simple process to move over - i have done it beyond count - sorry mate
0
 

Author Comment

by:mwalker-mdb
ID: 21880337
I know. I thought this was supposed to be easy. Thanks for the input. If you come across anything please let me know.
0
 
LVL 3

Expert Comment

by:PoorImpulseControl
ID: 22075403
I've fixed this problem before by deleting the profile registry entry on the Citrix /TS server(s).

Each user gets an entry under
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
The key name is the user's SID, and values include the roaming profile path. I've occasionally had Citrix/TS that don't "see" the new path.

Fix is simple:
- identify the affected user's SID (I like psgetsid.exe from SysInternals/Microsoft's PSTools kit)
- delete the matching key from the registry

** Usual disclaimer about you're on your own: editing the registry may cause your server to crash, locusts to infest the Empire state Building, and a 3rd party candidate to hijack a close election. I'm not responsible. Really. Just ask my wife.**

when the user logs on again, the TS is forced to read the new entry from AD.

As far as permissions, Microsft has a technet entry on permissions for redirecting "My Documents", and I've successfully used the same permissions for roaming profile directories.
http://technet2.microsoft.com/windowsserver/en/library/a1b7ce04-708b-4145-830a-cadfc003acd31033.mspx?mfr=true

Here's part of a shell script I wrote that sets up permissions based on the KB. It requires the marvelous SETACL.EXE utility from sourceforge.net

set new-dir=%baseDataDir%\MyDocs
mkdir "%new-dir%"
      rem //
      rem // backup existing DACL
setacl -ot file -on "%new-dir%" -actn list -lst "i:n;f:sddl" -bckp "%new-dir%.acl"
      rem //
      rem // set DACL to inherit perms (np - "no protection")
setacl -ot file -on "%new-dir%" -actn setprot -op "dacl:np"
      rem //
      rem // clear any explicit DACL permissions assignments
setacl -ot file -on "%new-dir%" -actn clear -clr dacl
      rem //
      rem // display DACL explicit assignments
      rem // - should be empty
setacl -ot file -on "%new-dir%" -actn list -lst "i:n;f:tab"
      rem //
      rem // set DACL to "do not allow to inherit" and copy existing perms
      rem // then set explicit ACE for "domain users"
      rem //       traverse: Traverse folder / execute file
      rem //       list_dir: List folder / read data
      rem //       read_attr: Read attributes
      rem //       add_subdir: Create folders / append data
      rem //      
setacl -ot file -on "%new-dir%" -actn setprot -op "dacl:p_c" -actn ace -ace "n:domain users;p:traverse,list_dir,read_attr,add_subdir,;i:np;m:set"
      rem //
      rem // display results in tab-separated format
setacl -ot file -on "%new-dir%" -actn list -lst "i:n;f:tab"
net share MyDocs$="%new-dir%" /grant:"Domain Admins",full /grant:"SYSTEM",full /grant:"Domain Users",change /cache:documents

0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 22084838
PAQed with points refunded (250)

Computer101
EE Admin
0
 

Expert Comment

by:tbs07
ID: 22780441
If you want to stick to local user profiles on the Terminal Server, here's the procedure to move them to the new server:

   1. Create a test user account
   2. Log on to the old server with the test user account and make a couple of changes in the user environment. Write them down and logoff
   3. Start regedit on the old server and export the following 2 registry keys:

          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileGuid
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

   4. Start regedit on the new server and export the same keys, as a backup copy
   5. Copy the exported keys (the .reg files) from the old server to the new server and import them, by double-clicking on them
   6. Use robocopy to copy the user profiles. In the following example robocopy is run from the new server:

          robocopy "\\old_server\c$\documents and settings" "c:\documents and settings"
             /COPYALL /S
             /XD "\\old_server\c$\documents and settings\Administrator"
                 "\\old_server\c$\documents and settings\LocalService"
                 "\\old_server\c$\documents and settings\NetworkService"
                 "\\old_server\c$\documents and settings\Default User"
                 "\\old_server\c$\documents and settings\All Users"

   7. That's it! Log on with the test user account and check the changes you made in step 2 to verify that your profile is loaded properly
0
 

Author Comment

by:mwalker-mdb
ID: 22781223
Thank you for the response but this was resolved months ago
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
A hard and fast method for reducing Active Directory Administrators members.
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question