W2008: new location for folder redirection does not work

hi there... to make a long story short i was forced to use the old name from
a demoted DC on a new w2008 installation.
Now i am about to change that name but i realized it isnt that easy as i
thought.

I changed the GPO for Redirecting Folders to the new server-name, since the
share is located on the DC:

Before: \\server01\share$

New: \\srv01\share$

I rebooted the DC (to make the name-change take effect), and i tried to
login from a client (XP). The problem is that the synchronization/folder
redirection on the clients still thinks that the old servername
(\\server01\share$) is the right place... which it isnt and therefore the
synch fails.

I have ran gpupdate /force and gpresults /z showing that the current GPO
(that enables and activate the new path for Redirecting Folder) has been
activated on the XP-client.

I have looked in the regedit HKU\<user id>\ and by searching i get results
on the old servername... when trying to edit and put in the new server-name,
logging out (of XP) and logging in, running regedit, my input has been
overwritten and put back to 'normal' with old server-settings.

I have red sone posts on other forums related to this and they finally ends
up deleting the user from AD, and the profile-dir at Documents and Settings
on client, (backing up the document-folder on the server) and create the user
again (in the AD) and then make it work that way.

My question is therefore: does it really takes a deletion of a user, wiping
all settings except whats backed up, to change a Folder Redirection in the
GPO?
Its a bit frustrating...

 

Hello Kian,

Do you use offline folder settings also, then disable that for testing? Any
errors in the event viewer?

On the new server share permissions are Full control and the NTFS permissions
at least modify for the user folders?

Also see this article:
http://support.microsoft.com/kb/951049


We should try to collect Userenv.log on the XP machine:

1. Start Registry Editor.

2. Locate and then click the following registry subkey:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon

3. Right-click and new add DWORD(32-bit) with the Value of "UserEnvDebugLevel"


4. Type in 100002(Hexadecimal) or 65538(Decimal) in the Value data box, and
then click OK.

5. Reboot the problematic computer to make the change take into effect.

The Userenv.log is located in the following folder:
%SYSTEMDRIVE%\Debug\UserMode\



Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> hi there... to make a long story short i was forced to use the old
> name from a demoted DC on a new w2008 installation. Now i am about to
> change that name but i realized it isnt that easy as i thought.
>
> I changed the GPO for Redirecting Folders to the new server-name,
> since the share is located on the DC:
>
> Before: \\server01\share$
>
> New: \\srv01\share$
>
> I rebooted the DC (to make the name-change take effect), and i tried
> to login from a client (XP). The problem is that the
> synchronization/folder redirection on the clients still thinks that
> the old servername (\\server01\share$) is the right place... which it
> isnt and therefore the synch fails.
>
> I have ran gpupdate /force and gpresults /z showing that the current
> GPO (that enables and activate the new path for Redirecting Folder)
> has been activated on the XP-client.
>
> I have looked in the regedit HKU\<user id>\ and by searching i get
> results on the old servername... when trying to edit and put in the
> new server-name, logging out (of XP) and logging in, running regedit,
> my input has been overwritten and put back to 'normal' with old
> server-settings.
>
> I have red sone posts on other forums related to this and they finally
> ends up deleting the user from AD, and the profile-dir at Documents
> and Settings on client, (backing up the document-folder on the server)
> and create the user again (in the AD) and then make it work that way.
>
> My question is therefore: does it really takes a deletion of a user,
> wiping
> all settings except whats backed up, to change a Folder Redirection in
> the
> GPO?
> Its a bit frustrating...

 

Hello Kian,

Also let's check :
Collect folder redirection logging (fdeploy.log)

To enable folder redirection logging on the client computer, follow these
steps:

1. Log on to the computer on which you want to enable folder redirection
logging.

Please note: You need to log on as an administrator.

2. Click Start, click Run, type regedit in the Open box, and then click OK.

3 .Locate and then click the following registry subkey:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Diagnostics

4. On the Edit menu, point to New, and then click DWORD.

5. Type FdeployDebugLevel, and then press ENTER.

6. Right-click FdeployDebugLevel, click Modify, type 0x0000000F in the Value
data box, and then click OK.

The default FdeployDebugLevel value is 0x00000000.

Please note: After you finish troubleshooting, disable folder redirection
logging to free resources.

The folder redirection log is located in the path: %Systemroot%\debug\usermode\fdeploy.log

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> hi there... to make a long story short i was forced to use the old
> name from a demoted DC on a new w2008 installation. Now i am about to
> change that name but i realized it isnt that easy as i thought.
>
> I changed the GPO for Redirecting Folders to the new server-name,
> since the share is located on the DC:
>
> Before: \\server01\share$
>
> New: \\srv01\share$
>
> I rebooted the DC (to make the name-change take effect), and i tried
> to login from a client (XP). The problem is that the
> synchronization/folder redirection on the clients still thinks that
> the old servername (\\server01\share$) is the right place... which it
> isnt and therefore the synch fails.
>
> I have ran gpupdate /force and gpresults /z showing that the current
> GPO (that enables and activate the new path for Redirecting Folder)
> has been activated on the XP-client.
>
> I have looked in the regedit HKU\<user id>\ and by searching i get
> results on the old servername... when trying to edit and put in the
> new server-name, logging out (of XP) and logging in, running regedit,
> my input has been overwritten and put back to 'normal' with old
> server-settings.
>
> I have red sone posts on other forums related to this and they finally
> ends up deleting the user from AD, and the profile-dir at Documents
> and Settings on client, (backing up the document-folder on the server)
> and create the user again (in the AD) and then make it work that way.
>
> My question is therefore: does it really takes a deletion of a user,
> wiping
> all settings except whats backed up, to change a Folder Redirection in
> the
> GPO?
> Its a bit frustrating...

 

I can see that your answer forces me to go a little deeper... maybe i should
have done that in the first run but here goes the historie:

Once upon a time we used to emulate Windows 2003 as a DC together with a few
other servers. At that time the DC-servar was called, lets say, server-01
Along with the economic crisis alot more customers wanted us to create them
a new website and the company expanded a little. As always the system
administration doesnt get much value... but finally i knocked my fist in the
table and spittingly asked for more servers. I got permission to go
shopping-nutch at dell.com and i bought two new servers.

One of the new servers was to take over the DC-role from the emulated W2003.
So i installed W2008 and wanted to overtake the AD by joining to the
forrest. I never got that up working - a DNS-error comlpicated the process
and i ended up starting from the beginning building a new DC. I thought that
keeping the old emulated DC's name might be a good idea - so that the clients
and the other servers didnt go gaga. I had a hard job emigrating the Document
and Settings\<user>-folder on all the clients - the clients had to join a new
server though the domain name was the same as before. But i finally tweaked
it and all the users kept their program settings locally.

So now i would really like to change the new DCs name. It still has the old
name from th eemulated one and it just dosnt make sense keeping that name -
mostly because it reflects that the server is a emulated one (which it isnt
anymore).
So the name should be changed!

