Windows IT Pro is the authoritative and independent resource for windows nt, windows 2000, windows 2003, windows xp. Features a collection of resources and magazines for windows IT professionals.
  
  
  Advanced Search 


February 2008

Best Practices for Managing User Data and Settings, Part 1

An effective server-side back end will help you handle an otherwise intricate chore
From the February 2008 Edition
of Windows IT Pro
Dan Holme
Feature
InstantDoc #97841
Windows IT Pro
Email this Article
Printer Friendly
Reader Comments
Digg This
Del.icio.us
RSS
Subscribe to Windows IT Pro | See More User Management and Profiles Articles Here | Reprints | Or get the Monthly Online Pass—only $5.95 a month!

You must also share the Users folder a second time for paths that point to the user’s roaming profile. I recommend a name such as Profiles$. Again, assign the Full Control share permission to the group of users on the server or to the Everyone group. The reason that the Users folder must be shared a second time is that you must disable caching on SMB paths to user profiles. It’s a long story that has to do with a potential conflict between Windows Offline Files and roaming profiles. Caching is enabled by default and should be left on for the Users$ share to support laptop users in the UDS framework. But you must disable caching on the Profiles$ share, as you see in Figure 2. Users—including laptop users—will still get a synchronized copy of their user profile on their local systems by using profile synchronization, which is a separate mechanism from the caching of Windows’ Offline Files feature.

Use DFS Namespaces to Abstract and Present Each User’s Data Stores
The final piece of infrastructure is DFS namespaces—a very important component. If you’ve ever moved a user’s data from one server to another, you know that you have to change a lot. You have to change the user’s roaming profile path and the GPO and registry folder redirection settings. That’s easy enough, but think about all the links within and between documents. For example, think about all the Microsoft Excel worksheets with linked formulas pointing to \\server01\users$\dholme\Documents Finance\excelfile.xls that must be changed to \\server02\users$\dholme\Documents Finance\excelfile.xls. That “path migration” is a great deal of work, and most organizations aren’t equipped to thoroughly migrate user data paths, particularly for inter-document links. So they don’t, and productivity is lost.

DFS namespaces, like the other components I discuss in this article, require thoughtful design, but I can recommend the design that Figure 3 shows as a best practice. Figure 3 represents what I call a fully enumerated DFS namespace, in which each UDS store is presented in the DFS namespace. A user is given a first-level folder within a domain-based DFS namespace (e.g., \\contoso.com\Users). Below that folder is a single level of subfolders— one for each data and settings store. So, the paths used for roaming profiles and redirected folders are simple: \\namespace users\username\foldername (e.g., \\contoso .com\users\dholme\desktop and \\contoso .com\users\dholme\profile). The namespace abstracts the fact that several data stores are actually subfolders of a parent Data folder on the server. So, the Data folder on the server can manage quotas in the physical namespace on the server without adding complexity to the namespace used for administering UDS.

Each folder in the user’s DFS namespace targets the appropriate folder on the server. The data folders use the \\servername\Users$ username\Data\foldername path as the target, through the Users$ share that allows caching. The profile folders use the \\servername\Profiles$ username\Profile and \Profile.V2 paths as targets, through the Profiles$ share that disables offline files, because roaming profiles have a separate mechanism for synchronization.

Understand Why a Fully Enumerated DFS Namespace Is a Best Practice
Proposing individual DFS namespace folders for each user data store might seem extreme. Many organizations have a simpler DFS namespace, such as the one that Figure 4 shows. Such a DFS namespace can serve a small organization well. Paths to user data stores take the form \\domain\users data\%username%\data\foldername (e.g., \\contoso.com\users\data\jfine data\documents). The appearance of \data twice isn’t a typo. The first \data folder is in the DFS namespace, which targets the Users$ share in the server’s SMB namespace. The %username% folder and the second \data folder are in the physical namespace on that server, within the Users$ share.

But even in a small organization, there’s a big problem: This namespace is inflexible. The DFS namespace (e.g., \\contoso .com\users\data) targets a fixed SMB namespace (e.g., \\server01 users$). If some users’ data stores are moved to another SMB namespace (e.g., \\server02 users$), you’ll be stuck rebuilding the DFS namespace. Even worse, you’ll have to do the involved “path migration” for roaming profiles, redirected folders, and all inter-document links. Also, any laptop users would have to have their offline files cache manipulated to avoid a total resynchronization.

You might consider using Figure 3’s namespace down to the user level and avoiding the subfolders for individual data stores. You can get away with that configuration for now, but you’re building in a hard-wired dependency on the physical namespace— Desktop, Documents, and the media folders are all in the Data folder. If you ever need to change your management on the back end, you’ll be stuck again. I’m expecting that, someday, we’ll be able to redirect the Documents store to a SharePoint My Site. That’s “pie in the sky” thinking right now, but by abstracting the location of Documents, I’m hoping to make the migration of individual data stores to other servers or even other technologies a bit smoother down the road. It’s easy enough to provision the DFS namespace for a user with the aforementioned scripts, so why not build the most flexible and forwardlooking namespace for manageability?

These considerations, plus concerns related to the interactions of other components of the UDS framework, make a fully enumerated DFS namespace a best practice. Further details are too much to cover in the space I have here, so be sure to check out the resource kit, which discusses the pros and cons of other DFS namespace structures.

