Active Directory: Configuring Roaming Profiles using GUI or PowerShell

Configuring Roaming Profiles enables users to use their familiar desktop on any computer in the domain. In this article I describe how to configure roaming profiles with the graphical user interface and with PowerShell.

Roaming Profiles are configured in three steps.

Step 1 – Create a shared folder

First, a folder must be created and configured as a shared folder. The profiles will then stored in this folder.  I recommend using a dedicated server.

Graphic User Interface

Open Windows Explorer and create a new folder. Right-Click the folder and select Properties. Select Sharing and click on Advanced Sharing. Activate “Share this folder”.


Don’t close this window. In the next step we configure permissons.

Proceed to Step 2 or read how to create a folder with PowerShell.


Use New-Item to create a new folder.

New-Item -ItemType Directory -Name Profiles -Path C:


Once the folder is created, run New-SmbShare to activate sharing.

New-SmbShare -Path C:\Profiles\ -Name Profiles


Step 2 – Modify folder permissions

Graphical User Interface

The default permission set for a new share is Everyone – Read. That’s is not enough. We have to make sure, that the user can create a new folder in it. This happens at the first login. So, we have to configure Everyone – Full Control.

To configure permissions in Windows Explorer, open the properties of the folder (you should have opened it), click on Sharing, then click on Advanced Sharing and select Permissions. Configure Full Control. Make sure, that all checkboxes are selected.


Proceed to step 3 or learn how to configure permissions in PowerShell.


Grant-SmbShareAccess -Name Profiles -AccountName Everyone -AccessRight Full


Step 3 – Configure the Profile Path

Graphical User Interface

The profile path has to be configured in the users profile tab in the Active Directory Users and Computers (dsa.msc) console. I recommend using the %username% variable. The folder is then named after the logonname of the user.

Open dsa.msc (Active Directory Users and Computers). Double-Click on the user account. Select the Profile Tab. Enter the UNC path to the folder. In the profile section enter (\\ServerName\SharedFolderName\%username%).


Click OK.

By the way: %username% is particularly useful when configuring multiple objects:


Process to the next step or learn how to configure the profile path in PowerShell.


Set-ADUser -Identity petra -ProfilePath \\dc01\profiles\%username%


Testing the functionality

If Petra logs on to her computer, her profile is stored in the shared folder “profiles”.


Don’t worry about the .V6 at the end of the folder name. It’s called the profile version reference information.



1 reply »

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s