And to answer your questions:

Offline folders? isnt that just the same as Folder Redirection? The only GPO
i have applied is Folder Direction > Documents. Setting the properties to
Basic - Redirect everyone's folder.... bla bla bla, and Create a folder for
each user under the root path, and Root path: \\[new or old server
path]\mydocuments$
In the Settings-tab i have enabled the two first checkboxes, the third is
not checked. Under Policy Removal i have marked the first option. And thats
about it... i have no more settings related to Folder Redirection/Synch

As for your next question about permission: since the path is intact -
nothing has changed but the server-name the permissions are also the same
meaning that the clients still keeps their permissions... so nothing changed.
The folder the clients uses, is still the same and i havent moved or copied
anything (just a backup to make sure)...

I'll go report the .log-file in a few minutes.
I just finally need to say that it is not a specific computer that wont use
the Folder Redirection - its all of the clients in the forest. I dont get any
error in the eventvwr.msc related to Folder Redirection - but when i log out
the sync starts and stops telling that the path could not be found (or
somthing - i cant remember the specific error - but i'll write it down next
time)...

Brb with the log..

and thanks

// peter

"Meinolf Weber [MVP-DS]" wrote:

> Hello Kian,
>
> Do you use offline folder settings also, then disable that for testing? Any
> errors in the event viewer?
>
> On the new server share permissions are Full control and the NTFS permissions
> at least modify for the user folders?
>
> Also see this article:
> http://support.microsoft.com/kb/951049
>
>
> We should try to collect Userenv.log on the XP machine:
>
> 1. Start Registry Editor.
>
> 2. Locate and then click the following registry subkey:
>
> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
>
> 3. Right-click and new add DWORD(32-bit) with the Value of "UserEnvDebugLevel"
>
>
> 4. Type in 100002(Hexadecimal) or 65538(Decimal) in the Value data box, and
> then click OK.
>
> 5. Reboot the problematic computer to make the change take into effect.
>
> The Userenv.log is located in the following folder:
> %SYSTEMDRIVE%\Debug\UserMode\
>
>
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and confers
> no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>
> > hi there... to make a long story short i was forced to use the old
> > name from a demoted DC on a new w2008 installation. Now i am about to
> > change that name but i realized it isnt that easy as i thought.
> >
> > I changed the GPO for Redirecting Folders to the new server-name,
> > since the share is located on the DC:
> >
> > Before: \\server01\share$
> >
> > New: \\srv01\share$
> >
> > I rebooted the DC (to make the name-change take effect), and i tried
> > to login from a client (XP). The problem is that the
> > synchronization/folder redirection on the clients still thinks that
> > the old servername (\\server01\share$) is the right place... which it
> > isnt and therefore the synch fails.
> >
> > I have ran gpupdate /force and gpresults /z showing that the current
> > GPO (that enables and activate the new path for Redirecting Folder)
> > has been activated on the XP-client.
> >
> > I have looked in the regedit HKU\<user id>\ and by searching i get
> > results on the old servername... when trying to edit and put in the
> > new server-name, logging out (of XP) and logging in, running regedit,
> > my input has been overwritten and put back to 'normal' with old
> > server-settings.
> >
> > I have red sone posts on other forums related to this and they finally
> > ends up deleting the user from AD, and the profile-dir at Documents
> > and Settings on client, (backing up the document-folder on the server)
> > and create the user again (in the AD) and then make it work that way.
> >
> > My question is therefore: does it really takes a deletion of a user,
> > wiping
> > all settings except whats backed up, to change a Folder Redirection in
> > the
> > GPO?
> > Its a bit frustrating...
>
>
>

 

Okay... i don't get anything from the results of the .log-file but here it
goes:

USERENV(80c.ee0) 18:07:49:480 GetUserNameAndDomain: MyGetUserNameEx failed
for NT4 style name with 1115
USERENV(3c4.3c8) 18:09:02:593 CUserProfile::CleanupUserProfile: Ref Count is
not 0
USERENV(3c4.3c8) 18:09:02:593 CUserProfile::CleanupUserProfile: Ref Count is
not 0
USERENV(3c4.3c8) 18:09:02:593 CUserProfile::CleanupUserProfile: Ref Count is
not 0
USERENV(3c4.3c8) 18:09:02:593 CUserProfile::CleanupUserProfile: Ref Count is
not 0
USERENV(3c4.3c8) 18:09:02:593 CUserProfile::CleanupUserProfile: Ref Count is
not 0
USERENV(3c4.c40) 18:11:27:390 PolicyChangedThread: UpdateUser failed with 6.

to me its not useful at all


// peter


"Meinolf Weber [MVP-DS]" wrote:

> Hello Kian,
>
> Do you use offline folder settings also, then disable that for testing? Any
> errors in the event viewer?
>
> On the new server share permissions are Full control and the NTFS permissions
> at least modify for the user folders?
>
> Also see this article:
> http://support.microsoft.com/kb/951049
>
>
> We should try to collect Userenv.log on the XP machine:
>
> 1. Start Registry Editor.
>
> 2. Locate and then click the following registry subkey:
>
> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
>
> 3. Right-click and new add DWORD(32-bit) with the Value of "UserEnvDebugLevel"
>
>
> 4. Type in 100002(Hexadecimal) or 65538(Decimal) in the Value data box, and
> then click OK.
>
> 5. Reboot the problematic computer to make the change take into effect.
>
> The Userenv.log is located in the following folder:
> %SYSTEMDRIVE%\Debug\UserMode\
>
>
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and confers
> no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>
> > hi there... to make a long story short i was forced to use the old
> > name from a demoted DC on a new w2008 installation. Now i am about to
> > change that name but i realized it isnt that easy as i thought.
> >
> > I changed the GPO for Redirecting Folders to the new server-name,
> > since the share is located on the DC:
> >
> > Before: \\server01\share$
> >
> > New: \\srv01\share$
> >
> > I rebooted the DC (to make the name-change take effect), and i tried
> > to login from a client (XP). The problem is that the
> > synchronization/folder redirection on the clients still thinks that
> > the old servername (\\server01\share$) is the right place... which it
> > isnt and therefore the synch fails.
> >
> > I have ran gpupdate /force and gpresults /z showing that the current
> > GPO (that enables and activate the new path for Redirecting Folder)
> > has been activated on the XP-client.
> >
> > I have looked in the regedit HKU\<user id>\ and by searching i get
> > results on the old servername... when trying to edit and put in the
> > new server-name, logging out (of XP) and logging in, running regedit,
> > my input has been overwritten and put back to 'normal' with old
> > server-settings.
> >
> > I have red sone posts on other forums related to this and they finally
> > ends up deleting the user from AD, and the profile-dir at Documents
> > and Settings on client, (backing up the document-folder on the server)
> > and create the user again (in the AD) and then make it work that way.
> >
> > My question is therefore: does it really takes a deletion of a user,
> > wiping
> > all settings except whats backed up, to change a Folder Redirection in
> > the
> > GPO?
> > Its a bit frustrating...
>
>
>

 

I did the fdeploy and i got the following text... i have included a
translation bellow (this is what you get when your leader insists on using
local language - i dont like that at all):

18:25:14:390 Angiver udvidelsen til omdirigering af mappe
18:25:14:437 Flag = 0x1090
18:25:14:500 Afslutter, da der ikke er foretaget ændringer af politik siden
sidste kørsel.

