made Domain Controller, Profiles won't save to it.

[scottatwittenberg]

ok..
- i created a domain controller in 2k3 standard last night.
- i added a user in active directory. and then gave them a profile path.. " \\server\profiles\%username% ".
- the folder "profiles" is shared. and all domain users have permissions to it.
- at work, when i make a profile path using the %username% , it automatically makes the folder. on this, it isn't the case.
- then, i log in as that user on another computer, it can't pull the profile off the server, or save it back.

so i went and put the "computers" in the "administrators" group. and the user i am trying is in the "domain admins" group.. i don't see why i would have any problems pulling / saving the profile on the server.

i have tried a few other things, mapping the profile folder as a drive on the local computer and making the path z:\%username% .. etc.. and it just won't have it.

so what step did i miss here?

thanks

scott

 

[SJConsultant]

Are share AND ntfs permissions set correctly on the "profiles" folder?

 

[MorfiusX]

Are share AND ntfs permissions set correctly on the "profiles" folder?

Yep, sounds like a permissions problem.

 

[ne0-reloaded]

Yep, sounds like a permissions problem.

check event viewer on the workstation, it'll tell u pretty much what the problem is. but like others said, smb/ntfs perms might be wrong

 

[scottatwittenberg]

event viewer: this is almost hourly..

Windows cannot determine the user or computer name. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

 

[drizzt81]

event viewer: this is almost hourly..

Windows cannot determine the user or computer name. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

which event log? system? often times the link provided gives some info.

Aside: why would you want to put "computers" into the "administrators" group?

 

[mobiux]

What are the permissions in the profiles directory, not the %username% directory?

I know when we did roaming profiles, the root profiles directory was wide open (full rights for everyone)

you might want to try this, share the profile directory of a person say as hidden like so, "userprofile$", then change the person's profile dir to \\server\userprofile$ and see if that works. It might be that they can't see the %username% directory, because the share is blocked at a higher level.

Also, check the permissions on the share, not just the directory.

 

[oakfan52]

well I hate to ask but i've seen it done. %username% does not work as an AD attribute. You need to populate the users actual profile folder.

As for permissions the share level should be set to Everyone Modify ( or authiticated users) and NTFS should have Everyone List Folder/Read Data, Create Folders/Append Data - This Folder Only.

easy way to test perms is to logon as a user and try to brose to their profile folder of the server and create a text document.