Jump to content

How to set different paths for roaming user profiles for OU?

baturin

By baturin
in Networks and the Internet

 Share

Recommended Posts

baturin

baturin

Posted
Posted

Hi!

The problem is to create, say two groups of computers (by mean AD Organization Units) and set for them different shares to store roaming user profiles. I can setup roaming profiles by usual way (create share, set permissions and write profiles path seting in user properties based on %USERNAME%).

By I stuck with the following: how to make two different shares which will keep roaming profiles for different computers in domain? We have computers for different roles and different software installed on them. So, it would be ideal to setup different user profiles for them (all users are same for both types of computers).

I have looked 10 times through group policy object for test OU I created (with one computer inside it), but haven't figured out anything that can help to solve the problem.

I am not mature AD administrator and might be I overlooked something. I have created such thing with Samba NT domain under FreeBSD easily (share path which include machine name %m + using symbolic links).

Does anyone setup similar configuration or can help me with it?

A lot of thanks in advance!


baturin

baturin

Posted
  • Author
Posted (edited)
The only way i could think about is to use a batch script using dsquery and dsmod.

Could you give some more explanaton of this idea for beginner :)?

As I understand this right now: I need to place logon script to manipulate user preferences... Would it work if user will enter more than one computer at one time?

Thank you!

Edited by baturin
RogueSpear

RogueSpear

Posted
Posted

The location for storing roaming profiles is set at the domain level. I don't think that you're going to find an easy solution for storing them in different places as determined by OU membership.

allen2

allen2

Posted
Posted (edited)
As I understand this right now: I need to place logon script to manipulate user preferences... Would it work if user will enter more than one computer at one time?

No that's not what i had in mind, firstly you create 2 Ou named for example Unit1 and unit2 then put users you want to set profiles to share1 into unit1 and users you want to set profiles to share2 into unit2.

Then i would schedule a task to launch something like that (try it before on some tests accounts as i made this lines from memory):

dsquery user Ou=unit1,dc=yourdomain,dc=com|dsmod user -profile share1\%username%
dsquery user Ou=unit2,dc=yourdomain,dc=com|dsmod user -profile share2\%username%

This way each user put in the right Ou will have the right profile.

Edited by allen2
baturin

baturin

Posted
  • Author
Posted
No that's not what i had in mind, firstly you create 2 Ou named for example Unit1 and unit2 then put users you want to set profiles to share1 into unit1 and users you want to set profiles to share2 into unit2.

Then i would schedule a task to launch something like that (try it before on some tests accounts as i made this lines from memory):

dsquery user Ou=unit1,dc=yourdomain,dc=com|dsmod user -profile share1\%username%
dsquery user Ou=unit2,dc=yourdomain,dc=com|dsmod user -profile share2\%username%

This way each user put in the right Ou will have the right profile.

Thank you, just now it is clear. What you suggest is how to setup different paths for different users. Istead of this I need different profiles paths for same users logging on different computers.

It seems that I should agree with RogueSpear:

The location for storing roaming profiles is set at the domain level. I don't think that you're going to find an easy solution for storing them in different places as determined by OU membership.

One possible solution I could see is to setup two domains, but this is really huge overkill in my case (for this I will need at least another one DC).

allen2

allen2

Posted
Posted (edited)

If you absolutely want same user account to use different profiles path then i don't really see the point of using a roaming profile for users. But anyways you can set the AD rights to allow each user to modify his own account profile path and then use a logon script to make the switch. But a user still have to log twice to use the right share. And you might encounter stranges behaviours as if a user log onto a computer from Ou1 and log onto a computer from Ou2 then his profile from Ou1 would be first copied to the computer and then at his next logon on this computer his profile from Ou2 would be copied and replace the original profile.

There is perhaps a simplier solution:

If your profiles shares are set the same way, you could use a netbios alias which would use one server or another depending the computer.

Ex: Computers from Ou1 must use share1 which is \\server1\profiles\%username% and of course there's a different folder for each user. Computers from Ou2 must use share2 which is \\server2\profiles\%username%....

In this case, you can set up an alias either by using the lmhosts file or a Static wins entry (if you use wins you need at least two wins server which must not be synchronised).

For our example, you'd have to set profiles for all users to "profilesserver" and use a gpo to modify each computer lmhosts or wins configuration to use either server1 or server2:

server1 has IP1 as ip address

server2 has IP2 as ip address

If you add with a gpo, the following line to lmhosts of computers from Ou1:

IP1 profilesserver #PRE

Each user using thoose computers will use server1.

Edited by allen2
baturin

baturin

Posted
  • Author
Posted
If you absolutely want same user account to use different profiles path then i don't really see the point of using a roaming profile for users. But anyways you can set the AD rights to allow each user to modify his own account profile path and then use a logon script to make the switch. But a user still have to log twice to use the right share. And you might encounter stranges behaviours as if a user log onto a computer from Ou1 and log onto a computer from Ou2 then his profile from Ou1 would be first copied to the computer and then at his next logon on this computer his profile from Ou2 would be copied and replace the original profile.

There is perhaps a simplier solution:

If your profiles shares are set the same way, you could use a netbios alias which would use one server or another depending the computer.

Ex: Computers from Ou1 must use share1 which is \\server1\profiles\%username% and of course there's a different folder for each user. Computers from Ou2 must use share2 which is \\server2\profiles\%username%....

In this case, you can set up an alias either by using the lmhosts file or a Static wins entry (if you use wins you need at least two wins server which must not be synchronised).

For our example, you'd have to set profiles for all users to "profilesserver" and use a gpo to modify each computer lmhosts or wins configuration to use either server1 or server2:

server1 has IP1 as ip address

server2 has IP2 as ip address

If you add with a gpo, the following line to lmhosts of computers from Ou1:

IP1 profilesserver #PRE

Each user using thoose computers will use server1.

Thank you for your response!

Roaming profiles is needed because we don’t have two computers, but about 20 and 40/60 ratio of different computer types. So instead of 20+ local profiles I (and users) will need to manage only 2 of them. With favorites, My Documents etc redirected to server user profile itself will have mostly application settings.

I agree, that modification of profile path each time can give a mess and it is not interesting in our case.

The idea of modifying the same path into different for different computer is interesting. I should, at least, try it. The only contra about it is that we have just one server :).

Maybe, due to lack of elegant and standart solution it would be better to forget about that idea.

RogueSpear

RogueSpear

Posted
Posted

I used roaming profiles for years at my main job and finally just ditched them about a year and a half ago. The idea behind roaming profiles is nice and all, but even when it's properly configured, all kinds of things can and do go wrong.

So what I finally did was add functionality to my domain level machine script that checks to see if there is a newer Default User profile at a specified location on each boot up. If it finds a newer one, it copies it down to the client. I still have My Documents redirected via Group Policy.

You may want to give this some consideration as it will save a fair amount of time each time someone logs off and then someone else logs in. As a side benefit, my servers are pretty happy they don't have to deal with the extra 250,000 or so files.

baturin

baturin

Posted
  • Author
Posted

Oops, the problem appears to have very simple and elegant solution :). Thanks to Frank Röder for his answer at http://www.microsoft.com/technet/community...91-1df618dedaca

The key to success is to have some environment variable (say comptype=foo or comptype=foo2) on different machines and set profile path using ...\%comptype%\%username%\.

That's all. I have tested and it works fine.

Env variables can be set by OU-based group policy. I have made it through registry modification using DesktopStandard PolyciMakerRegistryExtension (free tool).

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...