How to setup Roaming User Profiles in Active Directory (AD) - Windows Server 2022

Подписаться 14 тыс.

Просмотров 21 тыс.

50% 1

Demonstration and technical explanation of Windows Roaming User Profiles. Roaming User Profiles allow users to login to any Windows compatible device and have the same desktop experience. In other words, a roaming profile will contain all of the personalization, customizations, and other settings related to your user profile such as applications, remembering toolbar positions and preferences, or the desktop appearance, while keeping all related files stored locally.
-Creating Home Folders: • How to create Home Fol...
-Setup logon/logoff scripts (GPO): • How to execute logon a...
-Setup AD to accept BitLocker Recovery Keys: • Configure Active Direc...
This demonstration uses Windows Server 2022 server with Windows 11 Professional clients. But the principles are same for Windows Server 2012 through 2022 (Windows Server 2022 / 2019 / 2016 / 2012). There are no GUI differences among most of the previous versions of Windows Servers. The Roaming User Profile settings will work on Windows 11, 10 and previous versions of client Operating Systems connected to the domain Active Directory but with the appropriate Roaming Profile versions in place.
-Intro to Group Policy Management: • Introduction to Group ...
-Create Active Directory OUs and Users: • Create Active Director...
-Install AD DS on Windows Server 2022 Core: • Install Active Directo...
-Initial configs: • Windows Server 2022 Co...
-Windows Server Admin playlist:
• Windows Server Adminis...
-Microsoft Windows playlist:
• Microsoft Windows
Track: WhileART Sessions Episode 02 | Waramathi (වරමාතී) Fusion
Watch: • WhileART Sessions Epis...
sanuja.com
Co-producer:
Manuja Senanayake
#windowsserver2022 #AD #profiles #windows11

Наука

Опубликовано:

29 дек 2022

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 36

@user-or2wj2gh4l Год назад

Appreciate it. A really good tutorial.

@AntonioSalazar-db1eb Месяц назад

Great. quite clear, Thank you.

@NetITGeeks Месяц назад

You are welcome.

@bswill5077 Год назад

Thank you man!!

@NetITGeeks Год назад

Happy to help!

@pity-the-fool4977 9 месяцев назад

Excellent

@NetITGeeks 9 месяцев назад

Thank you so much for the feedback😀

@mikoajszczepaniak5134 4 дня назад

Great music

@NetITGeeks 3 дня назад

Thank you. It is from a Sri Lankan small musical group: ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-8gexRRFfbpQ.htmlsi=5m41gX60QrtZ7RTD

@windowsdefender7259 11 дней назад

How can i create a account where it's ONLY created in the active directory (and not create another account in the computer of the domain) ?

@moguus2944 16 дней назад

it does not work it says on a domain user: we could not connect to your account message

@Myst876 9 месяцев назад

this configure will carry all the user files even it will login in different computer that is connected in the server?

@NetITGeeks 9 месяцев назад

Yes, this GPO will keep the settings attached to the user profile in AD and independent of current logged in device. When a user login to a new device, the settings should be there as it is part of their user profile.

@Myst876 9 месяцев назад

@@NetITGeeks thank you sir i will try this configure appreciate this video

@intechguy3467 6 дней назад

Hi Thanks for the video, my Server 2022 displays "You're on a metered network. Some apps might work differently to help you save data while on this network" but I am on cable internet. How can i change this to normal network (non metered network) ?

@NetITGeeks 4 дня назад

There is an option in the Windows settings you can change. Open Settings and type "metered connection" and it should show up. Make sure it is not set to metered connection.

@RobinGulbrandsen 9 месяцев назад

Hi, worked for me, but I get Event ID 307 and 304. Wery slow startup after login.

@NetITGeeks 9 месяцев назад

Do you have Azure AD and local AD? The Event IDs above are described by Microsoft here: learn.microsoft.com/en-us/troubleshoot/windows-server/deployment/event-307-and-304-logged-for-deploying You can ignore these if your setup is not hybrid. But, if your startup is slow, you should look into it. Additionally, it is possible to have slow startup if you have poor network infrastructure such as poorly configured switches, routers, other unsuitable hardware, slow DNS, bandwidth and throughput issues, unusually high rate of packet drops due to poor equipment, etc. If you are running your network in VMs, also check hypervisor network configurations options within the hypervisor software settings.

