Solved

Issue with Roaming Profiles.

Posted on 2016-09-14
11
60 Views
Last Modified: 2016-09-19
Hello,
I am getting this error when trying to migrate user profile using ADMT tool. What happens if the user has roaming profile

2016-09-13 04:15:57 Operation completed.

2016-09-13 04:15:55 ERR3:7438 No NTUser.DAT file for adam.barr was found in \\server\RoamingProfiles$\adam.barr.  The roaming profile cannot be migrated.
2016-09-13 04:15:57 Updated user rights for CN=Adam Barr
2016-09-13 04:15:57 Operation completed.
0
Comment
Question by:creative555
  • 6
  • 5
11 Comments
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 41798261
It appears that the roaming profile folder designated is empty or doesn't have a full copy of the user's roaming profile.  If the NTUser.DAT file isn't present, then the roaming profile won't work, so the migration would be unsuccessful.  Have you (can you) check the original roaming profile folder for that user to see if it is fully working?  Is this happening with only one or a few users, or with every user?
0
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 41798266
Also, could be a problem with the path to the roaming profile folder. It looks like your path may not have the full FQDN included. This article has a few suggestions:

https://social.technet.microsoft.com/Forums/windowsserver/en-US/1935b4bc-eabf-4087-9f6d-ffb9b0f564d9/err37438-no-ntuserdat-file-for-user-was-found?forum=winserverDS
0
 

Author Comment

by:creative555
ID: 41798277
Hello,
Thank you so much for such a quick response.

Yes. You are right. I don't see NTUser.DAT file in the shared folder. Also it is happening for more than one user. Folders don't have anything even after I logged of as user and created some pics and documents.

I should also see pictures and documents for that user in that folder. Correct?
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 41798296
If the NTUser.dat file isn't present, then it's not a roaming profile, or the roaming profile isn't working properly.  Also, from the fact that your tests aren't creating any new files or folders in the "profile" folder, it appears that the folders you're looking at aren't functioning as roaming profile folders.  Do you see an actual group policy in place on the domain to create roaming profiles for users?  Is it possible that these are redirected folders but not full roaming profiles?
0
 

Author Comment

by:creative555
ID: 41798333
I didn't setup any GPOs or policy to create roaming profiles...Do I need to in order for them to work? All I did was created shared folder with permissions and specified the path to the folder from ADUC for the Profile path field. Confirmed the folder was created when user logged off. But nothing in that folder was created.

I followed this link to configure roaming profiles.
http://www.avoiderrors.net/create-roaming-profile-on-windows-server-2012/
0
 

Author Comment

by:creative555
ID: 41798353
Can you please also tell me how ADMT processes roaming profiles?

For example, ADMT will re-acl all folders and files that are on local computers. What happens to the roaming folder where Roaming data is stored? Will ADMT process that folder on a different computer as well or is there an additional step needed to re-acl the folders for roaming users on that server?
0
 
LVL 38

Accepted Solution

by:
Hypercat (Deb) earned 500 total points
ID: 41798362
No, you're OK on that except for the permission issues which is probably what's causing your problem.  I was thinking about folder redirection when I mentioned the group policy issue, and I mis-wrote "roaming profile folders."

The permissions are probably the issue.  Although it's not a preferred method for me, using the "Everyone" group with Full permissions for the sharing permissions is OK. However, the NTFS permissions should NOT have the everyone group with full control.  What you need to do with the folders themselves is ensure that the user has Full Control and the Administrators group (local admin, or built-in domain admin if it's a DC) has ownership of all of the roaming profile folders.  Specifically, on the top level profile folder, you should have:

Administrators - full
System - full
Users - Read and execute, list folder contents, and Read

On each individual folder, the user has to have Full Control, and the Users group should not be listed at all. But in order to be able to manage these folders (and migrate them) your Administrator account will also need Full Control of all of those folders (and their contents) if it doesn't already have that level of access.
0
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 41798369
Actually I looked at the ADMT documentation and they recommend slightly different security settings for migrating the profiles.  Look here near the bottom of the article under "Planning for User Profile Migration":

https://technet.microsoft.com/en-us/library/cc974331(v=ws.10).aspx
0
 

Author Closing Comment

by:creative555
ID: 41800859
Thank you so much for your help!!! Yes. Permissions were the issues
0
 

Author Comment

by:creative555
ID: 41802590
thank you so much Hypercat! The issue was resolved and I migrated profiles successfully. I did have to implement two GPOs through to let roaming profiles to load:

Enable the GPO “Do not check for user Ownership of Roaming Profile Folders” for the target domain.

Reference:
https://support.microsoft.com/en-us/kb/327259

I have another issue with roaming profile when logging in from a different computer after migration. Will post it as a new question so you get points for the new issue. thanks so much!!
0
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 41805102
Glad to be helpful, and you're very welcome!!
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question