Translated into:
Specifies the extension for folder redirection
Flag = 0x1090
Ended due to no policy has changed since last run.


hope it helps
// peter



"Meinolf Weber [MVP-DS]" wrote:

> Hello Kian,
>
> Also let's check :
> Collect folder redirection logging (fdeploy.log)
>
> To enable folder redirection logging on the client computer, follow these
> steps:
>
> 1. Log on to the computer on which you want to enable folder redirection
> logging.
>
> Please note: You need to log on as an administrator.
>
> 2. Click Start, click Run, type regedit in the Open box, and then click OK.
>
> 3 .Locate and then click the following registry subkey:
>
> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Diagnostics
>
> 4. On the Edit menu, point to New, and then click DWORD.
>
> 5. Type FdeployDebugLevel, and then press ENTER.
>
> 6. Right-click FdeployDebugLevel, click Modify, type 0x0000000F in the Value
> data box, and then click OK.
>
> The default FdeployDebugLevel value is 0x00000000.
>
> Please note: After you finish troubleshooting, disable folder redirection
> logging to free resources.
>
> The folder redirection log is located in the path: %Systemroot%\debug\usermode\fdeploy.log
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and confers
> no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>
> > hi there... to make a long story short i was forced to use the old
> > name from a demoted DC on a new w2008 installation. Now i am about to
> > change that name but i realized it isnt that easy as i thought.
> >
> > I changed the GPO for Redirecting Folders to the new server-name,
> > since the share is located on the DC:
> >
> > Before: \\server01\share$
> >
> > New: \\srv01\share$
> >
> > I rebooted the DC (to make the name-change take effect), and i tried
> > to login from a client (XP). The problem is that the
> > synchronization/folder redirection on the clients still thinks that
> > the old servername (\\server01\share$) is the right place... which it
> > isnt and therefore the synch fails.
> >
> > I have ran gpupdate /force and gpresults /z showing that the current
> > GPO (that enables and activate the new path for Redirecting Folder)
> > has been activated on the XP-client.
> >
> > I have looked in the regedit HKU\<user id>\ and by searching i get
> > results on the old servername... when trying to edit and put in the
> > new server-name, logging out (of XP) and logging in, running regedit,
> > my input has been overwritten and put back to 'normal' with old
> > server-settings.
> >
> > I have red sone posts on other forums related to this and they finally
> > ends up deleting the user from AD, and the profile-dir at Documents
> > and Settings on client, (backing up the document-folder on the server)
> > and create the user again (in the AD) and then make it work that way.
> >
> > My question is therefore: does it really takes a deletion of a user,
> > wiping
> > all settings except whats backed up, to change a Folder Redirection in
> > the
> > GPO?
> > Its a bit frustrating...
>
>
>

 

Hello Kian,

See inline.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> I can see that your answer forces me to go a little deeper... maybe i
> should have done that in the first run but here goes the historie:
>
> Once upon a time we used to emulate Windows 2003 as a DC together with
> a few other servers. At that time the DC-servar was called, lets say,
> server-01 Along with the economic crisis alot more customers wanted us
> to create them a new website and the company expanded a little. As
> always the system administration doesnt get much value... but finally
> i knocked my fist in the table and spittingly asked for more servers.
> I got permission to go shopping-nutch at dell.com and i bought two new
> servers.

What is an "emulated" 2003 DC? Please clarify.

> One of the new servers was to take over the DC-role from the emulated
> W2003.
> So i installed W2008 and wanted to overtake the AD by joining to the
> forrest. I never got that up working - a DNS-error comlpicated the
> process
> and i ended up starting from the beginning building a new DC. I
> thought that
> keeping the old emulated DC's name might be a good idea - so that the
> clients
> and the other servers didnt go gaga. I had a hard job emigrating the
> Document
> and Settings\<user>-folder on all the clients - the clients had to
> join a new
> server though the domain name was the same as before. But i finally
> tweaked
> it and all the users kept their program settings locally.

Well, normally it is an simple step to add a 2008 server to a 2003 domain
and promote it as additional DC. A DNS error should be solvedwith not that
much effort. Anyway, so you created a new forest with the same name as the
old one, join all client's to the new domain, created new domain user accounts
etc. etc.? Then you copied the content from c:\document and settings\username
to the new created profile c:\document and settings\username.new?

> So now i would really like to change the new DCs name. It still has
> the old
> name from th eemulated one and it just dosnt make sense keeping that
> name -
> mostly because it reflects that the server is a emulated one (which it
> isnt
> anymore).

I think renaming the DC will not solve your problem with the clients, when
you go the steps i assmued above the profiles are poiting to the old server
becasue of the profile copying from old domain to new domain.

> So the name should be changed!
> And to answer your questions:
>
> Offline folders? isnt that just the same as Folder Redirection?

Folder redirection does just that, folders such as My Documents, Application
Data, Desktop, etc., are redirected to a server folder.

Offline files is sometimes used in conjunction with this (or without), but
isn't the same thing - it creates a local sync'd copy of that data on the
hard drive. They are often used for mobile users.

> The
> only GPO
> i have applied is Folder Direction > Documents. Setting the properties
> to
> Basic - Redirect everyone's folder.... bla bla bla, and Create a
> folder for
> each user under the root path, and Root path: \\[new or old server
> path]\mydocuments$
> In the Settings-tab i have enabled the two first checkboxes, the third
> is
> not checked. Under Policy Removal i have marked the first option. And
> thats
> about it... i have no more settings related to Folder
> Redirection/Synch
> As for your next question about permission: since the path is intact -
> nothing has changed but the server-name the permissions are also the
> same meaning that the clients still keeps their permissions... so
> nothing changed. The folder the clients uses, is still the same and i
> havent moved or copied anything (just a backup to make sure)...
>

 

Hello Kian,

Please post the following information:

1. Unedited ipconfig /all from your DC, and one of your clients..
2. The exact zone name spelling in DNS and whether updates are allowed on
the
zone.
3. The AD DNS domain name shown in AD UC.
4. If the SRV records exist under the DNS forward lookup zone.
5. Any errors in the Event logs on the DC under System, Replication Service
and Directory Services
6. Dcdiag /v /fix > c:\dcdiag.log
7. Netdiag /v /fix > c:\netdiag.log
8. More than one subnet?
9. Forwarder(s) configured?
10. How many DCs are there?
11. How many AD Sites?

