Solved

Suggestion for international roaming profiles

Posted on 2014-09-09
5
133 Views
Last Modified: 2014-09-16
Hi,

I work for an organisation with a global workforce. Many of the users frequently travel internationally and for extended periods. Historically we've had all travelling staff, regardless of their location, login into a single site/office (let's call is Site B) to access corporate systems and data. This has often meant poor connection speeds due to some locations having poor comms services. We've recently extended our Active Directory infrastructure to multiple countries and have duplicated a number of services and select data, with the intent being to direct users to the closest site.

The challenge we're having is with roaming profiles and logon performance. (FYI: As staff are often away from the office, we use roaming profiles.) The user's AD profile, documents etc is located in Site B. Currently, when a user logs into Site A or Site C their profile etc in Site B is used, causing very slow login speeds.

I had initially thought of using DFS to replicate all profiles across AD sites. The catch is, according to MS and a stack of forums, DFS doesn't support this model. I tried it anyway and it (DFS) didn't handle it very well. There were far too many reads/writes for it to keep up with.

What I want to achieve is for each user's profile etc to be located in each site. Does anyone have a suggestion on how to achieve this?

Thanks
0
Comment
Question by:AVIVOL
  • 3
  • 2
5 Comments
 
LVL 23

Accepted Solution

by:
Coralon earned 500 total points
ID: 40316135
The key is to get away from roaming profiles in your situation.

Ideally, if you can, give them home directories (or a personal directory -- home directory has some specific implications to the system) on DFS, and then use folder redirection to push a lot of the important folders into those replicated directories.  You should eliminate most of your issues that you are experiencing now.

Coralon
0
 

Author Comment

by:AVIVOL
ID: 40324510
Coralon, just one quick follow up question. Are you saying that a User's AD account shouldn't have anything configured under either the Profile or RDS Profile tab? If so, how do you ensure the user's experience is consistent when logging in from different sites? Folder like AppData will surely have to "follow" the user, correct?
0
 
LVL 23

Expert Comment

by:Coralon
ID: 40327142
You have options for the profiles.  

If you want to use the user's profile tab you can, you will simply point it to the DFS path.. typically something like \\domain.tld\UserProfiles\%username%.  You can also assign it by GPO.. either one will work.  When they connect to the DFS share, They will be connected to the closest share based on their Site settings.    DFS will replicate the directories around.

Now, the other piece of this is the folders you redirect..  You'll redirect things like My Documents and it's children (my videos, my pictures, etc.).  Now, the tricky part is ApplicationData.  That will absolutely require testing with your applications.  Some applications will tolerate it, some won't.  (I've have more that won't tolerate it than will :-\).   The primary issue with redirecting appdata is that performance may suffer depending on how your applications use it.

My own experience has been that appdata really is not super-critical for many applications, and some of the items that are in there, you could more easily script a copy up on logoff and copy down on login to the redirected home directory.  For example - Microsoft Signatures for Outlook.  They are in %appdata%\microsoft\signatures, and scripting them up & down works perfectly well.    

And since your home directories/redirected folders are on DFS, they will replicate everywhere that you let them keeping them local.

If you're willing to spend a little bit of money, you might want to look at Immidio with their Flex Profiles.  In a nutshell, they store the setting in one (or possibly more) zip files that are stored in a configurable location, then you use scripts to save them and write them back up.  (It looks like they really only handle the registry settings.. but the files in the profile may be configurable?)

Coralon
0
 

Author Comment

by:AVIVOL
ID: 40327147
But DFS doesn't support the replication of user Profiles. That was the initial issue I was wanting to resolve via this post. The rate/volume of changes to a user's Profile are too great for DFS to support.

It sounds like I'm back to square one, unless I'm misreading your advice on this.
0
 
LVL 23

Expert Comment

by:Coralon
ID: 40327159
Correct.. you aren't replicating the entire profile.. just *pieces* of the profile.  And you are not pointing a live profile @ DFS.  The ntuser.dat is not being handled by DFS, which is a big part of why MS doesn't support it.  

The other big issue is MS does not handle having the profile being loaded & replicated from different locations at the same time.. they will step on each other and cause problems.  

With these pieces, you are replicating just plain files (folder redirection).  The actual profiles will be local to the machines they are running from.  (I misstated in the earlier post -- you won't point *anything* in GPO's or in the user's tab).   All you will do is use your GPO's for folder redirection and that's it.  

Sorry about that..

Coralon
0

Join & Write a Comment

You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now