ADUC expands environmental variables too soon

[Givdesh Dusanda]

Problem:
The Active Directory Users and Computers (ADUC) snap-in
keeps expanding environmental variables in profile and/or
home-directory paths every time Apply or OK buttons are
clicked.
System: Windows 2000 SP4 AD mixed-mode network.

As many admins know environmental variables can be used in
user settings to simplify the creation of new accounts.
The theory goes that if you create a template account with
a profile path of \\server\share$\%user% then you can
generate new accounts by copying the template and the path
will be filled in at runtime with correct value for each
user.

Microsoft also say that you can also make the server name
into an environmental variable in the path for profile
path and in logon scripts. In this way a client PC at a
branch office can b directed to the closest domain
controller, rather than trying to download across a WAN to
a distant DC at HQ.

Here's the relevant URL:
http://www.microsoft.com/windows2000/en/server/help/default
..asp?url=/windows2000/en/server/help/sag_lsconcepts_3.htm


Nice idea but Windows 2000 ADUC on my system keeps
expanding the evironmental variables so that the
user/server name is filled in before the console closes.
This means template accounts loose most of their advantage
and it is only possible to download profiles from a
predetermined server, set at the DC.

I thought the upgrade to SP4 might fix this problem but no
joy there. ADUC remains stubbornly resistant to my efforts
to make it keep environmental variable names in the path
definitions.

Is there something I'm not doing? Is some special reg hack
needed to make this stuff work?


GD

 

[Richard McCall [MSFT]]

Unfortunately not. I lament the old NT4 style of template users however they
do not work that way in w2k.

 

[Givdesh Dusanda]

Thanks for the quick response Richard.

So template accounts might work slightly different between
NT4 and Windows 2000.

Surely the behaviour of ADUC immediately expanding
environmental variables must be wrong. There's no real
advantage of it working this way.

Besides the use of environmental variables in account
settings I referred to was mentioned on an official
Windows 2000 website and quoted on TechNet.
Was a member of the doc team a bit to hasty with copy and
paste from the old NT4 texts?

So how then are variables used in the Windows 2000 world?


GD

 

[Steven Liu]

Hi Givdesh,

I checked the article you described. The %servername% only can be used for
scripts.

In the article, it describes 2 sites: London and Paris. We can define the
%servername% as londondc1 in London site and define %servername% as
parisdc1 in Paris site.

The logon script of the 2 site can be different and the logon script is
samll.

If you use this way to define the User Profile, you should have the 2
copies of the whole user profile on the londondc1 and parisdc1. The logon
profile are large. And, you should make sure the content on the 2 servers
are same since user only should have the same logon profile.

In this way, you can use the DFS (Distribution File System) to accomplish
this goal.

Create a DFS share on the 2 servers. Copy all user profiles to the DFS
share. DFS will sycn the content on the 2 servers to make sure the data is
same. And, when user access the \\server\dfsshare, the DFS root will
re-direct to the client the closest server to access the files.

For the DFS, you can refer to the article:

812487 Overview of DFS in Windows 2000
http://support.microsoft.com/?id=812487

Thanks for using Microsoft Newsgroup!

Sincerely,

Steven Liu [MSFT]

Microsoft Online Partner Support

MCSE 2000

Get Secure! - www.microsoft.com/security

This posting is provided "as is" with no warranties and confers no rights.

 

[Guest]

Thanks for replying Steven.

The DFS solution is a neat way of downloading profile from
the nearest server.

My main question still hasn't been answered though. Why
are the environmental variables being expanded at the
moment I close the properties dialog of a user account on
ADUC.

Does ADUC not support environmental variables expanding
at 'runtime' any more.

GD

 

[Givdesh Dusanda]

Erm. Looks like I clicked on Send to quickly.
That last post was from me, if you haven't guessed already.

Givdesh.

-----Original Message-----

Thanks for replying Steven.

The DFS solution is a neat way of downloading profile from
the nearest server.

My main question still hasn't been answered though. Why
are the environmental variables being expanded at the
moment I close the properties dialog of a user account on
ADUC.

Does ADUC not support environmental variables expanding
at 'runtime' any more.

GD

-----Original Message-----
Hi Givdesh,

I checked the article you described. The %servername% only can be used for
scripts.

In the article, it describes 2 sites: London and Paris. We can define the
%servername% as londondc1 in London site and define % servername% as
parisdc1 in Paris site.

The logon script of the 2 site can be different and the logon script is
samll.

If you use this way to define the User Profile, you should have the 2
copies of the whole user profile on the londondc1 and parisdc1. The logon
profile are large. And, you should make sure the content on the 2 servers
are same since user only should have the same logon profile.

In this way, you can use the DFS (Distribution File System) to accomplish
this goal.

Create a DFS share on the 2 servers. Copy all user profiles to the DFS
share. DFS will sycn the content on the 2 servers to

make
sure the data is

same. And, when user access the \\server\dfsshare, the DFS root will
re-direct to the client the closest server to access the files.

For the DFS, you can refer to the article:

812487 Overview of DFS in Windows 2000
http://support.microsoft.com/?id=812487

Thanks for using Microsoft Newsgroup!

Sincerely,

Steven Liu [MSFT]

Microsoft Online Partner Support

MCSE 2000

Get Secure! - www.microsoft.com/security

This posting is provided "as is" with no warranties and confers no rights.

.

.

 

[Steven Liu]

Hi Givdesh,

The ADUC supports the environmental variables. Therefore, it will be
converted to the URL here immediately.

The workaround is to use the DFS here.

Thanks for using Microsoft Newsgroup!

Sincerely,

Steven Liu [MSFT]

Microsoft Online Partner Support

MCSE 2000

Get Secure! - www.microsoft.com/security

This posting is provided "as is" with no warranties and confers no rights.