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> CUserProfile::CleanupUserProfile: Ref Count is not 0
>

 

See inline then:

"Meinolf Weber [MVP-DS]" wrote:

> Hello Kian,
>
> See inline.
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and confers
> no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>
> > I can see that your answer forces me to go a little deeper... maybe i
> > should have done that in the first run but here goes the historie:
> >
> > Once upon a time we used to emulate Windows 2003 as a DC together with
> > a few other servers. At that time the DC-servar was called, lets say,
> > server-01 Along with the economic crisis alot more customers wanted us
> > to create them a new website and the company expanded a little. As
> > always the system administration doesnt get much value... but finally
> > i knocked my fist in the table and spittingly asked for more servers.
> > I got permission to go shopping-nutch at dell.com and i bought two new
> > servers.
>
> What is an "emulated" 2003 DC? Please clarify.

Using VMWare... you know - like HyperV just another app for doing almost the
same... so we had a powerful server vmware-ing two servers - one of them was
this Windows 2003 DC.

>
> > One of the new servers was to take over the DC-role from the emulated
> > W2003.
> > So i installed W2008 and wanted to overtake the AD by joining to the
> > forrest. I never got that up working - a DNS-error comlpicated the
> > process
> > and i ended up starting from the beginning building a new DC. I
> > thought that
> > keeping the old emulated DC's name might be a good idea - so that the
> > clients
> > and the other servers didnt go gaga. I had a hard job emigrating the
> > Document
> > and Settings\<user>-folder on all the clients - the clients had to
> > join a new
> > server though the domain name was the same as before. But i finally
> > tweaked
> > it and all the users kept their program settings locally.
>
> Well, normally it is an simple step to add a 2008 server to a 2003 domain
> and promote it as additional DC. A DNS error should be solvedwith not that
> much effort. Anyway, so you created a new forest with the same name as the
> old one, join all client's to the new domain, created new domain user accounts
> etc. etc.? Then you copied the content from c:\document and settings\username
> to the new created profile c:\document and settings\username.new?

thats what everyone keeps telling me - about the simplicity Although i
spend more than 75 hours on six days from start to end - about 40 hours of
trying to demote. Then 30-or-something on starting up a new enviroment
including finding a way how to export/import all the users on clients.
Bascially your right in your 'copy content' but it isnt that easy because of
owner rights and such.
But yes! youre right what youre saying.

>
> > So now i would really like to change the new DCs name. It still has
> > the old
> > name from th eemulated one and it just dosnt make sense keeping that
> > name -
> > mostly because it reflects that the server is a emulated one (which it
> > isnt
> > anymore).
>
> I think renaming the DC will not solve your problem with the clients, when
> you go the steps i assmued above the profiles are poiting to the old server
> becasue of the profile copying from old domain to new domain.

When you say 'copy' there might be a chance that you misunderstood. I
haven't copied anything on the DC level. The new DC is shinny new. I had to
create all the users and join all the computers to the new AD (and the new,
'same', architecture - you know - OU's and user groups). No settings has been
copied from the old DC to the new, except for all the users My
Document-folder (which is just a bunch of files). So no settings copy
there... (which gave me serious problems on the client side becaase the
client computers wasnt joined in the new DC, meaning that i would have to
unjoin all clients from the old domain, joining the new domain. When thats
done, signing in with an account created a new folder in Documents and
Settings. So i had to figure out how to copy old data (from the old Documents
and Settings folder) to the new folder in Documents and Settings, keeping in
mind that owner rights and stuff will be a problem... but i made it - its
about 10 steps including some reboots, and pulling out network cable)


>
> > So the name should be changed!
> > And to answer your questions:
> >
> > Offline folders? isnt that just the same as Folder Redirection?
>
> Folder redirection does just that, folders such as My Documents, Application
> Data, Desktop, etc., are redirected to a server folder.
>
> Offline files is sometimes used in conjunction with this (or without), but
> isn't the same thing - it creates a local sync'd copy of that data on the
> hard drive. They are often used for mobile users.


Hmmm... but i know that sometimes offline files are created on the clients
(usually when the network is down or something - but i just thought it was a
part of the deal enabling Folder Redirection. But from what youre saying i've
enabled offline files too?


> > The
> > only GPO
> > i have applied is Folder Direction > Documents. Setting the properties
> > to
> > Basic - Redirect everyone's folder.... bla bla bla, and Create a
> > folder for
> > each user under the root path, and Root path: \\[new or old server
> > path]\mydocuments$
> > In the Settings-tab i have enabled the two first checkboxes, the third
> > is
> > not checked. Under Policy Removal i have marked the first option. And
> > thats
> > about it... i have no more settings related to Folder
> > Redirection/Synch
> > As for your next question about permission: since the path is intact -
> > nothing has changed but the server-name the permissions are also the
> > same meaning that the clients still keeps their permissions... so
> > nothing changed. The folder the clients uses, is still the same and i
> > havent moved or copied anything (just a backup to make sure)...
> >

So... i know this is getting puzzled. But when it all boils down i still
dont understand why changing the GPO setting that controls the path to Folder
Redirection isnt enough to redirect foldershare to a new location...

 

Hello Kian,

"Emulated" i understand now, just a Virtual machine, ok.

I also understand that you not copied anything within the DC.

When you copied the old userprofile to the new one, did you choose the complete
one or did you exclude some folders/files? The ntuser.dat for example has
content from the old domain and will create problems in the new one.

In your case i would suggest, even it is again lot work, create a share for
saving the users work data (NOTHING from the profiles) and give them time
to copy there needed data with a dead end, after that delete the userprofiles
on the local computers. Then let them logon again and they can copy back
only there working data.

