3

we are an organization with 40k users. This organization is composed of multiples structures.

We have one single forest Active Directory with flat DIT. We want to keep this AD in order to authenticate all our computers and users in all sub structures.

The problem is that these structures could have their own file servers, profile and home politics which don't comply with the IT dept which owns its own file servers too. Home and profiles paths are regurlarly modified to comply with the structure the user's belonging to. But users can belong to multiple structures.

We're looking for a way to dynamicly assign the good profile things depending where the user is logging in. If the user is working the morning in a structure A, we want him to work with the profil provided by structure A, and the after-noon, when he's working in structure B, working with profile provided by structure B.

Is there a way to get it working without changing home and profile path in the directory, and set a unique path ?

There is DFS but it seems that it depends on AD Sites and replication which we don't want.

Is there things like CIFS geo director or proxy, I don't kown how to call that thing.

Do you know a way to get this working, keeping unique paths without redesign our AD ?

Harry Bahh
  • 31
  • 1

2 Answers2

1

AD sites is exactly what you want, it is designed to solve this very problem.

JamesRyan
  • 8,138
  • 2
  • 24
  • 36
0

You can configure roaming profiles per computer using the "Set roaming profile path for all users logging on to this computer" policy.

Add each group of computers you want to separate to a different group, create a GPO which is filtered to that group, and configure the profile path policy.

If you are running 40k users within a single site, you should probably investigate sites a bit further... you typically don't get that large without requiring some of the geographic isolation sites provide.

Mitch
  • 2,343
  • 14
  • 22