My Documents Redirection

Posted on 2011-03-01
Last Modified: 2012-05-11
So, we have a network with 2 geographical locations.  Each location has its own File/Print Server.  We have 2 group policies to redirect everyone's "My Documents" to one of the two File/Print Servers.  These policies are applied at the "User" level but not the "Computer."  As I understand GPO, this means that Users in the scope of the GPO will be affected by the redirect.  So, if a person that normally works at Location A logs into a computer that's in an organizational unit for Location B their documents should still redirect to Location A's File/Print Server because the user profile is in the organizational unit in the scope of Location A.  In other words, the organizational unit in which the computer is stored should have no impact on how a User GPO is applied.

However, I have a user who's documents are moved from Location A to Location B's File/Print Server every time she logs in at Location B.  Then when she logs in at Location A again, because her docs have all been moved to Location B, they appear to be empty.

Does anyone have any idea why this is happening and how to stop it?
Question by:ParkwayIT
  • 7
  • 3
LVL 31

Expert Comment

by:Justin Owens
ID: 35011455
How are you binding your GPO?  Is it to an OU or to a Security Group or another method?


Expert Comment

ID: 35011482
you may want to run rsop.msc
you can get an idea if there is an issue with the gpo's being applied. it could be that something is preventing that from applying correctly.

Author Comment

ID: 35011955
The GPO is being bound to an OU and NOT a Security Group nor any other method.

. . .
I will have to wait until this weekend or the next time the user comes down to Location B again to run rsop.msc . . . thank you.
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.


Author Comment

ID: 35012766
rsop.msc shows that the redirection for Location B is being applied even though the user profile being loaded is stored in an organizational unit that the redirection for Location A has been assigned to.

Author Comment

ID: 35012936
Okay, so this is not user nor computer specific.  I am finding that Any user profile that is stored in an OU associated with Location A that logs into a computer that is stored in an OU associated with Location B is having their documents redirected to Location B.

Restatement of my assumption and question:
I was taught that any GPO applied on the User level will be applied to any user profile that is stored in an OU to which the GPO is bound regardless of the OU in which the computer they log into is stored.
Is this true?  If so, why is this happening on our network?  How should I go about troubleshooting the issue?
LVL 31

Expert Comment

by:Justin Owens
ID: 35017305
So, your scenario is:

OU_A for SiteA
OU_B for SiteB

User accounts are in either OU_A or OU_B, depending on their normally assigned site.

Each OU has its own GPO, I will call GPO_A and GPO_B to redirect documents to ServerA and ServerB, respectively.  Computers are in neither OU_A or OU_B, so no GPO could be applied to them to affect document redirection in any way

Your expected behavior is that a user in OU_A, from SiteA, having GPO_A applied to his/her account will redirect to ServerA regardless of his physical location, either SiteA or SiteB.

Is this the case?

Accepted Solution

ParkwayIT earned 0 total points
ID: 35028085
Turns out that GPO_B was set to "Enforce" so any user that logged into a computer within GPO_B's scope would redirect to Server_B regardless of what OU the user profile was stored in.
LVL 31

Expert Comment

by:Justin Owens
ID: 35028230
It seems to me that the scenario posted in

Should have directly resulted in that discovery.  In what way do you not see your solution of unenforcing the GPO at SiteB as related to the above mentioned post?

Author Comment

ID: 35028625
To DrUltima:
Because it was just a rehash of what I already stated . . . That comment appears to be just you trying to see if you understood my situation and had no suggested action. At least rbgnr offered a suggested course of action even though it only reaffirmed what I already knew.  I don't see the word "Enforce" nor "No Override" in any of your comments.  It was a question not a solution:  
Is this the case?
 I would have accepted your comment as a solution if you had asked "Is GPO_B enforced?"

More over, to answer your question: No, this is not the case;
Computers are in neither OU_A or OU_B
 Computers in SiteB were in OU_B and users at SiteA were in OU_A, etc.

I appreciate your attempt to help, but I found the solution on my own.  Thank you.

To Vee Mod:
Accept your own comment as the solution
    If you solved your problem with no assistance from any Expert, post your solution and then click the Accept As Solution button in your own comment. Your points are automatically refunded.

If you want to keep this in the KB, go ahead and remove yours and the "expert's" last comments as it seems very childish to ask for credit on a solution when no solution was offered but instead only questions to better understand the issue.  While I appreciate the attempt to understand the issue, I will only accept solutions, not questions.  Unless that question directly lead to the solution like, "Is GPO_B set to Enforce or No Override?"

Author Comment

ID: 35028992
As I said before, I appreciate DrUltima's attempt to understand my issue.  I see how you may think the use of the word "childish" here is inflammatory.  However, I feel that his objecting to my solution to the issue on the presumption that his questions directly lead to my solution is far too unprofessional to desire him as a continuing active participant in an issue that has already been resolved by my own troubleshooting.  Just because he presented his objection in a professional manner does not mean that the objection its self was professional.

I truly am sorry if I've offended either of you, but I stand by my original argument that objecting to my solution was uncalled-for no matter how "professionally" the objection was presented.

Author Closing Comment

ID: 35067736
Unchecked "Enforce" . . . also known as "No Override" on the GPO that redirected LocationB's documents.

Featured Post

Backup Solution for AWS

Read about how CloudBerry Backup fully integrates your backups with Amazon S3 and Amazon Glacier to provide military-grade encryption and dramatically cut storage costs on any platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Microsoft DNS on Windows Server 2012 R2 10 59
Need help Creating a Powershell script 8 50
Activity directory migration 4 22
DNS/WINS in a domain 10 37
This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question