This is a long post with a few questions in it. They are all related to the same issue though, and solving one or the other will probably solve the others. I did look on superuser for similar questions but none of the answers really helped me understand how things work and the limitations.
I really appreciate anyone who can answer any of my questions. Even if it just one of them.
I have a domain controller with several workstations attached on a local network at work. Currently the workstations all login with a domain account. There are a few shared drives that can be accessed based on security policies. I am looking into folder redirection and have a few questions that Microsoft TechNet failed to explain well.
For reference, the server is running Windows Small Business Server 2008 R2, and the workstations run Windows 7. Everything is done locally other than laptops which connect to the VPN and then the network shares with their domain logins but have user profiles set up outside the domain. I would assume any sort of folder redirection is impossible in those cases but if anyone knows a way to setup a laptop to use a Domain Account login, and still log into the account when not in the domain then let me know.
First off, what's the point of redirecting My Documents to the "Home Directory"? I assume that by home directory they mean C:\Users\username\ like in *nix or is that incorrect? If so that makes no sense as My Documents resides within that directory. Some research suggested the Home Directory was really C:\Windows or C:\System32 but that also baffles. So the second question is what is this "Home Directory" they refer to on Windows?
Next, folder redirection in general. I have a vague understanding of how it works from what I could glean from TechNet, but I really don't get what it does exactly.
To help in understanding what I'm asking I'll explain what I'm looking to accomplish. Mainly I would like to find a way to redirect certain directories, or the entire C:\User\username directory on each of the workstations within the domain to certain directories on the Domain Controller or if possible preferably on a NAS attached to the network. (The available NAS are a Lacie 5 Big, and a Synology RackStation 814+).
I also would like to accomplish the redirection of all recycle bins onto the domain controller/NAS. So that when anyone deletes something it remains for a certain time/until I remove it. Also when files are deleted from the network shares on a workstation, the file doesn't go into any recycle bins. I would like to have the files do the same thing as the other recycle bin files. Finally, if the recycle bin redirection is possible can it display data as to what was deleted by what PC, when? Is any of this possible? If so what is the proper route to set this up and if not what is possible to achieve something close to my goals.
In summary I would like for at least a certain part/the entire user directory to reside elsewhere and use up space there rather than on the local machine. Also for the recycle bins to be redirected to the DC/NAS as well as have files on the Network Shares that are deleted by workstations actually go to a recycling bin rather than just disappear completely.
Thanks a million for any advice, I know this was a very long question with multiple questions in it. But they are all related to the same topic and while I'm great with Linux servers, Windows servers throw me off.
Best Answer
To address your question about disconnected computers (laptops/notebooks) being joined to the domain. This is very common. When disconnected from the domain, those users who use domain joined laptops/notebooks will log on to the laptops with cached credentials for their domain user accounts (so long as they've logged onto the domain at least once while connected), so their locally cached domain user profile will load for them when they log on. Again, this is very common and is transparent to the user.
To address your question regarding redirecting the users Documents/My Documents folder to their Home Directory/Home Folder; Admittedly, I haven't ever changed the Home Directory/Home Folder setting for users and used Folder Redirection in concert with it. I've simply used Folder Redirection on it's own to redirect the Documents/My Documents folder to a network share set up for that purpose. Someone else can probably provide you with a use case for the Home Directory/Home Folder scenario. I think you would use it if you were setting an alternate path for their Home Directory/Home Folder (to a network share). You wouldn't redirect their Documents/My Documents folder to the default location of their Home Directory/Home Folder, because as you stated, that wouldn't make sense, but if you set their Home Directory/Home Folder to a network share you could then redirect their Documents/My Documents folder to that location.
Regarding your question about folder redirection in general; That's most often used to redirect the users Documents/My Documents folder to a network share for the reasons I stated in point number 2 and to "uncouple" or "decouple" the Documents/My Documents folder from the user profile in the case of Roaming Profiles, which I'll get to in a later point. What Folder Redirection does is to redirect those folders to an alternate location from the default location. When Folder Redirection is implemented for the Documents/My Documents folder, for example, it will copy the contents of those folders to the redirected location, again most commonly for ease of administration and backup of the user data. When users subsequently save data/files to their Documents/My Documents folder they are saved to the redirected location. This is also transparent to the user. with Folder Redirection, each redirected folder will have it's own Recycle Bin, so files and folders deleted from those redirected folders will be captured and persisted to the Recycle Bin. Files and folders deleted from mapped network drives will NOT be captured to the Recycle Bin. If you want to capture those deletes you'll need to use a third party product, such as Undelete Server.
"But how do disconnected users access their Documents/My Documents folders if I redirect them to a network share?" Good question. The answer is through the use of Offline Files used in concert with Folder Redirection. With the Documents/My Documents folder being redirected to a network share and those folders subsequently configured for offline use, the user will have a cached copy of those folders stored on their laptop/notebook. The user may create, edit, delete or otherwise work with those folders and files while offline and those changes will be synchronized with the folders and files on the network share when the user reconnects to the domain network.
Roaming Profiles; Roaming Profiles are used to allow for a common user experience (consistent user profile) regardless of the computer they're logging on to. So a user can log onto workstation A, log off, log on to workstation B and maintain the same desktop, application settings, etc. Again, this can ease user data/profile management and allow for user profiles to be backed up. Redirecting the Documents/My Documents folder out of the user profile (decoupling) allows the user profile to remain relatively small in size. (large roaming profiles make for long logon and logoff times while the roaming profiles are loaded from and to the network share where they're stored). Roaming Profiles can be used with mobile users. When a user logs on to their laptop/notebook while connected to the domain their user profile would be loaded from the network share that hosts the roaming profiles. When they log on to their laptop/notebook while disconnected from the domain a locally cached copy of their roaming profile will be loaded. The roaming profile is kept "in sync" via a "last writer wins" algorithm/mechanism, meaning that the most recent copy of a file in the profile is the one that will be written back to the profile location (note that there's a change in Windows 7/Windows Server 2008 R2 that affects the NTUSER.DAT file of the roaming profile that allows for periodic "online" uploads of the users NTUSER.DAT file - I believe this is disabled by default but can be managed with Group Policy).
Hopefully that answers most, if not all, of your questions and hopefully I haven't left anything out or gotten anything wrong. If I have, someone else will offer corrections I'm sure. Hopefully you'll get some additional answers as well.