asked on Roaming Profiles
Hi,
I just rebuilt a customers 2003 server. The Main board was failing. I made both servers DC's, The assigned all the rolls to the new server copied over all the shared drives, and demoted the old DC.
Thats when the weird things happened. All the users in the office use roaming profiles.When they log into their own machines, the server authenticates them but then I get an error saying that it could not find the server copy of their roaming profile. When I go to network neighborhood, I can see all the folders they should be able to view, but they are all empty.
However when I log into the server locally as a user, I get their profile just fine and all the folders are populated. I have tried everything I could think of. I gave them full permission of the files, made them owner, removed inherited permissions, made full permission be passed on to all sub contents. Its the same for all of the 5 shares they have. but on the failing server the roaming profiles worked just fine.
Any help would be appreciated.
I just rebuilt a customers 2003 server. The Main board was failing. I made both servers DC's, The assigned all the rolls to the new server copied over all the shared drives, and demoted the old DC.
Thats when the weird things happened. All the users in the office use roaming profiles.When they log into their own machines, the server authenticates them but then I get an error saying that it could not find the server copy of their roaming profile. When I go to network neighborhood, I can see all the folders they should be able to view, but they are all empty.
However when I log into the server locally as a user, I get their profile just fine and all the folders are populated. I have tried everything I could think of. I gave them full permission of the files, made them owner, removed inherited permissions, made full permission be passed on to all sub contents. Its the same for all of the 5 shares they have. but on the failing server the roaming profiles worked just fine.
Any help would be appreciated.
Microsoft Server AppsMicrosoft Legacy OS
Last Comment
RRafuls
Just a thought, are the policies set to be getting the profiles from the right place still? As you have already looked at the permissions, then its possible the profiles aren't being found as they are mapped somewhere slightly different.
ASKER
No that was the first thing I checked, Sorry I forgot to put that in there.
It not displaying the folder contents made me think permissions.
It not displaying the folder contents made me think permissions.
Is the share domain or server based?
The roaming profile could take two logins to get.
What did you use to copy the data?
robocopy with /copy:DATO as the option?
Or if domain based share and you have 2003 R2 or newer, did you use DFS-replication to get the data replicated?
Do you also have folder redirection GPO setup?
The roaming profile could take two logins to get.
What did you use to copy the data?
robocopy with /copy:DATO as the option?
Or if domain based share and you have 2003 R2 or newer, did you use DFS-replication to get the data replicated?
Do you also have folder redirection GPO setup?
ASKER
It is 2003 R2.
I dont remember what I used to copy it was called. I think it was in a package called _____ ______ server tool kit. I know it required Dot Net 2. Think it was Microsoft download. It copied all the users, permissions, shares, etc.
It only asks for log in 1 time then errors.
I do still have the demoted old server, in case I need it.
I dont remember what I used to copy it was called. I think it was in a package called _____ ______ server tool kit. I know it required Dot Net 2. Think it was Microsoft download. It copied all the users, permissions, shares, etc.
It only asks for log in 1 time then errors.
I do still have the demoted old server, in case I need it.
Once you demote the server, you should not try reconnecting it as it will really mess things Up.
Your options in this situation is to point the roaming profiles to a new location and let each user get a brand new profile. You could then copy the my documents, desktop, contents from the old into the new. including the favorites
The users will experience the inconvinience of having to configure their settings anew.
The userpfofiles should not be configured to inherit the settings from the parent directory. The other issue is to check what the sharing settings are on the \\server\profilelocation or \\domain\profilelocation
The user has to be the owner of the profile file and ntuser.dat.
You would likely need to check the application/security/syste
Your options in this situation is to point the roaming profiles to a new location and let each user get a brand new profile. You could then copy the my documents, desktop, contents from the old into the new. including the favorites
The users will experience the inconvinience of having to configure their settings anew.
