Solved

Issue with Roaming Profiles.

Posted on 2016-09-14
11
33 Views
Last Modified: 2016-09-19
Hello,
I am getting this error when trying to migrate user profile using ADMT tool. What happens if the user has roaming profile

2016-09-13 04:15:57 Operation completed.

2016-09-13 04:15:55 ERR3:7438 No NTUser.DAT file for adam.barr was found in \\server\RoamingProfiles$\adam.barr.  The roaming profile cannot be migrated.
2016-09-13 04:15:57 Updated user rights for CN=Adam Barr
2016-09-13 04:15:57 Operation completed.
0
Comment
Question by:creative555
  • 6
  • 5
11 Comments
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 41798261
It appears that the roaming profile folder designated is empty or doesn't have a full copy of the user's roaming profile.  If the NTUser.DAT file isn't present, then the roaming profile won't work, so the migration would be unsuccessful.  Have you (can you) check the original roaming profile folder for that user to see if it is fully working?  Is this happening with only one or a few users, or with every user?
0
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 41798266
Also, could be a problem with the path to the roaming profile folder. It looks like your path may not have the full FQDN included. This article has a few suggestions:

https://social.technet.microsoft.com/Forums/windowsserver/en-US/1935b4bc-eabf-4087-9f6d-ffb9b0f564d9/err37438-no-ntuserdat-file-for-user-was-found?forum=winserverDS
0
 

Author Comment

by:creative555
ID: 41798277
Hello,
Thank you so much for such a quick response.

Yes. You are right. I don't see NTUser.DAT file in the shared folder. Also it is happening for more than one user. Folders don't have anything even after I logged of as user and created some pics and documents.

I should also see pictures and documents for that user in that folder. Correct?
0
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 41798296
If the NTUser.dat file isn't present, then it's not a roaming profile, or the roaming profile isn't working properly.  Also, from the fact that your tests aren't creating any new files or folders in the "profile" folder, it appears that the folders you're looking at aren't functioning as roaming profile folders.  Do you see an actual group policy in place on the domain to create roaming profiles for users?  Is it possible that these are redirected folders but not full roaming profiles?
0
 

Author Comment

by:creative555
ID: 41798333
I didn't setup any GPOs or policy to create roaming profiles...Do I need to in order for them to work? All I did was created shared folder with permissions and specified the path to the folder from ADUC for the Profile path field. Confirmed the folder was created when user logged off. But nothing in that folder was created.

I followed this link to configure roaming profiles.
http://www.avoiderrors.net/create-roaming-profile-on-windows-server-2012/
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:creative555
ID: 41798353
Can you please also tell me how ADMT processes roaming profiles?

For example, ADMT will re-acl all folders and files that are on local computers. What happens to the roaming folder where Roaming data is stored? Will ADMT process that folder on a different computer as well or is there an additional step needed to re-acl the folders for roaming users on that server?
0
 
LVL 38

Accepted Solution

by:
Hypercat (Deb) earned 500 total points
ID: 41798362
No, you're OK on that except for the permission issues which is probably what's causing your problem.  I was thinking about folder redirection when I mentioned the group policy issue, and I mis-wrote "roaming profile folders."

The permissions are probably the issue.  Although it's not a preferred method for me, using the "Everyone" group with Full permissions for the sharing permissions is OK. However, the NTFS permissions should NOT have the everyone group with full control.  What you need to do with the folders themselves is ensure that the user has Full Control and the Administrators group (local admin, or built-in domain admin if it's a DC) has ownership of all of the roaming profile folders.  Specifically, on the top level profile folder, you should have:

Administrators - full
System - full
Users - Read and execute, list folder contents, and Read

On each individual folder, the user has to have Full Control, and the Users group should not be listed at all. But in order to be able to manage these folders (and migrate them) your Administrator account will also need Full Control of all of those folders (and their contents) if it doesn't already have that level of access.
0
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 41798369
Actually I looked at the ADMT documentation and they recommend slightly different security settings for migrating the profiles.  Look here near the bottom of the article under "Planning for User Profile Migration":

https://technet.microsoft.com/en-us/library/cc974331(v=ws.10).aspx
0
 

Author Closing Comment

by:creative555
ID: 41800859
Thank you so much for your help!!! Yes. Permissions were the issues
0
 

Author Comment

by:creative555
ID: 41802590
thank you so much Hypercat! The issue was resolved and I migrated profiles successfully. I did have to implement two GPOs through to let roaming profiles to load:

Enable the GPO “Do not check for user Ownership of Roaming Profile Folders” for the target domain.

Reference:
https://support.microsoft.com/en-us/kb/327259

I have another issue with roaming profile when logging in from a different computer after migration. Will post it as a new question so you get points for the new issue. thanks so much!!
0
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 41805102
Glad to be helpful, and you're very welcome!!
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

I was asked if I could set up a fax machine so that incoming faxes were delivered to people's Exchange inboxes and so that they could send faxes from their desktops without needing to print the document first.  I knew it was possible but I had no id…
To effectively work with Diskpart on a Server Core, it is necessary to write some small batch script's, because you can't execute diskpart in a remote powershell session. To get startet, place the Diskpart batch script's into a share on your loca…
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now