Short variant: I don’t see that roaming user profiles get replicated across primary and backup domain controllers: shouldn’t that be done automatically?
Long variant:
Last time I created Windows domain controllers was with Windows NT 4, I avoided AD for its entire life time, just so you know where I am at.
I’ve stuck with workgroups and local profiles whenever I was stuck with Windows, because I was afraid of all those “forrests” and “trees” and having to go too deep for my relatively trivial personal use cases.
And did I mention that I “grew up” on diskless Sparkstations with an NFS root allowed you to roam transparently between devices?
And later I used X-terminals both for Unix and for Windows (via a Citrix derivative by Tectronix).
The latter offered the same user experience as the Sparcstation, even for Windows, a single roaming desktop no matter which physical access device you were using…
Obviously with Windows I now expect the same, except it should now also support disconnected mode via a laptop, made possible by roaming profiles and automated folder synchronization, right?
Since Univention is the better AD, I’ve stuck my neck out and am taking baby steps with Windows clients.
And since I’d seen mentions of “replication” for domain data in the documentation and I well remember that even on NT3.51 and NT4 you’d use backup domain controllers for resilience, I was naturally assuming that a single point of failure for domain controllers would never exist with Univention either.
I don’t have logon scripts or custom policies yet, but I would like to use roaming profiles with my various Windows clients, many of which are VMs.
So I had three DCs set up, one primary and two secondaries for use with LDAP/Linux for a while now, all nicely replicating LDAP.
And then I added AD and started to join my first Windows client, which went well enough (actually I tried it all in a set of VMs first with only a single DC).
Color me surprised that I couldn’t simply transfer a local profile to a roaming one, but that’s a different topic.
So I created a new domain user profile to my liking and then marked that “roaming” and logged off. That took a nice long time to copy all that profile data on the logon server, which happened to be the tertiary or 2nd backup DC in this case.
But that didn’t get replicated to the primary and the backup controller. Actually there were partials there, evidently from the other machine (a VM) which I was using to test the roaming, but not the full profile from the primary machine.
I was then hunting for any sign or trace of a process that would copy the profile data analogous to how the SYSVOL portion of the DCs gets copied…
And I couldn’t find any.
So what’s going on here? How are you supposed to ensure that roaming profiles remain consistent across logon servers?