The userpfofiles should not be configured to inherit the settings from the parent directory. The other issue is to check what the sharing settings are on the \\server\profilelocation or \\domain\profilelocation
The user has to be the owner of the profile file and ntuser.dat.
You would likely need to check the application/security/syste
ASKER
I will try that tomorrow.
The share is \\server\share
Thanks I will let you know.
The share is \\server\share
Thanks I will let you know.
ASKER
I had another thought last night. I did have some problems getting the global catalog and sysvol to copy The server was working so I didn't think much about it but what if it were to have been corrupt? I didn't know if that could cause the problem or If I could restore their back-up to try and fix it due to the different hardware in the server.
If your new DC does not have the GC role, it would cause problems logining, but not sure it will have a direct impact on the roaming profile component.
The GC and sysvol would affect the policies and scripts if any, but you indicate that your issue is with the roaming profiles.
try with one user either rename their current roaming profile to username.old
and let them login a new and see whether they get a new roaming profile created and resolve that side of the issue.
You can then compare the settings on this roaming profile with that of the others.
If there are difference i.e. settings/permissions. Examples below there are more that will possibly go through a directory where you store the profile and will update the permissions based on the username after whom the folder is named.
http://www.tek-tips.com/faqs.cfm?fid=5734
https://www.experts-exchange.com/questions/21019361/Set-Folder-Permissions-using-Script-VBScript-WSH-etc.html
The GC and sysvol would affect the policies and scripts if any, but you indicate that your issue is with the roaming profiles.
try with one user either rename their current roaming profile to username.old
and let them login a new and see whether they get a new roaming profile created and resolve that side of the issue.
You can then compare the settings on this roaming profile with that of the others.
If there are difference i.e. settings/permissions. Examples below there are more that will possibly go through a directory where you store the profile and will update the permissions based on the username after whom the folder is named.
http://www.tek-tips.com/faqs.cfm?fid=5734
https://www.experts-exchange.com/questions/21019361/Set-Folder-Permissions-using-Script-VBScript-WSH-etc.html
ASKER
When I created a new user it told me the domain could not be contacted. I have now uninstalled and re-installed active directory. Created a new user. Still tells me it can't find the domain. Server name and IP address are the same as old server.
The issue might be that your workstations are pointing to the OLD DC's IP for name service.
Where is your DHCP server, check the scope options and make sure that the DHCP option for name service points to the new DC.
To speed things up, you can bring up the old DC's IP on the existing DC.
Issues might start if there are still stale references to the OLD dc such that the new dc will see the old DC's IP and will try to reestablish connection/replication and may generate errors.
Where is your DHCP server, check the scope options and make sure that the DHCP option for name service points to the new DC.
To speed things up, you can bring up the old DC's IP on the existing DC.
Issues might start if there are still stale references to the OLD dc such that the new dc will see the old DC's IP and will try to reestablish connection/replication and may generate errors.
ASKER
I think they were pointing to old dc's identifier I made them workgroup machines then domain machines again and I got roaming profiles back. Still having permissions issues tho.
How long did you wait to demote the old one?
Did you make sure that all AD replication was completed?
Where is your DHCP server check its configuration/settings as mentioned in prior post.
Did you make sure that all AD replication was completed?
Where is your DHCP server check its configuration/settings as mentioned in prior post.
ASKER
Waited about an hour. Anyhow we are passed that I think.
ASKER
OK, This is where I am so far.
I have removed active directory adn re installed it. I have taken the workstations off the domain and re added them. I have rebuilt 2 of the domain users and can get their profiles to load but not with out problems. Mapped drives and shares still do not load right.
I believe that it is still trying to access the old server. I read elsewhere on this site that I made a faux-pa. I removed the old server, re-created it, and put the new one in its place using the SAME IP address and server name and that this may be confusing the workstations.
I believe this to be true because some of the shares that I see when going to the server from network neighborhood do not exist on the new server yet (the folder structure does but the share does not).