So you would have a clean profile with the correct settings in the profiles
folder. I think this will be the only way to get it working correct. Sorry
for that statement, but i can not see another way to get your domain and
policies running without errors.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> See inline then:
>
> "Meinolf Weber [MVP-DS]" wrote:
>
>> Hello Kian,
>>
>> See inline.
>>
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers
>> no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>> I can see that your answer forces me to go a little deeper... maybe
>>> i should have done that in the first run but here goes the historie:
>>>
>>> Once upon a time we used to emulate Windows 2003 as a DC together
>>> with a few other servers. At that time the DC-servar was called,
>>> lets say, server-01 Along with the economic crisis alot more
>>> customers wanted us to create them a new website and the company
>>> expanded a little. As always the system administration doesnt get
>>> much value... but finally i knocked my fist in the table and
>>> spittingly asked for more servers. I got permission to go
>>> shopping-nutch at dell.com and i bought two new servers.
>>>
>> What is an "emulated" 2003 DC? Please clarify.
>>
> Using VMWare... you know - like HyperV just another app for doing
> almost the same... so we had a powerful server vmware-ing two servers
> - one of them was this Windows 2003 DC.
>
>>> One of the new servers was to take over the DC-role from the
>>> emulated
>>> W2003.
>>> So i installed W2008 and wanted to overtake the AD by joining to the
>>> forrest. I never got that up working - a DNS-error comlpicated the
>>> process
>>> and i ended up starting from the beginning building a new DC. I
>>> thought that
>>> keeping the old emulated DC's name might be a good idea - so that
>>> the
>>> clients
>>> and the other servers didnt go gaga. I had a hard job emigrating the
>>> Document
>>> and Settings\<user>-folder on all the clients - the clients had to
>>> join a new
>>> server though the domain name was the same as before. But i finally
>>> tweaked
>>> it and all the users kept their program settings locally.
>> Well, normally it is an simple step to add a 2008 server to a 2003
>> domain and promote it as additional DC. A DNS error should be
>> solvedwith not that much effort. Anyway, so you created a new forest
>> with the same name as the old one, join all client's to the new
>> domain, created new domain user accounts etc. etc.? Then you copied
>> the content from c:\document and settings\username to the new created
>> profile c:\document and settings\username.new?
>>
> thats what everyone keeps telling me - about the simplicity
> Although i
> spend more than 75 hours on six days from start to end - about 40
> hours of
> trying to demote. Then 30-or-something on starting up a new enviroment
> including finding a way how to export/import all the users on clients.
> Bascially your right in your 'copy content' but it isnt that easy
> because of
> owner rights and such.
> But yes! youre right what youre saying.
>>> So now i would really like to change the new DCs name. It still has
>>> the old
>>> name from th eemulated one and it just dosnt make sense keeping that
>>> name -
>>> mostly because it reflects that the server is a emulated one (which
>>> it
>>> isnt
>>> anymore).
>> I think renaming the DC will not solve your problem with the clients,
>> when you go the steps i assmued above the profiles are poiting to the
>> old server becasue of the profile copying from old domain to new
>> domain.
>>
> When you say 'copy' there might be a chance that you misunderstood. I
> haven't copied anything on the DC level. The new DC is shinny new. I
> had to create all the users and join all the computers to the new AD
> (and the new, 'same', architecture - you know - OU's and user groups).
> No settings has been copied from the old DC to the new, except for all
> the users My Document-folder (which is just a bunch of files). So no
> settings copy there... (which gave me serious problems on the client
> side becaase the client computers wasnt joined in the new DC, meaning
> that i would have to unjoin all clients from the old domain, joining
> the new domain. When thats done, signing in with an account created a
> new folder in Documents and Settings. So i had to figure out how to
> copy old data (from the old Documents and Settings folder) to the new
> folder in Documents and Settings, keeping in mind that owner rights
> and stuff will be a problem... but i made it - its about 10 steps
> including some reboots, and pulling out network cable)
>
>>> So the name should be changed!
>>> And to answer your questions:
>>> Offline folders? isnt that just the same as Folder Redirection?
>>>
>> Folder redirection does just that, folders such as My Documents,
>> Application Data, Desktop, etc., are redirected to a server folder.
>>
>> Offline files is sometimes used in conjunction with this (or
>> without), but isn't the same thing - it creates a local sync'd copy
>> of that data on the hard drive. They are often used for mobile users.
>>
> Hmmm... but i know that sometimes offline files are created on the
> clients (usually when the network is down or something - but i just
> thought it was a part of the deal enabling Folder Redirection. But
> from what youre saying i've enabled offline files too?
>
>>> The
>>> only GPO
>>> i have applied is Folder Direction > Documents. Setting the
>>> properties
>>> to
>>> Basic - Redirect everyone's folder.... bla bla bla, and Create a
>>> folder for
>>> each user under the root path, and Root path: \\[new or old server
>>> path]\mydocuments$
>>> In the Settings-tab i have enabled the two first checkboxes, the
>>> third
>>> is
>>> not checked. Under Policy Removal i have marked the first option.
>>> And
>>> thats
>>> about it... i have no more settings related to Folder
>>> Redirection/Synch
>>> As for your next question about permission: since the path is intact
>>> -
>>> nothing has changed but the server-name the permissions are also the
>>> same meaning that the clients still keeps their permissions... so
>>> nothing changed. The folder the clients uses, is still the same and
>>> i
>>> havent moved or copied anything (just a backup to make sure)...
> So... i know this is getting puzzled. But when it all boils down i
> still dont understand why changing the GPO setting that controls the
> path to Folder Redirection isnt enough to redirect foldershare to a
> new location...
>

 

"Meinolf Weber [MVP-DS]" wrote:

> Hello Kian,
>
> "Emulated" i understand now, just a Virtual machine, ok.
>
> I also understand that you not copied anything within the DC.
>
> When you copied the old userprofile to the new one, did you choose the complete
> one or did you exclude some folders/files? The ntuser.dat for example has
> content from the old domain and will create problems in the new one.

Well... infact i never really copied anything... i renamed the
profile-folder and renamed it back and forth 'till it worked.
It is pretty simple though. 1) I started with unjoining the domain, 2)
restart without network cable and logged in with local admin, 3) rename the
profile folder to something else, like for my instance, pih.thisIsReal 4)
join the new domain, 5) restart, 6) login with your profile, as for me pih,
7) a new pih-folder will be created, 8) log out and restart 9) unplug network
cable and login with local admin 10) rename the new pih-folder to something
else like pih.thisIsAnEmptyProfile, and rename pih.thisIsReal to pih, 11)
restart computer and login - as for me with pih and now the profile has been
emmigrated from the old domain to the new domain. (and you can delete the
pih.thisIsAnEmptyProfile-folder...

> In your case i would suggest, even it is again lot work, create a share for
> saving the users work data (NOTHING from the profiles) and give them time
> to copy there needed data with a dead end, after that delete the userprofiles
> on the local computers. Then let them logon again and they can copy back
> only there working data.
>
> So you would have a clean profile with the correct settings in the profiles
> folder. I think this will be the only way to get it working correct. Sorry
> for that statement, but i can not see another way to get your domain and
> policies running without errors.

I guess that that would be the outcome... i just dont get it: why is it that
you can type and retype, a new path in the GPO for Folder Redirection, but
when you change it, it doesnt take effect at all?

I have thought about remving the GPO and enabling it again... would do the
trick?
Which leads me to the next question... where is it that things goes wrong?
why does the client keep insisting not to use another path?

