Solved

Win 2008 DC AD moved user from one GPO to another

Posted on 2013-02-02
13
278 Views
Last Modified: 2013-02-04
I have a pair of Windows 2008 servers as Domain Controllers with Active Directory. I just recently added the second one.  I created a new GPO so I can separate my users by branch office.  I'm having trouble with one users folder redirection.  On the local PC, user acrain's documents folder shows c:\users\acrain.  But it should show \\charleston\acrain.  I noticed while trying to correct the problem that the user was disabled so I enabled it.  But I can't seems to correct the path no matter how many gpupdates /force and log offs I do.
0
Comment
Question by:lantervj
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 4
13 Comments
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 38847687
Its seems that folder redirection policy is not applied.Check the event log on server application/system log you may get evidence to troubleshoot further.

Ensure that permission is set correctly on server for user profile and folder redirection policy is applied to OU where user exist.
http://www.grouppolicy.biz/2010/08/best-practice-roaming-profiles-and-folder-redirection-a-k-a-user-virtualization/

Registry Settings for Folder Redirection in Windows
http://support.microsoft.com/kb/242557
0
 

Author Comment

by:lantervj
ID: 38847991
I thought I was making progress but on the server the users\acrain folder is empty but properties show 320 files in 93 folders. On the client I can find "nearly" that many files and folders. On the client I get the "unsupported library locations" message.

I have a backup folder of documents that I need to copy so this users has access to them through folder redirect.

On the client the documents folder under libraries shows a path of \\charleston\acrain.
0
 
LVL 4

Expert Comment

by:Thomas WERNHER
ID: 38848122
Hi,

have you applied your GPOs on OUs or groups ?
does your Gpos move the content of the document's folder ?
what about it's configuration ?

What is the gpresult /r you've got ?
are the good GPOs Applied ?

Thanks to post more infos :)

Cheers
T
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:lantervj
ID: 38848133
C:\Users\acrain.TA.001>gpupdate
Updating Policy...

User Policy update has completed successfully.
Computer Policy update has completed successfully.


C:\Users\acrain.TA.001>gpresult /r

Microsoft (R) Windows (R) Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001

Created On 2/3/2013 at 3:05:26 AM


RSOP data for TA\acrain on SC132 : Logging Mode
-------------------------------------------------------

OS Configuration:            Member Workstation
OS Version:                  6.1.7601
Site Name:                   N/A
Roaming Profile:             N/A
Local Profile:               C:\Users\acrain.TA.001
Connected over a slow link?: No


USER SETTINGS
--------------
    CN=Alisha Crain,OU=Sourh Carolina Users,DC=ta,DC=dom
    Last time Group Policy was applied: 2/3/2013 at 3:05:01 AM
    Group Policy was applied from:      CHARLESTON.ta.dom
    Group Policy slow link threshold:   500 kbps
    Domain Name:                        TA
    Domain Type:                        Windows 2000

    Applied Group Policy Objects
    -----------------------------
        SC User Folder Redirect

    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
        Default Domain Policy
            Filtering:  Not Applied (Empty)

        Local Group Policy
            Filtering:  Not Applied (Empty)

    The user is a part of the following security groups
    ---------------------------------------------------
        Domain Users
        Everyone
        BUILTIN\Users
        NT AUTHORITY\INTERACTIVE
        CONSOLE LOGON
        NT AUTHORITY\Authenticated Users
        This Organization
        LOCAL
        Medium Mandatory Level
0
 

Author Comment

by:lantervj
ID: 38848135
There are several users in both locations where the folder redirect works just fine.
0
 
LVL 4

Accepted Solution

by:
Thomas WERNHER earned 500 total points
ID: 38848206
Hi,

thanks for posting back.
First point:  your user has an incremented profile.
on win7, generally, it goes ok, but, the better way is to clean that up (on Windows 7, i usually make cleanup of the bad folders in c:\users and rename the c:\users\myuser.001 with its username. then go in the hklm/software/Microsoft/currentversion/profilelist and find your user key, for the local profile, you enter the new path to the good renamed folder..)
BTW, must do that while being connected with another admin user..

then, could you check the shared folder's permissions?
as you said :the folder is \\charleston\acrain
what are the shared folder's permissions and the NTFS permissions on that folder ?

Cheers

T
0
 

Author Comment

by:lantervj
ID: 38849019
\\charleston\acrain did not have permission for domain-users but acrain did have ownership.
0
 
LVL 4

Expert Comment

by:Thomas WERNHER
ID: 38849084
Hi,

As i understand your answer, it's the ntfs permissions you're mentionning?
what about the permissions on the shared folder side?

Cheers.
T
0
 

Author Comment

by:lantervj
ID: 38849152
on the charleston server, the users folder contains the acrain folder and that shows;

allow  domain users          full control   <not inherited>    this folder, subfolders and...
allow  admin(ta\admin)     special          h:\users\               this folder only
allow  system                    full control    h:\users\              this folder, subfolders, and ...

the users folder shows;

allow  administrators(ta     full control   <not inherited>    this folder, subfoldrs, and ...
allow  users(ta\users          special          <not inherited>    this folder only
allow  domain users           special          <not inherited>    this folder only
allow  system                     full control    <not inherited>   this folder, subfolders, and ...
0
 

Author Comment

by:lantervj
ID: 38849248
As administrator, I don't have permission to open a folder under the users folder exceptr for acrain.  That seems very strange.
0
 
LVL 4

Expert Comment

by:Thomas WERNHER
ID: 38849316
Hi,

no, it's just that the users have been granted the exclusive rights on their documents' folders.
have you tried to grant the acrain user full control over her folder (forcing the rights) ?

Cheers.
T
0
 

Author Comment

by:lantervj
ID: 38849426
On the client machine, logged on as acrain, I get logged on with a temporary profile and the document library path is c:\users\temp.  I did give full access for acrain to the \\charleston\acrain folder.
0
 

Author Comment

by:lantervj
ID: 38849761
I found a major problem;  I had to enable network discovery and file sharing.  Duh!
0

Featured Post

Creating Instructional Tutorials  

For Any Use & On Any Platform

Contextual Guidance at the moment of need helps your employees/users adopt software o& achieve even the most complex tasks instantly. Boost knowledge retention, software adoption & employee engagement with easy solution.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article runs through the process of deploying a single EXE application selectively to a group of user.
Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question