Disaster recovery plan for Roaming Profiles (without clustering in effect).

Have you ever wondered? creating a disaster recovery plan for Roaming profiles without clustering. This is really interesting when someone wants to switch over Roaming profile in a network where one of DC is failing and other DCs are alive to serve the requests.


Let’s say you have two 100 client computers in your network and two domain controllers named: DC1 and DC2. All users have been configured with roaming profiles setup on DC1 and DC2. These users frequently log on to DC1 and switch over to DC2 in case of failure.

For some reasons, you want to create a disaster recovery plan for Roaming users – you want these users to switch over to DC2 and retreive their roaming profile from DC2 in case of DC1 failure.

Setup seems not so easy! but this is how you do it actually:

You need a startup script and deploy this script using Group Policy throughout the network.

This disaster recovery plan for romaing profiles can be designed by creating a Windows startup script. LOGONSERVER environment variable is common between these two DCs. You just need to set this in your script so that when script starts it should read the authentication server name and set in user’s property using LDIFDE tool.

You can see LOGONSERVER by typing SET command at command prompt. This tells by which DC this client was authenticated.

In the above scenario clients roaming profile are located at DC1.

1. Client starts

2. Netlogon finds a suitable domain controller for the client.

3. Sets the Environment variable: LOGONSERVER to the DC is about to authenticate client.

4. Startup script runs.

5. This script checks the path of Roaming profiles from the user’s property using LDIFDE tool.

6. Script pings the domain controller (let’s say client is configured to use romaing profiles on DC1 and DC2 is supposed to authenticate client in this regard.)

7. Script gets a “Request Timed Out” message from DC1.

8. Script assumes that this domain controller is not available on the network.

9. Then it takes the DC name from the LOGONSERVER environment variable and sets this LOGONSERVER in user’s property and in registry as well : \\DC2\profiles\%username%.

10. Netlogon passes control to Winlogon service.

11. Winlogon finally allows client to log on to computer.

12. Client logs on to computer. His profile path is checked and roaming profile is loaded from DC2 directly.

13. So in this case no failure is noticed.

Leave a Reply

Your email address will not be published. Required fields are marked *