I am wondering if I change the name to something else and change the IP address adn change the DNS reference in the workstations. If this may solve the problems.
Any thoughts??
I have removed active directory adn re installed it. I have taken the workstations off the domain and re added them. I have rebuilt 2 of the domain users and can get their profiles to load but not with out problems. Mapped drives and shares still do not load right.
I believe that it is still trying to access the old server. I read elsewhere on this site that I made a faux-pa. I removed the old server, re-created it, and put the new one in its place using the SAME IP address and server name and that this may be confusing the workstations.
I believe this to be true because some of the shares that I see when going to the server from network neighborhood do not exist on the new server yet (the folder structure does but the share does not).
I am wondering if I change the name to something else and change the IP address adn change the DNS reference in the workstations. If this may solve the problems.
Any thoughts??
The \\server\share on one server is different from \\server\share when the \\server uses the same name. The two have distinct "GUID" and would not load.
Are you able to access the \\domain\sysvol\domain\pol
Using login script you could remap the different shares.
net use F: /delete
net use F: \\domain\share
You could change the name.
But there is no assurance that it will clear things up. You would then have to clean the AD of all stale references to the old server.
Presumably you are restoring the AD from a system state backup?
Or are you starting from scratch?
Are you able to access the \\domain\sysvol\domain\pol
Using login script you could remap the different shares.
net use F: /delete
net use F: \\domain\share
You could change the name.
But there is no assurance that it will clear things up. You would then have to clean the AD of all stale references to the old server.
Presumably you are restoring the AD from a system state backup?
Or are you starting from scratch?
ASKER
Scratch. I thought about restoring their backup but it was from the begining of 2008. I did not get called in until after the problem with the drives /main board was to bad to fix.
The problem with remapping is that the workstations only see the old shares,not the new ones. Like its looking at e ghost of the former server.
I doubt I can see the sysvol folder from the workstation. It can't see any of the new shares from the workstations.
The problem with remapping is that the workstations only see the old shares,not the new ones. Like its looking at e ghost of the former server.
I doubt I can see the sysvol folder from the workstation. It can't see any of the new shares from the workstations.
What about the workstations that you rejoined?
can they access the \\domain\sysvol? This is often how the GPOs/netlogon scripts are being accessed
If they can, you have to modify the login scripts to use the \\domain\share versus \\server\share.
The other option is to setup a new server and import the AD users/computers from the current one. and then join the workstation to the new AD using netdom which I think is part of the support tools.
The problem is that you have to know and have a local administrative account on each workstation to use with netdom.
can they access the \\domain\sysvol? This is often how the GPOs/netlogon scripts are being accessed
If they can, you have to modify the login scripts to use the \\domain\share versus \\server\share.
The other option is to setup a new server and import the AD users/computers from the current one. and then join the workstation to the new AD using netdom which I think is part of the support tools.
The problem is that you have to know and have a local administrative account on each workstation to use with netdom.
ASKER
The Workstations that I have rejoined are the ones that I am having problems with, no access to any shares. They can see the folder (sometimes) but no contents. I have not tried any of the rest yet.
There are only 2 domain users now. I had to end up uninstalling and re installing AD so they all went bye-bye.
I was thinking, there are only 4 full time users, and 15 part time users anyway. Each with their own machine. I don't know why they have AD or roaming profiles. Seems like a pain for no real benefit. I was thinking of dropping them to a workgroup and just using the shares, if they'll work then, thats all they really use anyway.
There are only 2 domain users now. I had to end up uninstalling and re installing AD so they all went bye-bye.
I was thinking, there are only 4 full time users, and 15 part time users anyway. Each with their own machine. I don't know why they have AD or roaming profiles. Seems like a pain for no real benefit. I was thinking of dropping them to a workgroup and just using the shares, if they'll work then, thats all they really use anyway.
ASKER
Just so all of you know, I really appreciate this.