// peter

 

Hello Kian,

Of course you can start with a new OU without policies except the default
domain policy. Move all mahcines and users to it wait some days. Problem
with that is that some group policy settings do a kind of tattooing, they
have to be reverted and then be set to not configured. So maybe not all are
set back to be empty.

http://www.gpoguy.com/FAQs/tattoo.htm

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> "Meinolf Weber [MVP-DS]" wrote:
>
>> Hello Kian,
>>
>> "Emulated" i understand now, just a Virtual machine, ok.
>>
>> I also understand that you not copied anything within the DC.
>>
>> When you copied the old userprofile to the new one, did you choose
>> the complete one or did you exclude some folders/files? The
>> ntuser.dat for example has content from the old domain and will
>> create problems in the new one.
>>
> Well... infact i never really copied anything... i renamed the
> profile-folder and renamed it back and forth 'till it worked.
> It is pretty simple though. 1) I started with unjoining the domain, 2)
> restart without network cable and logged in with local admin, 3)
> rename the
> profile folder to something else, like for my instance, pih.thisIsReal
> 4)
> join the new domain, 5) restart, 6) login with your profile, as for me
> pih,
> 7) a new pih-folder will be created, 8) log out and restart 9) unplug
> network
> cable and login with local admin 10) rename the new pih-folder to
> something
> else like pih.thisIsAnEmptyProfile, and rename pih.thisIsReal to pih,
> 11)
> restart computer and login - as for me with pih and now the profile
> has been
> emmigrated from the old domain to the new domain. (and you can delete
> the
> pih.thisIsAnEmptyProfile-folder...
>> In your case i would suggest, even it is again lot work, create a
>> share for saving the users work data (NOTHING from the profiles) and
>> give them time to copy there needed data with a dead end, after that
>> delete the userprofiles on the local computers. Then let them logon
>> again and they can copy back only there working data.
>>
>> So you would have a clean profile with the correct settings in the
>> profiles folder. I think this will be the only way to get it working
>> correct. Sorry for that statement, but i can not see another way to
>> get your domain and policies running without errors.
>>
> I guess that that would be the outcome... i just dont get it: why is
> it that you can type and retype, a new path in the GPO for Folder
> Redirection, but when you change it, it doesnt take effect at all?
>
> I have thought about remving the GPO and enabling it again... would do
> the
> trick?
> Which leads me to the next question... where is it that things goes
> wrong?
> why does the client keep insisting not to use another path?
> // peter
>

 

Hi Meinolf

So i guess that what youre saying is that Folder Redirection is one of those
GPOs that tatoos itself into the user-profile. The question is now: how far
does that goes? is it only on the computer, in the document and
settings\<profile> these settings are stored, or is it all the way back to
the user-setting in the AD?
The outcome has different solutions: if the tatoo is 'hidden' in the
document and settings\<profile>, the solution would be to simply format the
client computer (or at least remove all the users from all computers and then
try to log on again forcing the computer to create a new user-profile-folder
for each new user who logs on).

If the tatoo is stored within the profile on the AD the solution would be to
remove all users and remove the user-profile-folder from all client computers
(as mentioned above).

.... or is it possible to remove the tatoo in some way without being so
drastic?

// peter

"Meinolf Weber [MVP-DS]" wrote:

> Hello Kian,
>
> Of course you can start with a new OU without policies except the default
> domain policy. Move all mahcines and users to it wait some days. Problem
> with that is that some group policy settings do a kind of tattooing, they
> have to be reverted and then be set to not configured. So maybe not all are
> set back to be empty.
>
> http://www.gpoguy.com/FAQs/tattoo.htm
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and confers
> no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>
> > "Meinolf Weber [MVP-DS]" wrote:
> >
> >> Hello Kian,
> >>
> >> "Emulated" i understand now, just a Virtual machine, ok.
> >>
> >> I also understand that you not copied anything within the DC.
> >>
> >> When you copied the old userprofile to the new one, did you choose
> >> the complete one or did you exclude some folders/files? The
> >> ntuser.dat for example has content from the old domain and will
> >> create problems in the new one.
> >>
> > Well... infact i never really copied anything... i renamed the
> > profile-folder and renamed it back and forth 'till it worked.
> > It is pretty simple though. 1) I started with unjoining the domain, 2)
> > restart without network cable and logged in with local admin, 3)
> > rename the
> > profile folder to something else, like for my instance, pih.thisIsReal
> > 4)
> > join the new domain, 5) restart, 6) login with your profile, as for me
> > pih,
> > 7) a new pih-folder will be created, 8) log out and restart 9) unplug
> > network
> > cable and login with local admin 10) rename the new pih-folder to
> > something
> > else like pih.thisIsAnEmptyProfile, and rename pih.thisIsReal to pih,
> > 11)
> > restart computer and login - as for me with pih and now the profile
> > has been
> > emmigrated from the old domain to the new domain. (and you can delete
> > the
> > pih.thisIsAnEmptyProfile-folder...
> >> In your case i would suggest, even it is again lot work, create a
> >> share for saving the users work data (NOTHING from the profiles) and
> >> give them time to copy there needed data with a dead end, after that
> >> delete the userprofiles on the local computers. Then let them logon
> >> again and they can copy back only there working data.
> >>
> >> So you would have a clean profile with the correct settings in the
> >> profiles folder. I think this will be the only way to get it working
> >> correct. Sorry for that statement, but i can not see another way to
> >> get your domain and policies running without errors.
> >>
> > I guess that that would be the outcome... i just dont get it: why is
> > it that you can type and retype, a new path in the GPO for Folder
> > Redirection, but when you change it, it doesnt take effect at all?
> >
> > I have thought about remving the GPO and enabling it again... would do
> > the
> > trick?
> > Which leads me to the next question... where is it that things goes
> > wrong?
> > why does the client keep insisting not to use another path?
> > // peter
> >
>
>
>

 

Hello Kian,

No, i didn't say that folder redirection is a tattood policy. I don't know
them at all. I just mentioned it, so you are knowing that it can be that
some settings still kept until you revert them.

See also here about:
http://www.gpoguy.com/FAQs/Whitepap...ticleId/5/Understanding-Policy-Tattooing.aspx