You might be aware that a DFS namespace in Windows 2003 can have only 5000 links. If each user has more than half a dozen folders in the DFS namespace, you’ll be able to support several hundred users in a single namespace. See the resource kit for best-practice designs for more users in Windows 2003 environments: You can work around the limitation with additional domain DFS namespaces that won’t require additional DFS namespace servers. Server 2008 DFS namespaces remove the limit. Ideally, you should provision the DFS namespace for users when you provision the physical folders.

Only the Beginning
This article’s best practices should help you manage the back end of an effective UDS framework. By separating the physical and SMB namespaces that manage the configuration and security of UDS data stores from the presentation of those data stores in a logically organized DFS namespace, you’ll be well prepared to implement the client side. In Part 2, I’ll address roaming profiles, redirected folders, and critical workarounds necessary to solve several business-data scenarios that Microsoft’s native technologies don’t support.

As I mentioned earlier, an effective UDS management framework can be quite complicated— not because of the complexity of the involved technologies but because you must align many individual and sometimes conflicting technologies in a way that supports both your business requirements and the unique characteristics of your users’ data.

End of Article

   Previous  1  2  [3]  Next  


Reader Comments
Fine

farasathassan January 31, 2008 (Article Rating: )

You must log on before posting a comment.

If you don't have a username & password, please register now.




Learning Path Windows IT Pro Resources
"Using IntelliMirror to Manage User Data and Settings"

"Managing User Profiles"

"10 Ways to Manage Desktops with Group Policy"

"Inside User Profiles"

"User-State Migration"


Microsoft Resources
"Windows Administration Resource Kit"

"User Data and Settings Management"
Top Viewed ArticlesView all articles
Accessing Database Data with ADO

...

The Memory-Optimization Hoax

Don't believe the hype. At best, RAM optimizers have no effect. At worst, they seriously degrade performance. ...

Friday at PASS Europe 2006

Kevin talks about the closing day of the event and shares a funny Microsoft film. ...
Windows OSs Whitepapers Why SaaS is the Right Solution for Log Management

Are You Satisfied?

A Preliminary Look at Deployment Plans for Microsoft Windows Vista
Related Events Check out our list of Free Email Newsletters!
Windows OSs eBooks Understanding and Leveraging Code Signing Technologies

A Guide to Windows Certification and Public Keys

SQL Server Administration for Oracle DBAs
Related Windows OSs Resources Become a VIP member of the Windows IT Pro community!
Get it all with the VIP CD and VIP access. A $500+ value for only $279!

Subscribe to Windows IT Pro!
Solve your toughest technical problems with our experts and access 10,000 + articles online. 30% off

Monthly Online Pass - Only $5.95!
Get instant access to 10,000+ articles from Windows IT Pro Magazine!

TechNet Virtual Labs
Evaluate and test Microsoft's newest products.

Job Openings in IT

ADS BY GOOGLE SPONSORED LINKS FEATURED LINKS

Maximize your SharePoint Investment – 8 Cities
Discover best practices and tips for both architecting and administering SharePoint. Early Bird Price of $99 through Sept 15th.

Find a new job now on the all new IT Job Hound!
Search jobs, post your resume, and set up job e-mail alerts!

Master SharePoint with 3 eLearning Seminars
Learn how to build a better SharePoint infrastructure and enable powerful collaboration with MVPs Dan Holme and Michael Noel. Register today!

Top Tools for Virtualization Disaster Recovery & Replication
View this web seminar on August 14th to learn about two tools that will result in faster backup and restore with P2V disaster recovery.

SharePointConnections Conference Fall 2008
Don’t miss the premier event for Microsoft IT Professionals in Las Vegas, November 10-13. Register and book your room by August 25 and receive a FREE room night (based on a three night minimum stay).

VMworld 2008 - Sign Up Today!
Join your peers on September 15-18 at The Venetian Hotel in Las Vegas as VMware hosts VMworld 2008, the leading Virtualization event.



Increase Application Performance
Free White Paper by Editor's Best winner, Texas Memory Systems.

Microsoft® Tech•Ed EMEA 2008 IT Professionals
Advance your thinking with new ideas and practical real-world solutions at Microsoft’s FIVE day technical infrastructure conference 3-7 Nov., 2008. Register before 26 September 2008 to save €300.

Order Your SQL Fundamentals CD Today!
Learn how to use SQL Server, understand Office integration techniques and dive into the essentials of SQL Express and Visual Basic with this free SQL Fundamentals CD.

Are You Really Compliant with Software Regulations?
View this web seminar that will help you with compliance best practices and check out a management solution to assure that you won’t be in jeopardy of an audit.

Virtualization Congress Oct. 14-16 in London
Don't miss Virtualization Congress, the premiere EMEA conference dedicated to hardware, OS and application virtualization. Oct. 14-16.
Windows IT Pro Home Register FAQ for Windows WinInfo News
Europe Edition About Us Contact Us/Customer Service Media Kit Affiliates / Licensing  
SQL Server Magazine Office & SharePoint Pro Windows Dev Pro IT Job Hound ITTV
IT Library Technical Resources Directory Connected Home Windows Excavator Windows SuperSite 
 
 Windows IT Pro is a Division of Penton Media Inc.
 Copyright © 2008 Penton Media, Inc., All rights reserved. Terms and Use | Privacy Statement | Reprints and Licensing