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
I tried recreating from scratch. I uninstalled AD, Re-installed AD, removed the Workstations from domain and joined them to a work group, Added the user to AD and created folders and pointers for roaming profiles, rejoined the workstations to the domain, shut off the workstations, copied their old profiles to their new folders, and re logged them in. It still didnt work. I rebuilt 2 of the 4, 1 couldnt access their my docs, folder opened but it was empty, the other could access their my docs, but profile wouldnt load.
They do backup at the workstations already with external hard drives.
I have created new shares but the users cant see them. Even if I specifically add them to the list, give them full control, and make them the owner.
I realize how AD would come in handy if they had 50-100 users but 4?
They do backup at the workstations already with external hard drives.
I have created new shares but the users cant see them. Even if I specifically add them to the list, give them full control, and make them the owner.
I realize how AD would come in handy if they had 50-100 users but 4?
several things do not make sense.
Could they have used folder redirection?
I.e. the profile is stored in one share while the user's folder such as my documents, desktop, application data, and start menu are stored in a separate share?
This speeds up the load since the profile is often maintained small maxing out at 10MB while the larger portion i.e. application data, my documents and desktop are redirected from the local system to a separate share and when offline caching is permitted, the user does not see a difference.
Did you try to force the new users to access the old roaming profiles? The UID/SIDS would be different and may explain the issues. If you are starting from scratch, do so. One the new user's profile is created in the roaming share, you can always copy the my documents/desktop and favorites from the old one to the new one which should inherit the permission from the parent directory.
the user would then be able to access this.
If you do not have AD setup and the environment expands i.e. goes from 4 users to 12 users working in shifts, you will run into issues trying to either setup the AD and then try to avoid loosing the 4 users' data. OR have to go add the additional 8 users to each of the workstations just in case they pick one on which you did not set their user up.
Could they have used folder redirection?
I.e. the profile is stored in one share while the user's folder such as my documents, desktop, application data, and start menu are stored in a separate share?
This speeds up the load since the profile is often maintained small maxing out at 10MB while the larger portion i.e. application data, my documents and desktop are redirected from the local system to a separate share and when offline caching is permitted, the user does not see a difference.
Did you try to force the new users to access the old roaming profiles? The UID/SIDS would be different and may explain the issues. If you are starting from scratch, do so. One the new user's profile is created in the roaming share, you can always copy the my documents/desktop and favorites from the old one to the new one which should inherit the permission from the parent directory.
the user would then be able to access this.
If you do not have AD setup and the environment expands i.e. goes from 4 users to 12 users working in shifts, you will run into issues trying to either setup the AD and then try to avoid loosing the 4 users' data. OR have to go add the additional 8 users to each of the workstations just in case they pick one on which you did not set their user up.
ASKER
They did, I recreated this.
Let me see if I understand the 2nd paragraph right. This is what I did with regard to that. I made a new user. had it create a new profile when it logged in. then logged them out and copied the contents of their old profile folder to the new one I made so their stuff would come back. and copied the contents of their my docs into the new my docs. Did I do this right?
My docs is created like this. AD Forces a map, Drive H:\ to a share on the server. My docs on desktop is mapped to drive H:\. Map shows correctly, but opens empty.
Let me see if I understand the 2nd paragraph right. This is what I did with regard to that. I made a new user. had it create a new profile when it logged in. then logged them out and copied the contents of their old profile folder to the new one I made so their stuff would come back. and copied the contents of their my docs into the new my docs. Did I do this right?
My docs is created like this. AD Forces a map, Drive H:\ to a share on the server. My docs on desktop is mapped to drive H:\. Map shows correctly, but opens empty.
You can not copy the entire profile from the old to the new ntuser.dat will have an incorrect reference to the UID/SID.
You should only copy their documents
favorites, user's documents/my document\*, Desktop
personally, I would stay away from copying the application data folder since part of that contains the user identity application data\microsoft which will be invalid in the new AD.