http://sdmsoftware.com/blog/2007/10/more_on_registry_tattooingan_i.html

http://x220.minasi.com/forum/topic.asp?TOPIC_ID=7729

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Hi Meinolf
>
> So i guess that what youre saying is that Folder Redirection is one of
> those
> GPOs that tatoos itself into the user-profile. The question is now:
> how far
> does that goes? is it only on the computer, in the document and
> settings\<profile> these settings are stored, or is it all the way
> back to
> the user-setting in the AD?
> The outcome has different solutions: if the tatoo is 'hidden' in the
> document and settings\<profile>, the solution would be to simply
> format the
> client computer (or at least remove all the users from all computers
> and then
> try to log on again forcing the computer to create a new
> user-profile-folder
> for each new user who logs on).
> If the tatoo is stored within the profile on the AD the solution would
> be to remove all users and remove the user-profile-folder from all
> client computers (as mentioned above).
>
> ... or is it possible to remove the tatoo in some way without being so
> drastic?
>
> // peter
>
> "Meinolf Weber [MVP-DS]" wrote:
>
>> Hello Kian,
>>
>> Of course you can start with a new OU without policies except the
>> default domain policy. Move all mahcines and users to it wait some
>> days. Problem with that is that some group policy settings do a kind
>> of tattooing, they have to be reverted and then be set to not
>> configured. So maybe not all are set back to be empty.
>>
>> http://www.gpoguy.com/FAQs/tattoo.htm
>>
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers
>> no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>> "Meinolf Weber [MVP-DS]" wrote:
>>>
>>>> Hello Kian,
>>>>
>>>> "Emulated" i understand now, just a Virtual machine, ok.
>>>>
>>>> I also understand that you not copied anything within the DC.
>>>>
>>>> When you copied the old userprofile to the new one, did you choose
>>>> the complete one or did you exclude some folders/files? The
>>>> ntuser.dat for example has content from the old domain and will
>>>> create problems in the new one.
>>>>
>>> Well... infact i never really copied anything... i renamed the
>>> profile-folder and renamed it back and forth 'till it worked.
>>> It is pretty simple though. 1) I started with unjoining the domain,
>>> 2)
>>> restart without network cable and logged in with local admin, 3)
>>> rename the
>>> profile folder to something else, like for my instance,
>>> pih.thisIsReal
>>> 4)
>>> join the new domain, 5) restart, 6) login with your profile, as for
>>> me
>>> pih,
>>> 7) a new pih-folder will be created, 8) log out and restart 9)
>>> unplug
>>> network
>>> cable and login with local admin 10) rename the new pih-folder to
>>> something
>>> else like pih.thisIsAnEmptyProfile, and rename pih.thisIsReal to
>>> pih,
>>> 11)
>>> restart computer and login - as for me with pih and now the profile
>>> has been
>>> emmigrated from the old domain to the new domain. (and you can
>>> delete
>>> the
>>> pih.thisIsAnEmptyProfile-folder...
>>>> In your case i would suggest, even it is again lot work, create a
>>>> share for saving the users work data (NOTHING from the profiles)
>>>> and give them time to copy there needed data with a dead end, after
>>>> that delete the userprofiles on the local computers. Then let them
>>>> logon again and they can copy back only there working data.
>>>>
>>>> So you would have a clean profile with the correct settings in the
>>>> profiles folder. I think this will be the only way to get it
>>>> working correct. Sorry for that statement, but i can not see
>>>> another way to get your domain and policies running without errors.
>>>>
>>> I guess that that would be the outcome... i just dont get it: why is
>>> it that you can type and retype, a new path in the GPO for Folder
>>> Redirection, but when you change it, it doesnt take effect at all?
>>>
>>> I have thought about remving the GPO and enabling it again... would
>>> do
>>> the
>>> trick?
>>> Which leads me to the next question... where is it that things goes
>>> wrong?
>>> why does the client keep insisting not to use another path?
>>> // peter

 

Hi there,

Youre propably right anyway... I guess your solution is the only one left.
But be running that I'll have a go on that gp-guy asking him in a mail... If
get a useful answer I'll post it

Anyway... thanks for all the help till now - i learned something and thats
great!

// peter

"Meinolf Weber [MVP-DS]" wrote:

> Hello Kian,
>
> No, i didn't say that folder redirection is a tattood policy. I don't know
> them at all. I just mentioned it, so you are knowing that it can be that
> some settings still kept until you revert them.
>
> See also here about:
> http://www.gpoguy.com/FAQs/Whitepap...ticleId/5/Understanding-Policy-Tattooing.aspx
>
> http://sdmsoftware.com/blog/2007/10/more_on_registry_tattooingan_i.html
>
> http://x220.minasi.com/forum/topic.asp?TOPIC_ID=7729
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and confers
> no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>
> > Hi Meinolf
> >
> > So i guess that what youre saying is that Folder Redirection is one of
> > those
> > GPOs that tatoos itself into the user-profile. The question is now:
> > how far
> > does that goes? is it only on the computer, in the document and
> > settings\<profile> these settings are stored, or is it all the way
> > back to
> > the user-setting in the AD?
> > The outcome has different solutions: if the tatoo is 'hidden' in the
> > document and settings\<profile>, the solution would be to simply
> > format the
> > client computer (or at least remove all the users from all computers
> > and then
> > try to log on again forcing the computer to create a new
> > user-profile-folder
> > for each new user who logs on).
> > If the tatoo is stored within the profile on the AD the solution would
> > be to remove all users and remove the user-profile-folder from all
> > client computers (as mentioned above).
> >
> > ... or is it possible to remove the tatoo in some way without being so
> > drastic?
> >
> > // peter
> >
> > "Meinolf Weber [MVP-DS]" wrote:
> >
> >> Hello Kian,
> >>
> >> Of course you can start with a new OU without policies except the
> >> default domain policy. Move all mahcines and users to it wait some
> >> days. Problem with that is that some group policy settings do a kind
> >> of tattooing, they have to be reverted and then be set to not
> >> configured. So maybe not all are set back to be empty.
> >>
> >> http://www.gpoguy.com/FAQs/tattoo.htm
> >>
> >> Best regards
> >>
> >> Meinolf Weber
> >> Disclaimer: This posting is provided "AS IS" with no warranties, and
> >> confers
> >> no rights.
> >> ** Please do NOT email, only reply to Newsgroups
> >> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
> >>> "Meinolf Weber [MVP-DS]" wrote:
> >>>
> >>>> Hello Kian,
> >>>>
> >>>> "Emulated" i understand now, just a Virtual machine, ok.
> >>>>
> >>>> I also understand that you not copied anything within the DC.
> >>>>
> >>>> When you copied the old userprofile to the new one, did you choose
> >>>> the complete one or did you exclude some folders/files? The
> >>>> ntuser.dat for example has content from the old domain and will
> >>>> create problems in the new one.
> >>>>
> >>> Well... infact i never really copied anything... i renamed the
> >>> profile-folder and renamed it back and forth 'till it worked.
> >>> It is pretty simple though. 1) I started with unjoining the domain,
> >>> 2)
> >>> restart without network cable and logged in with local admin, 3)
> >>> rename the
> >>> profile folder to something else, like for my instance,
> >>> pih.thisIsReal
> >>> 4)
> >>> join the new domain, 5) restart, 6) login with your profile, as for
> >>> me
> >>> pih,
> >>> 7) a new pih-folder will be created, 8) log out and restart 9)
> >>> unplug
> >>> network
> >>> cable and login with local admin 10) rename the new pih-folder to
> >>> something
> >>> else like pih.thisIsAnEmptyProfile, and rename pih.thisIsReal to
> >>> pih,
> >>> 11)
> >>> restart computer and login - as for me with pih and now the profile
> >>> has been
> >>> emmigrated from the old domain to the new domain. (and you can
> >>> delete
> >>> the
> >>> pih.thisIsAnEmptyProfile-folder...
> >>>> In your case i would suggest, even it is again lot work, create a
> >>>> share for saving the users work data (NOTHING from the profiles)
> >>>> and give them time to copy there needed data with a dead end, after
> >>>> that delete the userprofiles on the local computers. Then let them
> >>>> logon again and they can copy back only there working data.
> >>>>
> >>>> So you would have a clean profile with the correct settings in the
> >>>> profiles folder. I think this will be the only way to get it
> >>>> working correct. Sorry for that statement, but i can not see
> >>>> another way to get your domain and policies running without errors.
> >>>>
> >>> I guess that that would be the outcome... i just dont get it: why is
> >>> it that you can type and retype, a new path in the GPO for Folder
> >>> Redirection, but when you change it, it doesnt take effect at all?
> >>>
> >>> I have thought about remving the GPO and enabling it again... would
> >>> do
> >>> the
> >>> trick?
> >>> Which leads me to the next question... where is it that things goes
> >>> wrong?
> >>> why does the client keep insisting not to use another path?
> >>> // peter
>
>
>

