Windows Server 2008 R2 Thread, Bulk users and home folders - best practice? in Technical; Hi,
I am setting up a new server 2008 r2 with windows 7 clients and I'm looking for a bit ...
10th May 2011, 09:32 AM #1
- Rep Power
Bulk users and home folders - best practice?
I am setting up a new server 2008 r2 with windows 7 clients and I'm looking for a bit of advice on how best to bulk add students and teachers and assign them their home folders.
This is my first time setting up a 2008 r2 server and I'm getting a bit confused.
I have set up a shared folder d:\work$ and within this I have subfolders for students and staff which is then divided again into year groups e.g. d:\work$\students\2011\
I want to create the 200 users in ad, create a folder for each of them under 2011 folder, set up folder redirection and roaming profiles.
What is the best way to go about this? Should I be scripting everything, the adding users, creating folders and setting rights to the folders? or should I just be using a script to add the users to AD and using gpo to do everything else?
IDG Tech News
10th May 2011, 09:45 AM #2
You might find this useful... Mikey Magic's Web Site - Active User Manager
Folder redirection is/can be done purely through group policy, and folders for My Documents will be automatically made when you create the users in AD, as long as you set a Home Directory path.
I would advise setting up another share for profiles, and setting the profile path in AD for the users as well. A useful tip would be to use %USERNAME% when typing in the profile and home directory locations. For example, your 2011 students would have \\<servername>\work$\students\2011\%USERNAME% as their home directory and \\<servername>\profiles$\students\2011\%USERNAME% as their profile path.
There shouldn't be a need to script anything, but there is more than one way to skin a cat!
2 Thanks to simpsonj:
cheeseslice (10th May 2011), stevenlong1985 (27th September 2012)
10th May 2011, 10:05 AM #3
- Rep Power
thanks for the quick reply.
I'm having a look at the link you gave me now.
What permissions do I have to set on my share work$?
10th May 2011, 10:11 AM #4
I would set the share permission to have Everyone with Full Control, but make sure the folders themselves only give the student in question and the Administrator access. But other people will have different ideas on security. I'm reasonable lax because I don't think the students here are malicious, others won't give students an inch.
10th May 2011, 10:13 AM #5
Check out the tools from Wise Soft WiseSoft - Resources for IT Professionals
I've used them many of times before without fail! will do what you want without any issues.
Account Management Spreadsheet < That will create your user accounts and allow you to fill in information.
Bulk AD Users < That will help with bulk modifying the users attributes.
I hope that helps,
10th May 2011, 10:14 AM #6
you don't need a subfolder called 'students' that should be obvious.
For each year make a folder which the name is the year they started. for staff the folder is staff. share these folders
so you have
no need to make it more complicated than it needs to be
10th May 2011, 10:16 AM #7
Second the Wisesoft software, very handy (just make sure that you use it carefully, I have managed to mess up big style using the Bulk AD Users software...)
10th May 2011, 01:49 PM #8
- Rep Power
You are right, there is no need for me to do that, I'll change that now.
Originally Posted by browolf
Am I right in saying that I don't have to stipulate a home folder if I am going to use a folder redirection gpo?
With folder redirection, will I have to make a policy for each intake year so that the redirection goes to the appropriate subfolder?
10th May 2011, 02:16 PM #9
Personally I give them a home folder in AD and then redirect to the home folder, so that you don't need to do part 2 of your post and make a different GPO for each year (though you can set different redirections based on group membership if thats the route you want to take). I've found that Windows 7 was a bit grumpy about redirecting My Docs unless it was set to redirect Home Directory, but YMMV.
As a heads up, you might want to ensure that Libraries are dealt with in any way you see fit. The reason being is that if the Redirection fails, they will still have a My Documents, but it will be the C:\Users\Public\ My Docs, leading kids to save onto C: and thus it won't be there when they log back in. I use a mandatory profile to get around this issue, but if you're using individual profiles you might want to look into an alternative...
10th May 2011, 02:27 PM #10
If you have a staff folder and a student folder then you only need to make 2 shares i.e staff$ and student$ whereas if you just use year of entry folders 2010, 2011 etc... you will have more shares.
There is a MS document on technet regarding default permissions.
You can use tools such as dsadd or csvde to create the accounts.
Don't bother with trying to use the $username$ substitution if trying out dsadd it doesn't work.
Once they are created you can do a bulk modify on the home folder attribute and change it to \\server\student$\2011\%username% or whatever path matches in your environment and it will automatically create the home folders for you.
10th May 2011, 02:33 PM #11
My own personal concern with creating one share and putting every user under that one share is that shares have been known to fail (or they have for me), and the more people rely on that share, the more of a pain it can be. I have every student having their own hidden share, which for many is OTT, but when the share fails (for whatever reason) only one student is afffected, not the entire year or all students... But again, that's completely personal
10th May 2011, 02:54 PM #12
You can use an advanced redirection policy to do it by group membership which is probably the easiest way. No need for home folders, very NT4 ;-)
Originally Posted by cheeseslice
10th May 2011, 02:56 PM #13
If you're getting shares fail on a regular basis then you have some serious problems with your network infrastructure.
Originally Posted by simpsonj
11th May 2011, 09:37 AM #14
- Rep Power
Do you use roaming profiles as well? I'm trying to work out if they are worthwhile or not in a school environment. I have been asked to create a group policy that locks down as much as possible. Though I think that it is nearly impossible to do this without some sort of third party software.
Originally Posted by teejay
11th May 2011, 09:56 AM #15
You can lock down your clients very tightly using just GPO and GPP no need for 3rd party tools.
Originally Posted by cheeseslice
By jdibsdale in forum Windows
Last Post: 31st March 2010, 04:13 PM
Last Post: 20th September 2009, 03:08 PM
By Techie101 in forum Windows Server 2000/2003
Last Post: 13th July 2009, 03:26 PM
By theeldergeek in forum Wireless Networks
Last Post: 21st January 2009, 04:50 PM
By timbo343 in forum Virtual Learning Platforms
Last Post: 15th July 2008, 03:38 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)