The only thing you can bring back is their documents, their settings/appearance can not be brought back in this fashion.
I am not getting a clear picture of your AD/GPO configuration.
Are you using folder redirection?
What are the settings on the share where drive H: points? Check the caching options and change them to not allow offline caching.
This way the my documents access must be direct.
roaming with folder redirection:
\\domain\userprofiles\%use
The redirected folders would be:
\\domain\userfolders\%user
which is also the home drive where Desktop, My documents, Application Data and Start menu will be listed.
If you want the administrator group to have rights on the created roaming profiles, configure the GPO for the workstations to add the administators group to the roaming profiles.
You should only copy their documents
favorites, user's documents/my document\*, Desktop
personally, I would stay away from copying the application data folder since part of that contains the user identity application data\microsoft which will be invalid in the new AD.
The only thing you can bring back is their documents, their settings/appearance can not be brought back in this fashion.
I am not getting a clear picture of your AD/GPO configuration.
Are you using folder redirection?
What are the settings on the share where drive H: points? Check the caching options and change them to not allow offline caching.
This way the my documents access must be direct.
roaming with folder redirection:
\\domain\userprofiles\%use
The redirected folders would be:
\\domain\userfolders\%user
which is also the home drive where Desktop, My documents, Application Data and Start menu will be listed.
If you want the administrator group to have rights on the created roaming profiles, configure the GPO for the workstations to add the administators group to the roaming profiles.
ASKER
You said
"roaming with folder redirection:
\\domain\userprofiles\%use
The redirected folders would be:
\\domain\userfolders\%user
which is also the home drive where Desktop, My documents, Application Data and Start menu will be listed."
This is what I did. Only I used:
\\server\user profiles\profiles\{user name}
\\server\user profiles\documents\{user name}
I will try recreating again on monday and NOT copying the suggested files.
Thank you soo much. I hope this works.
"roaming with folder redirection:
\\domain\userprofiles\%use
The redirected folders would be:
\\domain\userfolders\%user
which is also the home drive where Desktop, My documents, Application Data and Start menu will be listed."
This is what I did. Only I used:
\\server\user profiles\profiles\{user name}
\\server\user profiles\documents\{user name}
I will try recreating again on monday and NOT copying the suggested files.
Thank you soo much. I hope this works.
You can do the folder redirection as you have, the problem I see is that you will have more shares: i.e.
I would strongly suggest you do not use \\server\ but use \\domain.
\\domain always points to the DC.
This also simplifies things if you should ever add another server and you want that server to host this share. You would then use DFS and point the target for \\domain\share to \\server\share without the user having to unmap and remap the shares.
in your example:
you would need to then have:
\\domain\user profiles\application data\{user name}
\\domain\user profiles\start menu\{user name}
\\domain\user profiles\Desktop\{user name}
in my example,
when creating the user and specifying the home directory map i.e.
U: \\domain\userfolders\%user
and then creating the folder redirection for each folder to \\domain\userfolders\%user
The breakout you have adds to overhead in terms of how many shares you have to have.
I would strongly suggest you do not use \\server\ but use \\domain.
\\domain always points to the DC.
This also simplifies things if you should ever add another server and you want that server to host this share. You would then use DFS and point the target for \\domain\share to \\server\share without the user having to unmap and remap the shares.
in your example:
you would need to then have:
\\domain\user profiles\application data\{user name}
\\domain\user profiles\start menu\{user name}
\\domain\user profiles\Desktop\{user name}
in my example,
when creating the user and specifying the home directory map i.e.
U: \\domain\userfolders\%user
and then creating the folder redirection for each folder to \\domain\userfolders\%user
The breakout you have adds to overhead in terms of how many shares you have to have.
ASKER
I did home directory map. I just couldn't remember the name. I think what I called documents is the home folder.
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Done
ASKER
Thats what fixed it