This might be a bit lengthy, but here is my situation. I am an intern at a small to medium organization. I have been tasked with getting Roaming Profiles up and running via Group Policy (I know lots of people don't like roaming profiles, again, intern so not my call). Problem: My degree is in network engineering and I have almost zero experience with group policy. I have done as much research as I can to get these things working, but I am at an impasse.
Here is what I have tried:
Step 1 - Create a security group in Active Directory on our domain controller. Controller is running Server 2012 r2. Security group includes the Test PC and Test account I created. The security group, test pc, and test account are all currently in a Test OU.
Step 2 - Create the file share. The share was created on our data server. Data server is running server 2008 (I know I know). Settings for the share include: Sharing the folder and giving the security group full control for share permissions. Under security, the security group is added with read/write permissions. Creator Owner, SYSTEM, Administrators All have full control. Users have read/write.
Inheritance has been disabled.
Step 3 - Create the GPO for the redirects - Again on our domain controller, server 2012 r2
GPO is created in the Test OU where the group, test computer, and test account are located.
Under Scope, Everything is removed and the Security Group is added. As per Microsoft's instructions, Authenticated users are added to Delegation and given read permissions.
Edit the GPO, go to Computer Configuraiton -> Administrative Templates -> System -> User Profiles -> Set Roaming profile path for all users logging onto this computer.
Edit - and set set it to "Enabled" I then entered the network path of the previously created Network Share under "Users logging onto this computer should use this roaming profile path" Apply and exit.
Step 4 - Go to the test PC. Open an elevated command prompt and use gpupdate /force. Most people seem to say you can log out at this point, but I just restarted the PC to be safe.
PC comes back up, log into one of the accounts associated with the security policy and... nada. The profile redirect does nothing.
Some things I have tried: On the Test PC, I have run gpresult /Z in a prompt window. The profile redirect policy appears in the "Applied Policies" list.
I have also tried the alternative method of setting the profile path for an individual account in Active Directory. This again does nothing.
On the network share, I have just given full blown full control permissions to everyone and everything just to see if it works. (It doesn't)
From what I am seeing it seems like one of two things, but my limited knowledge makes it hard to know. Either I have set the permissions on the network share incorrectly, or there is some other permission somewhere that is blocking any profile redirects. What complicates things is the Folder Redirection component in group policy works perfectly. I was also able to create a GPO that created a mapped drive to where the network share is housed. From the test PC, i could click on the drive, and even click ON the network share. The PC can see it, but the profiles just won't go there.
As an fyi, all of our workstations are running Windows 10
From everything I've read and with my limited understanding, I feel like this SHOULD be working. Is there something else I have not considered or some switch somewhere that needs to be flicked? Any help would be greatly appreciated.