PREFACE: I am a helpdesk operator/student who has volunteered to work on local small business IT problems for experience. I apologize in advance if I have missed an obvious solution!
I am attempting to set up roaming user profiles by following the recommendations of this Microsoft article in a server 2012 r2 enviroment: https://technet.microsoft.com/en-us/library/cc737633(v=WS.10).aspx
I have two domains, joined in a forest wide, two-way transitive trust.
Login within the domain works a-ok, but cross-forest login attempts simply logs in using a locally created account.
I have already checked that both forests have the "Allow Cross-Forest User Policy and Roaming User Profiles", and that the GPO's are applying to the relevant workstations. I have also checked that each DNS server has appropriate conditional forwards, and that all machines in question are reachable, and that domain1 workstation can resolve domain2's domainname to the relevant server.
I have two questions.
When specifying a path for the in the profile tab of the user, is there a difference between \domain1.co.xx\PROFILES\%username% and \SERVERFQDN\PROFILES\%username?
I feel frustrated by my lack of knowledge when it comes to understanding how to drill down beyond a google search to solve these types of issues. Can someone point me towards any resources they recommend on troubleshooting in-depth?
CONFIG AHOY!!
My local files look like this: C:\SHARE\PROFILES\
My share address is \HOSTFQDN\PROFILES\
NTFS Permission for PROFILES folder:
Creator/Owner Full Control, This Folder, Subfolders And Files
Administrators Full Control, This Folder, Subfolders And Files
Local System Full Control, This Folder, Subfolders And Files
Security group of users List Folder/Read Data, Create Folders/Append Data - This Folder Only
Everyone No Permissions
SMB Permissions of PROFILES:
Everyone Full Control
NTFS of individual user profiles within PROFILES:
%Username% Full Control, Owner Of Folder
Local System Full Control
Administrators *Full Permissions: Using GPO that forces Admins to have FC on profile creation!
