How to setup Roaming User Profiles in Active Directory (AD) - Windows Server 2022
Vložit
- čas přidán 29. 12. 2022
- Demonstration and technical explanation of Windows Roaming User Profiles. Roaming User Profiles allow users to login to any Windows compatible device and have the same desktop experience. In other words, a roaming profile will contain all of the personalization, customizations, and other settings related to your user profile such as applications, remembering toolbar positions and preferences, or the desktop appearance, while keeping all related files stored locally.
-Creating Home Folders: • How to create Home Fol...
-Setup logon/logoff scripts (GPO): • How to execute logon a...
-Setup AD to accept BitLocker Recovery Keys: • Configure Active Direc...
This demonstration uses Windows Server 2022 server with Windows 11 Professional clients. But the principles are same for Windows Server 2012 through 2022 (Windows Server 2022 / 2019 / 2016 / 2012). There are no GUI differences among most of the previous versions of Windows Servers. The Roaming User Profile settings will work on Windows 11, 10 and previous versions of client Operating Systems connected to the domain Active Directory but with the appropriate Roaming Profile versions in place.
-Intro to Group Policy Management: • Introduction to Group ...
-Create Active Directory OUs and Users: • Create Active Director...
-Install AD DS on Windows Server 2022 Core: • Install Active Directo...
-Initial configs: • Windows Server 2022 Co...
-Windows Server Admin playlist:
• Windows Server Adminis...
-Microsoft Windows playlist:
• Microsoft Windows
Track: WhileART Sessions Episode 02 | Waramathi (වරමාතී) Fusion
Watch: • WhileART Sessions Epis...
sanuja.com
Co-producer:
Manuja Senanayake
#windowsserver2022 #AD #profiles #windows11 - Věda a technologie
Appreciate it. A really good tutorial.
Great. quite clear, Thank you.
You are welcome.
How can i create a account where it's ONLY created in the active directory (and not create another account in the computer of the domain) ?
Great music
Thank you. It is from a Sri Lankan small musical group: czcams.com/video/8gexRRFfbpQ/video.htmlsi=5m41gX60QrtZ7RTD
Thank you man!!
Happy to help!
it does not work it says on a domain user: we could not connect to your account message
Excellent
Thank you so much for the feedback😀
Hi, worked for me, but I get Event ID 307 and 304. Wery slow startup after login.
Do you have Azure AD and local AD? The Event IDs above are described by Microsoft here: learn.microsoft.com/en-us/troubleshoot/windows-server/deployment/event-307-and-304-logged-for-deploying You can ignore these if your setup is not hybrid. But, if your startup is slow, you should look into it. Additionally, it is possible to have slow startup if you have poor network infrastructure such as poorly configured switches, routers, other unsuitable hardware, slow DNS, bandwidth and throughput issues, unusually high rate of packet drops due to poor equipment, etc. If you are running your network in VMs, also check hypervisor network configurations options within the hypervisor software settings.
Hi Thanks for the video, my Server 2022 displays "You're on a metered network. Some apps might work differently to help you save data while on this network" but I am on cable internet. How can i change this to normal network (non metered network) ?
There is an option in the Windows settings you can change. Open Settings and type "metered connection" and it should show up. Make sure it is not set to metered connection.
and microsoft was not able for now 21Years? to integrate this step into the ad-gui? this is insane ... i made my mcse on windows-2000 but i turned to redhat afterward. it would be so elegant to simply show a input-element and a checkpoint "remote-profile y/n, name and group. et voila, consistent operation
this configure will carry all the user files even it will login in different computer that is connected in the server?
Yes, this GPO will keep the settings attached to the user profile in AD and independent of current logged in device. When a user login to a new device, the settings should be there as it is part of their user profile.
@@NetITGeeks thank you sir i will try this configure appreciate this video
How to provide rights to admin users to delete unwanted profile?
You can create a User Account and then modify Security Groups to give admin privileges. The other option is to modify an existing User Account to give admin privileges. I typically do this using a Security Group based assignments but you can do this directly on each individual User Profile as well.
I followed this setup pretty close but when I sign into a AD profile nothing populate in the "Roaming profiles" folder on the server. Any thoughts?
I assume you already tried rebooting the client device?
@@NetITGeeks I'll try that now and update my comment.
Edit: I restarted and now the folders started populating. Thank you for the tutorial!
can you include sticky notes to roaming profile setup in your AD?
Can you explain what do you mean by "sticky notes"? Thanks.
How to include sticky notes to roaming profile by default without changing locations of sticky notes sqlite.
thanks sir for noticing my question here.
I will have to look into this and experiment on VM with the Windows Server. I don't know the answer. Sorry. :(
If I want to sync only user Desktop, how can I do?
I will have to look into this because at this time, I have no idea. Have you looked into Microsoft KBs? There maybe a way to do just the Desktop. If there is no GPO to do just a Desktop sync, I think we can use a Windows PowerShell script to get it done. You can launch scripts at startup using a GPO. I have a tutorial on that as well here: czcams.com/video/j1hMPZfy9aM/video.htmlsi=TOxWqQ7QJzaraxwo
@@NetITGeeksI don't know about script. But I have one more solution "Desktop Redirection" in GPO. But it is not good. When lose network connection user will not sign in to computer.
Thank you for the information on Desktop Redirection GPO options. I will look into this and may create a video tutorial. :)
Why we should disable Inheritance?
There is a lot you can do with Windows' permission model. But most of it works only with inheritance switched off. If I have a folder and the folder has "something to do with its structure": Inheritance ON.
If not, inheritance OFF.
Example:
1. i have profile folders on a file server. They each belong to the associated user (account). Inheritance OFF, should hopefully understand itself. No matter where the profile folders are located, they have nothing to do with the permission model above.
If my profile folder is located at /Profiles/Berlin/User, then I can now have my IT access /Profiles and /Profiles/Berlin... without them having to be able to look at all users right away, and without a change for IT permissions having to immediately affect all employees.
2. i have a file storage for the employees. There are /File/IT and /File/Sales and /File/Management and so on.
Inheritance for the subfolders is then (probably) on, at least if you first understand all employees as "employees" and then only define the "authorization delta" to /File on the subfolders.
Now I can configure the auditors group on /File and they will automatically get access everywhere.
(And again, inheritance can be turned off specifically for /File).
@generalrodcocker1018 Thank you so much for replying to the above comment. I have been busy with work to respond to every single comment on this channel.