Home Folders and Profile Paths in Active Directory

I am setting up an AD server for a client of mine using Windows Server 2019 Standard, and I was wondering, if I don’t set a home folder or profile path, will they just be stored on the local machine from which the user logged in? Should I create either or both of them? I believe the profile path is only necessary if I am creating the user profile as roaming, but please correct me if I am wrong. Also, how do I automate the creation of a home folder when I add a user to the Active Directory? Thanks in advance! :smiley:

You can have a network home folder and still use a local profile. Leave the profile portion empty and only set the home directory.

The folder is automatically created when the user logs in for the first time.

Look at using the group policies for folder redirection, they are super useful.

MS has a best practices guide for setting up the networked home directory share, basically what inherited permissions you want to use to allow owner and admin access but not other users.

Easiest way I’ve found for creating users is with powershell and a CSV file I maintain with Sheets. Especially helpful if you’re using O365, Exchange, or Azure AD.

Most companies I’ve been in don’t bother with roaming profiles. The risk of people bloating up their profiles and causing long logoffs/logins is too great.
I have no experience with folder redirections though.

2 Likes

Thanks! This info is really helpful, but when I created a user profile for myself, and a Test profile, neither one created a home folder on first logging in. :confused:

Under home directory, I have my profiles set to use drive letter H, and it maps to

\\DOMAIN.COM\resources\home\%USERNAME% 

“resources” is the DFS namespace root … for a single server environment you could use

\\SERVER.DOMAIN.COM\homeshare$\%USERNAME%

I recommend using FQDN, rather than just a hostname

If you want to create roaming profiles, you would use a similar string in the profile path. If you’ve already logged into a system with a domain account, before you set the roaming profile option, you’re still using your local profile. You can copy your local profile to the server, and then delete the local copy.

Check this script out;
https://gallery.technet.microsoft.com/scriptcenter/PowerShell-Create-Active-7e6a3978

Screen shot of my personal user account at work

2 Likes

This is really helpful, but I am still running into two problems. The home folders are not being created automatically when the user first logs in, and I cannot seem to make it so that only the owner of the specific home folder can see said folder. :confused:

If the folder is not being created for a brand new user with a DOMAIN account not local account, then your permissions are wrong on the share.

I am mobile right now can’t post links… Do a Google search for the microsoft best practice guide for setting up network home directory share. It explains the permissions needed.

As I recall at a minimum the share should be everyone read+write, and the ntfs folder behind it should have everyone create for the root directory only, and creater/owner read+write or full control for sub-directories.