Suggestion for international roaming profiles

Posted on 2014-09-09
Medium Priority
Last Modified: 2014-09-16

I work for an organisation with a global workforce. Many of the users frequently travel internationally and for extended periods. Historically we've had all travelling staff, regardless of their location, login into a single site/office (let's call is Site B) to access corporate systems and data. This has often meant poor connection speeds due to some locations having poor comms services. We've recently extended our Active Directory infrastructure to multiple countries and have duplicated a number of services and select data, with the intent being to direct users to the closest site.

The challenge we're having is with roaming profiles and logon performance. (FYI: As staff are often away from the office, we use roaming profiles.) The user's AD profile, documents etc is located in Site B. Currently, when a user logs into Site A or Site C their profile etc in Site B is used, causing very slow login speeds.

I had initially thought of using DFS to replicate all profiles across AD sites. The catch is, according to MS and a stack of forums, DFS doesn't support this model. I tried it anyway and it (DFS) didn't handle it very well. There were far too many reads/writes for it to keep up with.

What I want to achieve is for each user's profile etc to be located in each site. Does anyone have a suggestion on how to achieve this?

Question by:AVIVOL
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
LVL 25

Accepted Solution

Coralon earned 1500 total points
ID: 40316135
The key is to get away from roaming profiles in your situation.

Ideally, if you can, give them home directories (or a personal directory -- home directory has some specific implications to the system) on DFS, and then use folder redirection to push a lot of the important folders into those replicated directories.  You should eliminate most of your issues that you are experiencing now.


Author Comment

ID: 40324510
Coralon, just one quick follow up question. Are you saying that a User's AD account shouldn't have anything configured under either the Profile or RDS Profile tab? If so, how do you ensure the user's experience is consistent when logging in from different sites? Folder like AppData will surely have to "follow" the user, correct?
LVL 25

Expert Comment

ID: 40327142
You have options for the profiles.  

If you want to use the user's profile tab you can, you will simply point it to the DFS path.. typically something like \\domain.tld\UserProfiles\%username%.  You can also assign it by GPO.. either one will work.  When they connect to the DFS share, They will be connected to the closest share based on their Site settings.    DFS will replicate the directories around.

Now, the other piece of this is the folders you redirect..  You'll redirect things like My Documents and it's children (my videos, my pictures, etc.).  Now, the tricky part is ApplicationData.  That will absolutely require testing with your applications.  Some applications will tolerate it, some won't.  (I've have more that won't tolerate it than will :-\).   The primary issue with redirecting appdata is that performance may suffer depending on how your applications use it.

My own experience has been that appdata really is not super-critical for many applications, and some of the items that are in there, you could more easily script a copy up on logoff and copy down on login to the redirected home directory.  For example - Microsoft Signatures for Outlook.  They are in %appdata%\microsoft\signatures, and scripting them up & down works perfectly well.    

And since your home directories/redirected folders are on DFS, they will replicate everywhere that you let them keeping them local.

If you're willing to spend a little bit of money, you might want to look at Immidio with their Flex Profiles.  In a nutshell, they store the setting in one (or possibly more) zip files that are stored in a configurable location, then you use scripts to save them and write them back up.  (It looks like they really only handle the registry settings.. but the files in the profile may be configurable?)


Author Comment

ID: 40327147
But DFS doesn't support the replication of user Profiles. That was the initial issue I was wanting to resolve via this post. The rate/volume of changes to a user's Profile are too great for DFS to support.

It sounds like I'm back to square one, unless I'm misreading your advice on this.
LVL 25

Expert Comment

ID: 40327159
Correct.. you aren't replicating the entire profile.. just *pieces* of the profile.  And you are not pointing a live profile @ DFS.  The ntuser.dat is not being handled by DFS, which is a big part of why MS doesn't support it.  

The other big issue is MS does not handle having the profile being loaded & replicated from different locations at the same time.. they will step on each other and cause problems.  

With these pieces, you are replicating just plain files (folder redirection).  The actual profiles will be local to the machines they are running from.  (I misstated in the earlier post -- you won't point *anything* in GPO's or in the user's tab).   All you will do is use your GPO's for folder redirection and that's it.  

Sorry about that..


Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Suggested Courses

766 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question