Roaming profiles in Branch office

Posted on 2011-10-27
Last Modified: 2012-05-12
Hi there we have 1 office that has a 2003 R2 server with roaming profiles for 20 PCs.

The management want to open a new office which we will create a VPN tunnel between.

They want it so that they can login to their profile from this branch office and see the same desktop, documents and have things like outlook already configured as in the main office now.

my method would be to setup a new server in the branch office and configure a DFS share and have the existing and new server as a part of this DFSR namespace.

reading through articles people advise that this is not supported and shouldn’t be done as if a file is updated in one location and another at the same time the newst one will take precedence over the other change and cause conflict. But why would the users be logged into the same profile at each end at the same time??

Please can anyone advise the way in which we can do this to allow users from both offices to login at each end and see the same profile which is stored on the local server to which they wish to login to?


Question by:Bertling
    LVL 9

    Expert Comment

    Generally the best way to achieve this type of setup is to use MS Terminal Services or Citrix XenApp. That way all data is stored at your main location and if staff are offsite or based at a branch office, they login to the TS desktop for all their applications.

    There is some additional expense for terminal server CALs but for that money you get a reliable solution that's easy to manage, easily grows with the company and will also allow staff to login from home and use the same system as they do at the office.

    If you wanted to stick with standard roaming profiles and not go the terminal services route my opinion is it would be better to have all profiles and network shares stored at your main office and use a WAN accelerator at the branch to minimise/speed up the data transferred during logon/logoff or general file share access. Most good WAN accelerators now support AD authentication caching and print services so you may not even need a server at the second site. Riverbed WAN accelerators are what I've demoed and was impressed with but there are plenty of other vendors with similar products to compare with. Since you only have 2 sites with a low number of remote users I would expect the cost of a WAN accelerator solution to be comparable to a decent server+Windows license. The only drawback is that if the network connection goes down, staff at the remote site will lose access to file shares until the connection is restored.
    LVL 11

    Author Comment

    thanks for this. i would also like to add that the branch office is i Moscow and the HQ is in London. So there will be PLENTY of time for the DFS to sync the users profile...

    how could corruption occour still if the user is only signed in at one end at any one time?
    LVL 9

    Expert Comment

    It probably won't in your scenario. Sometimes the thing to remember though is "Just because you can doesn't mean you should".

    The only reason I use DFS on my network is so that when we upgrade servers we don't need to update user profiles and login scripts to reflect the change. Just update DFS and everything else is automagic. There are proper block-level replication solutions which would be suited to your scenario but that seems like overkill for 20 users.

    You have the opportunity to get it right the first time and I don't think DFSR is the right solution to this problem otherwise everyone would be doing it. In the event that corruption does occur, it would take all day to remotely setup 20 user profiles again by the time you diagnose the problem and start fixing it. A few $1000 spent now on a solid, reliable solution is better than 1 day or more of lost productivity and expense for the remote site when they can't do any work. And that's assuming it only happens once.
    LVL 11

    Author Comment

    i do agree thanks, but please can you advise some block level solutions to look into?

    also bear in mind that the profile will need to reference a DFS name space so that the profile is pulled from the correct sever where the user is at...

    how will this be done without DFS?
    LVL 9

    Accepted Solution

    I have certification in what's now called Double Take Availability. It's more of a disaster recovery solution so you have your production servers replicating to a failover which only takes over when it detects that the master is offline. That would assume that you've centralised your infrastructure.

    In your case the better and simpler solution would be to use Terminal Services or Citrix and that's the way most people do it.

    If you really want de-centralised access, you need to accept that there will be trade-offs in performance and will likely need to cough up for extra software or devices such as WAN accelerators. On a standard Windows AD network, when it comes to remote access there's no magic wand that says this person is in this location so I'll load their profile from this server and replicate the changes. Exchange has only just started to support that concept through Distributed Availability Groups and Sites and Services and I would expect other services may be improved in the future, but at the moment it's not something MS does well on their own. You usually need to purchase additional software or hardware.

    Featured Post

    Maximize Your Threat Intelligence Reporting

    Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

    Join & Write a Comment

    Suggested Solutions

    Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
    New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
    To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
    This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now