Solved

Win 2008 DC AD moved user from one GPO to another

Posted on 2013-02-02
13
276 Views
Last Modified: 2013-02-04
I have a pair of Windows 2008 servers as Domain Controllers with Active Directory. I just recently added the second one.  I created a new GPO so I can separate my users by branch office.  I'm having trouble with one users folder redirection.  On the local PC, user acrain's documents folder shows c:\users\acrain.  But it should show \\charleston\acrain.  I noticed while trying to correct the problem that the user was disabled so I enabled it.  But I can't seems to correct the path no matter how many gpupdates /force and log offs I do.
0
Comment
Question by:lantervj
  • 8
  • 4
13 Comments
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 38847687
Its seems that folder redirection policy is not applied.Check the event log on server application/system log you may get evidence to troubleshoot further.

Ensure that permission is set correctly on server for user profile and folder redirection policy is applied to OU where user exist.
http://www.grouppolicy.biz/2010/08/best-practice-roaming-profiles-and-folder-redirection-a-k-a-user-virtualization/

Registry Settings for Folder Redirection in Windows
http://support.microsoft.com/kb/242557
0
 

Author Comment

by:lantervj
ID: 38847991
I thought I was making progress but on the server the users\acrain folder is empty but properties show 320 files in 93 folders. On the client I can find "nearly" that many files and folders. On the client I get the "unsupported library locations" message.

I have a backup folder of documents that I need to copy so this users has access to them through folder redirect.

On the client the documents folder under libraries shows a path of \\charleston\acrain.
0
 
LVL 4

Expert Comment

by:Thomas WERNHER
ID: 38848122
Hi,

have you applied your GPOs on OUs or groups ?
does your Gpos move the content of the document's folder ?
what about it's configuration ?

What is the gpresult /r you've got ?
are the good GPOs Applied ?

Thanks to post more infos :)

Cheers
T
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 

Author Comment

by:lantervj
ID: 38848133
C:\Users\acrain.TA.001>gpupdate
Updating Policy...

User Policy update has completed successfully.
Computer Policy update has completed successfully.


C:\Users\acrain.TA.001>gpresult /r

Microsoft (R) Windows (R) Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001

Created On 2/3/2013 at 3:05:26 AM


RSOP data for TA\acrain on SC132 : Logging Mode
-------------------------------------------------------

OS Configuration:            Member Workstation
OS Version:                  6.1.7601
Site Name:                   N/A
Roaming Profile:             N/A
Local Profile:               C:\Users\acrain.TA.001
Connected over a slow link?: No


USER SETTINGS
--------------
    CN=Alisha Crain,OU=Sourh Carolina Users,DC=ta,DC=dom
    Last time Group Policy was applied: 2/3/2013 at 3:05:01 AM
    Group Policy was applied from:      CHARLESTON.ta.dom
    Group Policy slow link threshold:   500 kbps
    Domain Name:                        TA
    Domain Type:                        Windows 2000

    Applied Group Policy Objects
    -----------------------------
        SC User Folder Redirect

    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
        Default Domain Policy
            Filtering:  Not Applied (Empty)

        Local Group Policy
            Filtering:  Not Applied (Empty)

    The user is a part of the following security groups
    ---------------------------------------------------
        Domain Users
        Everyone
        BUILTIN\Users
        NT AUTHORITY\INTERACTIVE
        CONSOLE LOGON
        NT AUTHORITY\Authenticated Users
        This Organization
        LOCAL
        Medium Mandatory Level
0
 

Author Comment

by:lantervj
ID: 38848135
There are several users in both locations where the folder redirect works just fine.
0
 
LVL 4

Accepted Solution

by:
Thomas WERNHER earned 500 total points
ID: 38848206
Hi,

thanks for posting back.
First point:  your user has an incremented profile.
on win7, generally, it goes ok, but, the better way is to clean that up (on Windows 7, i usually make cleanup of the bad folders in c:\users and rename the c:\users\myuser.001 with its username. then go in the hklm/software/Microsoft/currentversion/profilelist and find your user key, for the local profile, you enter the new path to the good renamed folder..)
BTW, must do that while being connected with another admin user..

then, could you check the shared folder's permissions?
as you said :the folder is \\charleston\acrain
what are the shared folder's permissions and the NTFS permissions on that folder ?

Cheers

T
0
 

Author Comment

by:lantervj
ID: 38849019
\\charleston\acrain did not have permission for domain-users but acrain did have ownership.
0
 
LVL 4

Expert Comment

by:Thomas WERNHER
ID: 38849084
Hi,

As i understand your answer, it's the ntfs permissions you're mentionning?
what about the permissions on the shared folder side?

Cheers.
T
0
 

Author Comment

by:lantervj
ID: 38849152
on the charleston server, the users folder contains the acrain folder and that shows;

allow  domain users          full control   <not inherited>    this folder, subfolders and...
allow  admin(ta\admin)     special          h:\users\               this folder only
allow  system                    full control    h:\users\              this folder, subfolders, and ...

the users folder shows;

allow  administrators(ta     full control   <not inherited>    this folder, subfoldrs, and ...
allow  users(ta\users          special          <not inherited>    this folder only
allow  domain users           special          <not inherited>    this folder only
allow  system                     full control    <not inherited>   this folder, subfolders, and ...
0
 

Author Comment

by:lantervj
ID: 38849248
As administrator, I don't have permission to open a folder under the users folder exceptr for acrain.  That seems very strange.
0
 
LVL 4

Expert Comment

by:Thomas WERNHER
ID: 38849316
Hi,

no, it's just that the users have been granted the exclusive rights on their documents' folders.
have you tried to grant the acrain user full control over her folder (forcing the rights) ?

Cheers.
T
0
 

Author Comment

by:lantervj
ID: 38849426
On the client machine, logged on as acrain, I get logged on with a temporary profile and the document library path is c:\users\temp.  I did give full access for acrain to the \\charleston\acrain folder.
0
 

Author Comment

by:lantervj
ID: 38849761
I found a major problem;  I had to enable network discovery and file sharing.  Duh!
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
WriteBack Attribute permission on domain level 13 70
Interactive Script in Scheduled Task not running 8 31
EXCHANGE, ACTIVE DIRECTORY 1 35
Server timing 4 20
Installing a printer using group policy preferences is not that hard let’s take a look at it. First lets open up your group policy console and edit the policy you want to add it to. I recommend creating a new policy for each printer makes it a l…
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question