@YaBoyDave215 Месяц назад

I followed this setup pretty close but when I sign into a AD profile nothing populate in the "Roaming profiles" folder on the server. Any thoughts?

@NetITGeeks Месяц назад

I assume you already tried rebooting the client device?

@YaBoyDave215 Месяц назад

@@NetITGeeks I'll try that now and update my comment. Edit: I restarted and now the folders started populating. Thank you for the tutorial!

@generalrodcocker1018 Год назад

and microsoft was not able for now 21Years? to integrate this step into the ad-gui? this is insane ... i made my mcse on windows-2000 but i turned to redhat afterward. it would be so elegant to simply show a input-element and a checkpoint "remote-profile y/n, name and group. et voila, consistent operation

@Share1Share1 10 месяцев назад

If I want to sync only user Desktop, how can I do?

@NetITGeeks 10 месяцев назад

I will have to look into this because at this time, I have no idea. Have you looked into Microsoft KBs? There maybe a way to do just the Desktop. If there is no GPO to do just a Desktop sync, I think we can use a Windows PowerShell script to get it done. You can launch scripts at startup using a GPO. I have a tutorial on that as well here: ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-j1hMPZfy9aM.htmlsi=TOxWqQ7QJzaraxwo

@Share1Share1 10 месяцев назад

@@NetITGeeksI don't know about script. But I have one more solution "Desktop Redirection" in GPO. But it is not good. When lose network connection user will not sign in to computer.

@NetITGeeks 10 месяцев назад

Thank you for the information on Desktop Redirection GPO options. I will look into this and may create a video tutorial. :)

@user-rw8uz4zh4n 11 месяцев назад

can you include sticky notes to roaming profile setup in your AD?

@NetITGeeks 11 месяцев назад

Can you explain what do you mean by "sticky notes"? Thanks.

@anthonylabrador2321 11 месяцев назад

How to include sticky notes to roaming profile by default without changing locations of sticky notes sqlite.

@anthonylabrador2321 11 месяцев назад

thanks sir for noticing my question here.

@NetITGeeks 11 месяцев назад

I will have to look into this and experiment on VM with the Windows Server. I don't know the answer. Sorry. :(

@niljawale4083 11 месяцев назад

How to provide rights to admin users to delete unwanted profile?

@NetITGeeks 11 месяцев назад

You can create a User Account and then modify Security Groups to give admin privileges. The other option is to modify an existing User Account to give admin privileges. I typically do this using a Security Group based assignments but you can do this directly on each individual User Profile as well.

@marouane5857 Год назад

Why we should disable Inheritance?

@generalrodcocker1018 Год назад

There is a lot you can do with Windows' permission model. But most of it works only with inheritance switched off. If I have a folder and the folder has "something to do with its structure": Inheritance ON. If not, inheritance OFF. Example: 1. i have profile folders on a file server. They each belong to the associated user (account). Inheritance OFF, should hopefully understand itself. No matter where the profile folders are located, they have nothing to do with the permission model above. If my profile folder is located at /Profiles/Berlin/User, then I can now have my IT access /Profiles and /Profiles/Berlin... without them having to be able to look at all users right away, and without a change for IT permissions having to immediately affect all employees. 2. i have a file storage for the employees. There are /File/IT and /File/Sales and /File/Management and so on. Inheritance for the subfolders is then (probably) on, at least if you first understand all employees as "employees" and then only define the "authorization delta" to /File on the subfolders. Now I can configure the auditors group on /File and they will automatically get access everywhere. (And again, inheritance can be turned off specifically for /File).

@NetITGeeks Год назад

@generalrodcocker1018 Thank you so much for replying to the above comment. I have been busy with work to respond to every single comment on this channel.