If you administer an environment that utilizes server stored profiles or roaming profiles, you probably already know what a nightmare these can be to manage. Many have run into problems also in trying to relocate roaming profiles to a different server and may not know the best way to go about doing this. Roaming profiles utilize very special permissions on the folders that are created by the system when a user logs on.
Very small changes to these permissions can lead to a broken server side profile. In fact, even if you are logged in as a domain administrator on the server that houses the profiles, you will receive an access denied message when you attempt to access the folder. This is because the permissions that are set on that folder are specifically set so that the user who owns the profile and the system are the only ones who have access to it. As a Domain Administrator, you can certainly go in and take ownership of the folder, however, if you do not carefully set the permissions correctly, it will break the profile.
Now, on to the best way to move the profile. We went through the above spill about permissions because we have seen many make the mistake of simply trying to “copy” the folder from one server to another. They first realize they can’t access the folder, so they change the permissions, and then copy the contents. However, once they try to point the user back to the newly housed profile, the problems begin.
The easiest way to do this is to use a VSS aware and enabled backup utility that is able to copy all the permissions exactly as they are configured into a backup file and then restore this file on the new server. The old Windows NT Backup utility is VSS aware so that it is able to copy permissions and all items in a folder without issue.
Recently, a client was moving from a Windows 2003 Server to a Windows 2008 R2 server on new hardware. In order to get the profiles from the old server to the new server we simply used NTBackup to backup the profile folders to a network storage device and then used the Microsoft add-on download for NTBackup on Windows 2008 R2 to restore the file. You can only use this utility to restore, although in the above mentioned scenario this worked perfectly.
Restore Utility – https://www.microsoft.com/download/en/details.aspx?id=4220
As you can see in the screenshot above, you only have the “Restore Wizard (Advanced)” functionality
After you have restored the profile folder to its new home on the new server, you can simply edit the properties of the Active Directory User to point to the new profile location.
- The beauty of the process is that it can be done at anytime, even when the user is logged in.
- The AD profiles property for the user can be updated on the fly
- Any changes to the profile the user has made will update the new profile folder location when the user logs out
- Everything should work seamlessly since all permissions were preserved
Any errors when the user logs back in will be captured in the Windows Application log as a Winlogon or User Profile Service event. Again everything should be seamless to the user as long as all permissions were carried over correctly and there are no mistakes in the profile path field in Active Directory.