[THIN] Re: Roaming profile with Domain extension

  • From: "Stratton, Doug ISMC:EX" <Doug.M.Stratton@xxxxxxxxx>
  • To: <thin@xxxxxxxxxxxxx>
  • Date: Tue, 3 Feb 2009 09:46:58 -0800

Good morning all,
 
Thanks for your comments and here is what I have found so far.
 
1st problem - roaming profile directories want .domain extension
We are pre-creating the roaming profile folders.
In the past we created without the .domain name on the end all worked.
 
What seems to be part of the problem is we are now using an environment
variable and GP (we had this before but not using envir var) setting to
determine the location where these profiles are stored.
We started using an environment variable defined at
hklm\system\CurrentControlSet\Session Manager\Environment 
    We called it SILO which is set to the directory for that silo
    inside that directory we precreate the profile folders (with a
script and all the correct rights)
In the gp that defines where profiles are stored we have it set to
\\server\share\%SILO%
 
If we don't use envirnoment variable it works the same way it has
always.  No domain extension required.
 
2nd problem - profiles not unloading
We do have uphclean loaded but it is not "seeing" a problem with the
profiles not unloading.
person logs on
person logs off
    profile not copied down (when all of the above is working)
    user hive still loaded in memory.
    I can manually go and unload them no errors
    but no profile copied
 
Thanks for any suggestions.
 
Regards, 
Doug Stratton, Shared Service BC 
Service Desk Email: 77000@xxxxxxxxx 
Service Desk Tel: (250)387-7000 
 

________________________________

From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Jim Kenzig http://thin.ms
Sent: February 3, 2009 4:28 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Roaming profile with Domain extension


This sounds right. It seems at our stie.  that even in our home
directory here if we do not have the folder already created for the user
with System:Full , Administrator:Full and the USERs name:Full access
that the created folder does not get the correct permissions.  to the
folder and it adds the .domain to the created folder. It is best to make
a home folder and specify it in AD and then make sure the permissions
are set correctly. The follow scripts will help you get the permissions
set correctly on your users folder.  Change the attached txt files
extensions to .cmd and they will be scripts. Edit as below. 

See Below

Hi Guys,
This stuff was written for us by a vendor.  Our users folders for docs
are F:\users and for profiles F:\profiles, you'll have to edit the
scripts where that is to the drive and directory where you have yours.
Then you run the getusers script and it will get a list of all your
users to use to set the profiles permissions.  It will create a file
called users.txt.  Next run the setprofiles script to set the
permissions on the folders.  What happens is that when the profiles are
created from the top down in W2K3 admins do not have permissions on all
the folders. So if you try to delete or do something with the profile
doesn't always take.  At any rate I would suggest you make a backup of
the profiles/users folders first if you have the disk space prior to
running this and do it when users are not connected if possible.  It has
solved over 99% of our issues with profiles and sets the proper
directory permissions on the server.  The other thing of course we use
is UPHCLEAN from MS on the ws/server to keep profiles cleaned off.  This
is built into VISTA and Server 2008
Get it at
http://www.microsoft.com/downloads/details.aspx?FamilyID=1B286E6D-8912-4
E18-B570-42470E2F3582&displaylang=e
 
You need to download xcacls also and put it in the path get it from
http://support.microsoft.com/kb/318754
 
 This solves a lot of problems.

Jim Kenzig 
Blog: http://www.techblink.com



On Mon, Feb 2, 2009 at 8:39 PM, <christopher.walter@xxxxxxx> wrote:


        I am 99% sure this is normal behavior if you are creating the
profile with a policy.  If it is created in the users AD account profile
then it doesn't happen.  Now with that being said I know you can stop
this from happening with Home directories if you create the director
first and give the user full control to the directory.  If the user does
not have full control then it will create a new directory with the
domain name on the end.  I am not sure if it would work with the profile
but you can give it a shot.
         
        Chris 

________________________________

        From: thin-bounce@xxxxxxxxxxxxx
[mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Stratton, Doug ISMC:EX
        Sent: February 2, 2009 6:58 PM
        To: thin@xxxxxxxxxxxxx
        Subject: [THIN] Roaming profile with Domain extension
        
        

        For some reason we are getting the following problem with our
new servers. 

        W2k3 
        XA 4.5 
        We have Roaming profiles setup 
        We are in a domain. 

        But profiles are not loading. 

        What I found out so far is that it is looking here for the
roaming profile 
        \\servername\sharename\username.domain 

        USERENV(1294.12b0) 15:01:43:704 LoadUserProfile:
lpProfileInfo->lpUserName = <dougtes_s> 
        USERENV(1294.12b0) 15:01:43:704 LoadUserProfile:
lpProfileInfo->lpProfilePath = <\\feat\s002\basic\dougtes_s.OurDomain> 

        Up until now we have never had to have a folder with the domain
name on it.  Once in a while we had domain names added as extension but
that was when profiles were stuck in memory and the person was logging
on a second time.   That is not the case this time.

        Right out of the gate it is appending the domain name to the
end. 

        So my question is what can I do to prevent it from using domain
extension? 

        I am not sure if it is related but profiles are not unloading
either (no errors that I could find in the event log) 


        Regards, 
        Doug Stratton, Shared Service BC 
        Service Desk Email: 77000@xxxxxxxxx 
        Service Desk Tel: (250)387-7000 



        
______________________________________________________________________
        This email has been scanned by the MessageLabs Email Security
System.
        For more information please visit
http://www.messagelabs.com/email 
        
______________________________________________________________________
        


Other related posts: