Trying to get Roaming Profiles to work on a domain with a 2008 R2 Primary DC.
List of things that have been done to configure Roaming Profiles:
- Created a share for the profiles to access on \server1 called UAF (User Account Folders). So the full path to access it is
\\server1\UAF$
. Within the UAF folder is<domainusername>
\profile to contain the folders which are redirected to.
_
So like, if I wanted to access my Desktop directly, I'd go to\\server1\UAF$\<domainusername>\profile\Desktop
.
_
The purpose in putting it within a profile folder is for when a .V6, .V5, etc folders are created (for different versions of Windows).
_
At the moment, the permissions on the Share are Everyone has all privileges. The permissions on the folders are set up according to this TechNet article: https://technet.microsoft.com/en-us/library/jj649079(v=ws.11).aspx i.e.:
_
https://i-technet.sec.s-msft.com/dynimg/IC780823.jpeg
_
WhereRoaming User Profiles
group is the group I have used for permissions to the user folders. - I created a
Roaming Profiles
security group, added the test users to it, then changes their individual profile paths to the correct ones (i.e.\\server1\UAF$\%username%\profile
. I have this security group as the target of the Group Policy Object that tells all the folders to redirect to their appropriate locations within the profile folder in their user folder on UAF$.
_
Note that I'm doing Roaming Profile by User here. Meaning, in the GPO, the path for the Folder Redirection is:GPO > User Configuration > Policies > Windows Settings > Folder Redirection.
- I have disabled
Grant User exclusive rights
for the GPO Folder Redirection as it's a requirement that an Administrator be able to handle those files if necessary and usingtakeown
(imo) should be a last resort.
With the above setup, and the computer as a domain computer, and logged in as a domain test user, I get the following error in the Event Viewer after logging in:
Windows cannot locate the server copy of your roaming profile and is attempting to log you on with your local profile. Changes to the profile will not be copied to the server when you log off. This error may be caused by network problems or insufficient security rights.
DETAIL - The network name cannot be found.
Things I've tried:
- Pinging the server by hostname resolves to the correct IP address on the domain test computer.
- The security settings are identical to the TechNet article and logically should work as they are configured.
- The network share's path for the user profile folders in Folder Redirection is 100% correct, a la copy/paste and triple checking.
I have no idea why it's not working.
This is from a Windows 10 domain computer to a 2008 R2 Domain Controller (updated to the latest forest level it can have). But I've had success with Roaming Profiles on Windows 10 before, so I'm not entirely sure that is it. But I've heard anniversary update breaks some GPO options like "Delete cached profiles on logout", although I am not using that option.
Anyone have any ideas?