SID-500.COM

Home » PowerShell » Active Directory: Configuring Roaming Profiles using GUI or PowerShell

Active Directory: Configuring Roaming Profiles using GUI or PowerShell

Configuring Roaming Profiles enables users to use their familiar desktop on any computer in the domain. In this article I describe how to configure roaming profiles with the graphical user interface and with PowerShell.

Roaming Profiles are configured in three steps.

Step 1 – Create a shared folder

First, a folder must be created and configured as a shared folder. The profiles will then stored in this folder.  I recommend using a dedicated server.

Graphic User Interface

Open Windows Explorer and create a new folder. Right-Click the folder and select Properties. Select Sharing and click on Advanced Sharing. Activate “Share this folder”.

Unbenannt.PNG

Don’t close this window. In the next step we configure permissons.

Proceed to Step 2 or read how to create a folder with PowerShell.

PowerShell

Use New-Item to create a new folder.

New-Item -ItemType Directory -Name Profiles -Path C:

Unbenannt.PNG

Once the folder is created, run New-SmbShare to activate sharing.

New-SmbShare -Path C:\Profiles\ -Name Profiles

Unbenannt.PNG

Step 2 – Modify folder permissions

Graphical User Interface

The default permission set for a new share is Everyone – Read. That’s is not enough. We have to make sure, that the user can create a new folder in it. This happens at the first login. So, we have to configure Everyone – Full Control.

To configure permissions in Windows Explorer, open the properties of the folder (you should have opened it), click on Sharing, then click on Advanced Sharing and select Permissions. Configure Full Control. Make sure, that all checkboxes are selected.

Unbenannt.PNG

Proceed to step 3 or learn how to configure permissions in PowerShell.

PowerShell

Grant-SmbShareAccess -Name Profiles -AccountName Everyone -AccessRight Full

Unbenannt.PNG

Step 3 – Configure the Profile Path

Graphical User Interface

The profile path has to be configured in the users profile tab in the Active Directory Users and Computers (dsa.msc) console. I recommend using the %username% variable. The folder is then named after the logonname of the user.

Open dsa.msc (Active Directory Users and Computers). Double-Click on the user account. Select the Profile Tab. Enter the UNC path to the folder. In the profile section enter (\\ServerName\SharedFolderName\%username%).

Unbenannt.PNG

Click OK.

By the way: %username% is particularly useful when configuring multiple objects:

Unbenannt.PNG

Process to the next step or learn how to configure the profile path in PowerShell.

PowerShell

Set-ADUser -Identity petra -ProfilePath \\dc01\profiles\%username%

Unbenannt.PNG

Testing the functionality

If Petra logs on to her computer, her profile is stored in the shared folder “profiles”.

Unbenannt.PNG

Don’t worry about the .V6 at the end of the folder name. It’s called the profile version reference information.

Unbenannt.PNG

https://technet.microsoft.com/en-us/library/jj649079(v=ws.11).aspx


1 Comment

  1. […] For configuring Roaming Profiles with PowerShell go for my article Active Directory: Configuring Roaming Profiles using GUI or PowerShell. […]

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

GET-AUTHOR

My name is Patrick Grünauer. Microsoft MVP. I am from Austria. On sid-500 I write about Windows, Cisco and IT-Security in English and German. Have fun while reading!

Categories

Patrick Gruenauer
Follow SID-500.COM on WordPress.com