Issue: Citrix/Roaming profiles are not used after RUM processing

Oct. 11th 2017

Description

Steps to recreate the problem:

  1. Citrix roaming profiles are in use.
  2. Roaming profile folders naming standard is “username.sourcedomain.v2”.
  3. Process profiles folder with a RUM processing task to add target permissions.
  4. When the migrated user logs onto the target domain a new roaming profile folder is created. This is not the expected behavior, the new profile name is in the format “username.targetdomain.v2”
  5. The target account does not use the processed roaming profile.

Resolution

The group policy setting that determines the location of the roaming profile folder needs to be changed:

  • Original configuration – with this group policy setting the roaming profile folder names are in the format username.domain.v2.
    • Computer Configuration/Administrative Templates/Windows Components/Remote Desktop Session Host/Profiles
      • Set path for Remote Desktop Services Roaming User – Enabled
        • Profile Path – specify the path in the form \\Computername\Sharename
  • Updated configuration – with this group policy setting the roaming profile folder names are in the format username.v2.
    • Computer Configuration/Administrative Templates/System/User Profiles
      • Set Roaming profile path for all users logging onto this computer
        • \\Computername\Sharename\%USERNAME%
      • Copy all user profiles and permissions to the user profiles folder with the name username.v2 (removing the domain name).
      • Update group policy to use the %USERNAME% variable. Remove the original configuration from the GPO
      • Process the roaming profile and logon using the target account.  Using the new GPO setting will force the folder name to be “username.V2” and not to include the domain name.

The original configuration using the “Set path for Remote Desktop Services Roaming User” GPO setting includes the domain name in the roaming profile folder name, which caused the logon process to create a new folder with the target domain name. Updating the GPO to use the “Set Roaming profile path for all users logging onto this computer” removes the domain name from the folder name and allows the user to logon to the processed profile on the target domain.

Written by John Hobbs

Posted by LeadThem Consulting | in Authentication Services, Uncategorized | No Comments »