Active Directory GPO - Folder Redirection

Active Directory GPO - Folder Redirection

Microsoft Documentation

Warning
If you deploy roaming user profiles with folder redirection in an environment with existing local user profiles, deploy folder redirection before roaming user profiles to minimize the size of roaming profiles. After the existing user folders have been successfully redirected, you can deploy roaming user profiles.

Introduction

When a user with the folder redirection GPO logs into a Domain joined host, a copy of their directories (default is %homedrive%%homepath% is downloaded from the server. This GPO aids in the persistence of folders for multiple users logging into multiple Domain joined computers. 
Alert
There are some considerations with the addition of Microsoft OneDrive that should be considered - Microsoft Learn Site Article

Install Microsoft RSAT Tools

  1. Install Microsoft RSAT tools to your workstation:

  • Log in to Windows with an administrator account.

  • Open the Settings app by pressing WIN+I.

  • Click Apps in the Settings app.

  • On the Apps & features screen, click Manage optional features.

  • On the Manage optional features screen, click + Add a feature.

  • On the Add a feature screen, scroll down the list of available features until you find RSAT. The tools are installed individually, so select the one you want to add and then click Install.

After a few minutes, the RSAT tool you selected will be installed on your device.


We recommended installing the following tools to manage your Domain:



Create Storage in the Uplevel Portal

  1. Navigate to the Uplevel Portal > Storage section for the site you are managing. Click on the + icon to add a new File Share.

The share will automatically map to domain with “Authenticated users” permissions, which is equal to “Everyone joined to the domain”

Warning
      Domain objects must be uniquely named . As an example, if you name the share: “Folder_Redirections”, only this domain object may use that name.

Create the GPO

  1. Log in to a computer (or preferably RSAT tools) with an account that can edit group policies, such as an AD Domain Administrator account.

  2. Open the Group Policy Management Console. 

  1. Right-click your AD domain and select Create a GPO in this domain

  2. Enter a name for the GPO, such as FolderRedirections. The new GPO is shown below the domain entry. 

  1. Right-click the newly-created GPO and select Edit to open the Group Policy Management Editor.

  2. Navigate to the User Configuration → Policies → Windows Settings → Folder Redirection entry.


















Set Folder Redirection on the GPO

  1. Right-click to the folder to redirect, such as Documents, and select Properties.

    1. On the Target tab:

    2. Setting: Basic - Redirect everyone's folder to the same location

    3. Target folder location: Redirect to the following location

    4. Root path


10. On the Settings tab:
  1.  Unselect Grant the user exclusive rights.
  2. Unselect Move the contents of Documents to the new location.
  3. Select Also apply redirection to Windows 2000, Windows 2000 Server, Windows XP, and Windows Server 2003 operating systems.
  4. Select Leave the folder in the new location when policy is removed.
  5. Click OK.
  6. You may choose any additional directories that you would like to be redirected

Setting up a Group for multiple users

Info
If you would like to set up GPO for multiple users,  you will need to create a  group in the Uplevel Portal > Directory > User Groups section. For example: "redirection", and then assign desired users to this Group.

11At the Group Policy Management Editor remove “Authenticated Users” and add a newly created group. Also, you need to add “Domain Computers” to keep GPO working on all Windows versions.


11. At the Group Policy Management Editor remove “Authenticated Users” and and add the newly created "redirection" group.. Also, you need to add “Domain Computers” to keep GPO working on all Windows versions.



12. Close the Group Policy Management Editor. The GPOs are automatically saved on the Sysvol share on the domain controller (DC).
13. Close the Group Policy Management Console.
14. After the GPO has been applied on a workstation, all members of the “redirection” group will have same “Documents” folders.

Force Update Group Policies

Notes
NOTE: Windows periodically refreshes group policy settings across the network. On client computers, this is done by default every 90 minutes, with a randomized offset of plus or minus 30 minutes. When you make a change to a group policy, you may have to wait two hours (90 minutes plus a 30 minute offset) before you see any changes on the client computers. Nonetheless, some changes will not be applied until the computer is restarted.

If you need to make the change right away, use the following shell command to start the updating process: gpupdate /force


      This command compares the currently active GPO to the GPO on the domain controllers. If there has been no change since the last time the GPO was applied, the GPO is skipped. When the GPO updates:
  1. PS C:\ gpupdate /force
  2. Updating Policy...
  3. User Policy update has completed successfully.
  4. Computer Policy update has completed successfully.

    • Related Articles

    • Active Directory GPO - Folder Redirection

      Microsoft Documentation https://learn.microsoft.com/en-us/windows-server/storage/folder-redirection/folder-redirection-rup-overview Introduction When a user with the folder redirection GPO logs into a Domain joined host, a copy of their directories ...

    • Domain Controller (Active Directory) Setup

      Introduction There aren't any guidelines or instructions on the functioning of the Uplevel Domain Controller because it acts essentially identically to a conventional Microsoft Domain Controller from the standpoint of workstations. Microsoft offers a ...

    • Active Directory GPO - Roaming Profiles

      Microsoft Documentation https://learn.microsoft.com/en-us/windows-server/storage/folder-redirection/deploy-roaming-user-profiles Introduction A roaming user profile is a file synchronization concept in the Windows operating system that allows users ...

    • Active Directory - Export Microsoft Domain to CSV File

      How to Export User Accounts Using Active Directory Users and Computers You'll be happy to know you can easily export all Active Directory information through the GUI ADUC or with a Powershell script. You only need to open ADUC, navigate to your ...

    • Azure vs. Uplevel Active Directory

      Portions of this article are from the Blog post on our website - https://www.uplevelsystems.com/blog/uplevel-ad-vs-azure-ad-whats-the-difference Introduction On-premises Microsoft Active Directory, Uplevel Active Directory compatible Directory ...