 

I have just had some problems with folder redirection. What I learned is

a) One of the GPO setting is what to do with the redirected folder when the PC
falls out of the scope of the GPO. Either put it back or leave it when it was
moved to.

b) When the GPO sets a new location for the redirected folder and you also have
the move content to new location set. Then if the previous redirected location
is no longer available (e.g. the server is dead) then the GPO cannot move the
content from the old location to the new location and fails leaving the
redirection unchanged. You can see this failure in the event logs. Simply
unticking the "Move contents to new location" box in the GPO allows the
redirection to the new location to succeed because it does not try to move from
the old and no longer available location. You then need to backfill the actual
content, if it is not there already.

n Sat, 23 May 2009 02:48:01 -0700, Kian <Kian@discussions.microsoft.com> wrote:

>Hi there,
>
>Youre propably right anyway... I guess your solution is the only one left.
>But be running that I'll have a go on that gp-guy asking him in a mail... If
>get a useful answer I'll post it
>
>Anyway... thanks for all the help till now - i learned something and thats
>great!
>
>// peter
>
>"Meinolf Weber [MVP-DS]" wrote:
>
>> Hello Kian,
>>
>> No, i didn't say that folder redirection is a tattood policy. I don't know
>> them at all. I just mentioned it, so you are knowing that it can be that
>> some settings still kept until you revert them.
>>
>> See also here about:
>> http://www.gpoguy.com/FAQs/Whitepap...ticleId/5/Understanding-Policy-Tattooing.aspx
>>
>> http://sdmsoftware.com/blog/2007/10/more_on_registry_tattooingan_i.html
>>
>> http://x220.minasi.com/forum/topic.asp?TOPIC_ID=7729
>>
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and confers
>> no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>
>>
>> > Hi Meinolf
>> >
>> > So i guess that what youre saying is that Folder Redirection is one of
>> > those
>> > GPOs that tatoos itself into the user-profile. The question is now:
>> > how far
>> > does that goes? is it only on the computer, in the document and
>> > settings\<profile> these settings are stored, or is it all the way
>> > back to
>> > the user-setting in the AD?
>> > The outcome has different solutions: if the tatoo is 'hidden' in the
>> > document and settings\<profile>, the solution would be to simply
>> > format the
>> > client computer (or at least remove all the users from all computers
>> > and then
>> > try to log on again forcing the computer to create a new
>> > user-profile-folder
>> > for each new user who logs on).
>> > If the tatoo is stored within the profile on the AD the solution would
>> > be to remove all users and remove the user-profile-folder from all
>> > client computers (as mentioned above).
>> >
>> > ... or is it possible to remove the tatoo in some way without being so
>> > drastic?
>> >
>> > // peter
>> >
>> > "Meinolf Weber [MVP-DS]" wrote:
>> >
>> >> Hello Kian,
>> >>
>> >> Of course you can start with a new OU without policies except the
>> >> default domain policy. Move all mahcines and users to it wait some
>> >> days. Problem with that is that some group policy settings do a kind
>> >> of tattooing, they have to be reverted and then be set to not
>> >> configured. So maybe not all are set back to be empty.
>> >>
>> >> http://www.gpoguy.com/FAQs/tattoo.htm
>> >>
>> >> Best regards
>> >>
>> >> Meinolf Weber
>> >> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> >> confers
>> >> no rights.
>> >> ** Please do NOT email, only reply to Newsgroups
>> >> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>> >>> "Meinolf Weber [MVP-DS]" wrote:
>> >>>
>> >>>> Hello Kian,
>> >>>>
>> >>>> "Emulated" i understand now, just a Virtual machine, ok.
>> >>>>
>> >>>> I also understand that you not copied anything within the DC.
>> >>>>
>> >>>> When you copied the old userprofile to the new one, did you choose
>> >>>> the complete one or did you exclude some folders/files? The
>> >>>> ntuser.dat for example has content from the old domain and will
>> >>>> create problems in the new one.
>> >>>>
>> >>> Well... infact i never really copied anything... i renamed the
>> >>> profile-folder and renamed it back and forth 'till it worked.
>> >>> It is pretty simple though. 1) I started with unjoining the domain,
>> >>> 2)
>> >>> restart without network cable and logged in with local admin, 3)
>> >>> rename the
>> >>> profile folder to something else, like for my instance,
>> >>> pih.thisIsReal
>> >>> 4)
>> >>> join the new domain, 5) restart, 6) login with your profile, as for
>> >>> me
>> >>> pih,
>> >>> 7) a new pih-folder will be created, 8) log out and restart 9)
>> >>> unplug
>> >>> network
>> >>> cable and login with local admin 10) rename the new pih-folder to
>> >>> something
>> >>> else like pih.thisIsAnEmptyProfile, and rename pih.thisIsReal to
>> >>> pih,
>> >>> 11)
>> >>> restart computer and login - as for me with pih and now the profile
>> >>> has been
>> >>> emmigrated from the old domain to the new domain. (and you can
>> >>> delete
>> >>> the
>> >>> pih.thisIsAnEmptyProfile-folder...
>> >>>> In your case i would suggest, even it is again lot work, create a
>> >>>> share for saving the users work data (NOTHING from the profiles)
>> >>>> and give them time to copy there needed data with a dead end, after
>> >>>> that delete the userprofiles on the local computers. Then let them
>> >>>> logon again and they can copy back only there working data.
>> >>>>
>> >>>> So you would have a clean profile with the correct settings in the
>> >>>> profiles folder. I think this will be the only way to get it
>> >>>> working correct. Sorry for that statement, but i can not see
>> >>>> another way to get your domain and policies running without errors.
>> >>>>
>> >>> I guess that that would be the outcome... i just dont get it: why is
>> >>> it that you can type and retype, a new path in the GPO for Folder
>> >>> Redirection, but when you change it, it doesnt take effect at all?
>> >>>
>> >>> I have thought about remving the GPO and enabling it again... would
>> >>> do
>> >>> the
>> >>> trick?
>> >>> Which leads me to the next question... where is it that things goes
>> >>> wrong?
>> >>> why does the client keep insisting not to use another path?
>> >>> // peter
>>
>>
>>
--
Dave Mills
There are 10 types of people, those that understand binary and those that don't.