Solved

Win 2008 DC AD moved user from one GPO to another

Posted on 2013-02-02
13
274 Views
Last Modified: 2013-02-04
I have a pair of Windows 2008 servers as Domain Controllers with Active Directory. I just recently added the second one.  I created a new GPO so I can separate my users by branch office.  I'm having trouble with one users folder redirection.  On the local PC, user acrain's documents folder shows c:\users\acrain.  But it should show \\charleston\acrain.  I noticed while trying to correct the problem that the user was disabled so I enabled it.  But I can't seems to correct the path no matter how many gpupdates /force and log offs I do.
0
Comment
Question by:lantervj
  • 8
  • 4
13 Comments
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 38847687
Its seems that folder redirection policy is not applied.Check the event log on server application/system log you may get evidence to troubleshoot further.

Ensure that permission is set correctly on server for user profile and folder redirection policy is applied to OU where user exist.
http://www.grouppolicy.biz/2010/08/best-practice-roaming-profiles-and-folder-redirection-a-k-a-user-virtualization/

Registry Settings for Folder Redirection in Windows
http://support.microsoft.com/kb/242557
0
 

Author Comment

by:lantervj
ID: 38847991
I thought I was making progress but on the server the users\acrain folder is empty but properties show 320 files in 93 folders. On the client I can find "nearly" that many files and folders. On the client I get the "unsupported library locations" message.

I have a backup folder of documents that I need to copy so this users has access to them through folder redirect.

On the client the documents folder under libraries shows a path of \\charleston\acrain.
0
 
LVL 4

Expert Comment

by:Thomas WERNHER
ID: 38848122
Hi,

have you applied your GPOs on OUs or groups ?
does your Gpos move the content of the document's folder ?
what about it's configuration ?

What is the gpresult /r you've got ?
are the good GPOs Applied ?

Thanks to post more infos :)

Cheers
T
0
 

Author Comment

by:lantervj
ID: 38848133
C:\Users\acrain.TA.001>gpupdate
Updating Policy...

User Policy update has completed successfully.
Computer Policy update has completed successfully.


C:\Users\acrain.TA.001>gpresult /r

Microsoft (R) Windows (R) Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001

Created On 2/3/2013 at 3:05:26 AM


RSOP data for TA\acrain on SC132 : Logging Mode
-------------------------------------------------------

OS Configuration:            Member Workstation
OS Version:                  6.1.7601
Site Name:                   N/A
Roaming Profile:             N/A
Local Profile:               C:\Users\acrain.TA.001
Connected over a slow link?: No


USER SETTINGS
--------------
    CN=Alisha Crain,OU=Sourh Carolina Users,DC=ta,DC=dom
    Last time Group Policy was applied: 2/3/2013 at 3:05:01 AM
    Group Policy was applied from:      CHARLESTON.ta.dom
    Group Policy slow link threshold:   500 kbps
    Domain Name:                        TA
    Domain Type:                        Windows 2000

    Applied Group Policy Objects
    -----------------------------
        SC User Folder Redirect

    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
        Default Domain Policy
            Filtering:  Not Applied (Empty)

        Local Group Policy
            Filtering:  Not Applied (Empty)

    The user is a part of the following security groups
    ---------------------------------------------------
        Domain Users
        Everyone
        BUILTIN\Users
        NT AUTHORITY\INTERACTIVE
        CONSOLE LOGON
        NT AUTHORITY\Authenticated Users
        This Organization
        LOCAL
        Medium Mandatory Level
0
 

Author Comment

by:lantervj
ID: 38848135
There are several users in both locations where the folder redirect works just fine.
0
 
LVL 4

Accepted Solution

by:
Thomas WERNHER earned 500 total points
ID: 38848206
Hi,

thanks for posting back.
First point:  your user has an incremented profile.
on win7, generally, it goes ok, but, the better way is to clean that up (on Windows 7, i usually make cleanup of the bad folders in c:\users and rename the c:\users\myuser.001 with its username. then go in the hklm/software/Microsoft/currentversion/profilelist and find your user key, for the local profile, you enter the new path to the good renamed folder..)
BTW, must do that while being connected with another admin user..

then, could you check the shared folder's permissions?
as you said :the folder is \\charleston\acrain
what are the shared folder's permissions and the NTFS permissions on that folder ?

Cheers

T
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 

Author Comment

by:lantervj
ID: 38849019
\\charleston\acrain did not have permission for domain-users but acrain did have ownership.
0
 
LVL 4

Expert Comment

by:Thomas WERNHER
ID: 38849084
Hi,

As i understand your answer, it's the ntfs permissions you're mentionning?
what about the permissions on the shared folder side?

Cheers.
T
0
 

Author Comment

by:lantervj
ID: 38849152
on the charleston server, the users folder contains the acrain folder and that shows;

allow  domain users          full control   <not inherited>    this folder, subfolders and...
allow  admin(ta\admin)     special          h:\users\               this folder only
allow  system                    full control    h:\users\              this folder, subfolders, and ...

the users folder shows;

allow  administrators(ta     full control   <not inherited>    this folder, subfoldrs, and ...
allow  users(ta\users          special          <not inherited>    this folder only
allow  domain users           special          <not inherited>    this folder only
allow  system                     full control    <not inherited>   this folder, subfolders, and ...
0
 

Author Comment

by:lantervj
ID: 38849248
As administrator, I don't have permission to open a folder under the users folder exceptr for acrain.  That seems very strange.
0
 
LVL 4

Expert Comment

by:Thomas WERNHER
ID: 38849316
Hi,

no, it's just that the users have been granted the exclusive rights on their documents' folders.
have you tried to grant the acrain user full control over her folder (forcing the rights) ?

Cheers.
T
0
 

Author Comment

by:lantervj
ID: 38849426
On the client machine, logged on as acrain, I get logged on with a temporary profile and the document library path is c:\users\temp.  I did give full access for acrain to the \\charleston\acrain folder.
0
 

Author Comment

by:lantervj
ID: 38849761
I found a major problem;  I had to enable network discovery and file sharing.  Duh!
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

I'm sure that every Windows systems administrator has written, or at least used, a batch or VBS login script at some point in their career, whether it is to map network drives, install printers, or set some user preferences.  No more! With Window…
Resolve DNS query failed errors for Exchange
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now