Solved

my docs redirect

Posted on 2011-03-15
11
222 Views
Last Modified: 2012-05-11
We setup a my docs redirect group policy and now we have a new way of backing up users files so I need this policy to be stopped.  I made a test ou for the policy and placed everyone in it.  I still have the user folder in active dir. users and computers.   I took 1 user out of the test ou and put them back in the user folder and it will not stop the policy.  I have done a force and logged them off several times.  Is there a way to force this that I do not know, or is there something in the policy itself that is telling it to wait for something?  I am hoping to drop them back to the users folder and log off and that would be it.  
0
Comment
Question by:mkramer777
  • 5
  • 5
11 Comments
 
LVL 4

Expert Comment

by:LeDaouk
ID: 35138102
run this command on the server: gpupdate /force
cause the automatice aupdate take some time
0
 
LVL 11

Expert Comment

by:TheGorby
ID: 35138224
If the policy doesn't have the correct settings, it won't move the folders back, just like in the screen shot below. On the policy settings, you'll need to change that to "Redirect folder back to local profile when policy is removed".
ss1.bmp
0
 

Author Comment

by:mkramer777
ID: 35138483
It says restore contents.  That is what I want.  But how long does this take.  Can I force it to restore contents or does this just happen slowly?  
0
 
LVL 11

Expert Comment

by:TheGorby
ID: 35138656
Once the policy is applied to the user, it should begin copying the files immediately, the time it takes of course depends on the number/size of those files.

What about the setting named "Move the contents of the special folder to the new location setting", is it enabled or disabled? It should be enabled.

If it IS enabled, then log onto a computer as one of the users whose redirection should be removed. Right-click on their My Documents folder; does the Target Folder Location still have the redirected path, or does it show the local path? This will determine if the policy is not being applied, or if the policy is being applied but the contents aren't being copied.
0
 

Author Comment

by:mkramer777
ID: 35138726
We are also using offline files if that matters.  Will that speed up the restore back to the user's pc?  WHere can I find "move the contents of the special folder..."  The user that I removed still shows that his my docs are being redirected.  THe policy is not applied to him but it will not let go.  It shows the double arrows redirect on his my documnets folder.
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 11

Expert Comment

by:TheGorby
ID: 35139189
It's in the same place as the first setting I mentioned, as in the screen shot below.

I imagine that having used offline files before the change should speed up the transfer, but I don't know and can't find any documentation to support that.

At any rate, we now know the problem is the application of the policy. Looking back over your AD setup, it seems a bit confusing. Did you create a new Test OU and move all users to it so that you could remove the policy from only one user, for testing? If so, did you re-link the group policy to the Test OU so that it wouldn't apply to the original Users OU? Please describe in more detail what OU and other AD changes you've made.
0
 

Author Comment

by:mkramer777
ID: 35139321
It is working now on the user I pulled from the test OU.  It just took some time.  That was my original question.  I pulled a user from the my docs redirect test OU where all the users are and put them in a users folder that did not have the policy linked and enabled.  I rebooted and logged off several times but the user continued to have the policy affect their pc.  Then all of a sudden I rebooted and it was back to the way I want it, with no my docs redirect.  Do you think it took time because it was restoring the files back to the user's pc?
0
 
LVL 11

Accepted Solution

by:
TheGorby earned 500 total points
ID: 35139984
My guess would be that you have multiple domain controllers, and that AD replication hadn't yet been completed to the DC that the user was authenticating to (gpupdate /force only updates the GP according to what the one DC it asks tells it). Server 2003 replicates at either 1, 2 or 4 times per hour so it would have taken 15-60 minutes (or more if replication happened to be unscheduled for that hour) for all DC's to have the same GP info. And then after that point gpupdate must be run to get the freshest settings from the server(s).

That, possibly in combination with the time it took to transfer the files to the local PC, is probably why it took so long. Sorry I didn't mention replication times in the first place, but usually settings are the problem with redirection GPO's so I wanted to check that first. Glad to hear it's working though!
0
 

Author Closing Comment

by:mkramer777
ID: 35140332
Great answer without knowing the structure of our network.  We do have multiple domain controllers and we use replication.  Pretty sure that was what took the time.  Thanks for the into.
0
 

Author Comment

by:mkramer777
ID: 35140337
One last thing.  Can you speed up AD replication to the domain controllers?
0
 
LVL 11

Expert Comment

by:TheGorby
ID: 35140865
I eliminated replication as a GPO troubleshooting step long ago by making it a habit to force AD replication immediately after making any GPO testing changes, probably another reason that idea slipped my mind at first :)

If you're asking about increasing replication occurrence schedule, it's supposed to work almost immediately according to this http://technet.microsoft.com/en-us/library/cc728010(WS.10).aspx - but I find that it doesn't with GPO's, for whatever reason. To change the schedule, in AD Sites and Services expand to [your site name]\Servers\[servername]\NTDS Settings. Right-click on NTDS Settings and select Properties, then click the change schedule button.

To force an immediate replication, right-click on NTDS settings and select Replicate Now. Note that you should do this for each server or connection until all DC's have been replicated to.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
Learn about cloud computing and its benefits for small business owners.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now