none
My Home Folder in UAG from active directory RRS feed

  • Question

  • I got file access working in the UAG portal, but I have had some issues with the home folder part. I set the home folder to a dummy account and it pulled it up just fine for everyone. When I set it to pull from active directory, no home folder shows up at all. I tried going to the Profile tab for a user and making sure that under Home Folder it says connect M to their home folder . I also tried putting that same thing in Terminal Services Profile. All of the shares I checked for File Access show up, just not the Home Folder.

    Is there a special location in AD where I need to say what home folder to use or is there a rights issue? Thanks
    Tuesday, March 2, 2010 2:38 PM

Answers

  • Hi Amigo. There are three ways to show drives in File Access:

    1) Selecting and marking the shares in the File Access GUI
    2) Setting a home directory. Two ways here: Specify a pattern \\server\%username% (for instance) or retrieve the value from the Home Directory attribute in AD (user properties->Profile->Home Folder-> Connect X: to \\server\share)
    3) Setting a logon script for the user in AD (user properties->Profile->User Profile->logn script-> myscript.bat)

    If using the three of them when the user launches FileAccess he will see on the left a tree with threee branches. The first one will be the shares assigned in the GUI. The second one will be his home directory and the third one will be "mapped drives" M: and S: (your example). For the logon script to be parsed please take into account my previous comments

    // Raúl - I love this game
    • Marked as answer by DDuckyD Thursday, March 4, 2010 1:32 PM
    Wednesday, March 3, 2010 2:58 PM

All replies

  • Under normal situations, where does your users get their Home Drive information from?

    AD, scripts, mapped to a share etc.

    You dont set the Home Folder location in AD, you set the Home Folder loction under Admin\File Access\File Access Admin..
    Tuesday, March 2, 2010 4:02 PM
  • I did go to admin\file access\file access admin and that is where i clicked "Pull home folder from AD"

    We have a batch file that runs at startup which maps drives using net use. That batch file is pointed to through group policy. There is more than one batch file because there are different servers for students vs elem teachers vs administrators.

    We have also tried creating a batch file that checks "if exist \\studentserver\user\%username% net use m: \\studentserver\user\$username%" for each server and we pointed UAG to that file through the File Access configuration > scripting engine, but nothing showed up in file access.

    We have also tried doing this through drive mapping, but because we want to connect to a folder within a share and we want to connect to a different server depending on who is logging in, that option doesn't seem to work.

    Thanks
    Tuesday, March 2, 2010 4:35 PM
  • Hi again Amigo :)

    A couple things to take into account:

    1) UAG will be able to parse the user's login script providing this is configured in the AD's attribute. Logon scripts deployed through GPO are not visible to UAG

    2) The "script engine" field is not aimed to point to the "script" but to the "software" that executes the script. When the script is a executable file (batch, exe, cmd) there is no need to specify an "engine" but if the script is let's say a Kix script you will need to point the script engine to let's say C:\program files\kix\kix.exe so that UAG will be able to "run" the script. This is also valid for vbs scripts (point to cscript.exe)

    3) When applying changes to File Access some times they are not inmediate. The reason for that is that UAG keeps a cache of the last logon result for some time so the drives are not evaluated once and again. Try to restart the Whale File Sharing service to clean the cache after appliying changes

    4) For the logon script to be executed, UAG will make a local logon with the user authenticated to the portal. UAG must be a domain member and the users mut be granted the "logon locally" privilege. Search the event viewer for unsuccesful logon events

    Hope it helps !!
    // Raúl - I love this game
    Wednesday, March 3, 2010 1:07 PM
  • Hi,

    You would be able to have similar experience in Terminal Services using the "Remote Desktop (user defined)" template and some customization. Users will always be routed to their machines. We are going to publish soon documentation on how to do this.

    Thanks,
             Meir :->
    Meir Mendelovich, Sr. Program Manager, Microsoft Forefront - IAG/UAG Product Group
    Team Blog: http://blogs.technet.com/edgeaccessblog/
    Anything you can do, I can do anywhere!
    Wednesday, March 3, 2010 2:00 PM
  • Raúl, great information. We tried to put our login script into the Login Script field under Profile in AD. When we log in, we still don't see anything and there is no My Home Directory button. We have UAG set to pull from AD for home directories. I don't think I understand how the script thing works. For our login script we have net use M: \\server\share and net use S: \\server\share. How does UAG know which one to make the home directory. And if we have two shares in the script, is it possible to have both of those show up in file access?

    Also, I did not see the Whale File Sharing service. Is that the same thing as Microsoft Forefront UAG File Sharing service?

    Thanks
    Wednesday, March 3, 2010 2:22 PM
  • Hi Amigo. There are three ways to show drives in File Access:

    1) Selecting and marking the shares in the File Access GUI
    2) Setting a home directory. Two ways here: Specify a pattern \\server\%username% (for instance) or retrieve the value from the Home Directory attribute in AD (user properties->Profile->Home Folder-> Connect X: to \\server\share)
    3) Setting a logon script for the user in AD (user properties->Profile->User Profile->logn script-> myscript.bat)

    If using the three of them when the user launches FileAccess he will see on the left a tree with threee branches. The first one will be the shares assigned in the GUI. The second one will be his home directory and the third one will be "mapped drives" M: and S: (your example). For the logon script to be parsed please take into account my previous comments

    // Raúl - I love this game
    • Marked as answer by DDuckyD Thursday, March 4, 2010 1:32 PM
    Wednesday, March 3, 2010 2:58 PM
  • We are able to get the first one to work.

    The home directory we just figured out by looking at another post on this forum and saw that we had to log in as domainname\uesrname. After logging in like that, we can finally see the My Home Directory.

    We still can't see mapped drives though. Under File Access > Configuration we have Show Mapped Drives checked and in AD we have under Profile > User Profile > Login Script we put the UNC path to a .bat file on the network that maps 2 network drives. Is there anything else we would need to do to get the mapped drives to show?

    Thanks again Raúl
    Wednesday, March 3, 2010 3:29 PM
  • Hi Amigo. Check that UAG has access to that UNC path (try opening \\server\share). Usually, the Netlogon share in DCs is the one that holds the scripts so there is no problem in getting there form UAG as the system policy in TMG allows that traffic. Another test is to make a logon in the UAG server with the user you are trying. If you see the drives mapped there is a chance that you will see it in File Access. If you see no mapped drives sure you won't see anything in File Access. (And I forgot in the previous post to confirm that the FileSharing service now begins with UAG and not Whale. I am still anchored to the past :)
    // Raúl - I love this game
    Wednesday, March 3, 2010 3:38 PM