Best Practices for Offline Domain Client (Folder Redirection, Loginscript....)

Michael Fana 21 Reputation points
2021-01-20T15:31:50.93+00:00

Hi all!

In our office we have the following constellation. If you work with a laptop via VPN, you have no access to fileshares cause of security reasons.

In the past we had a lot of performance issues when users are connected via VPN, especially when users opened an office application and recent files or templates are stored on a mapped drive or UNC Path, which is not available. After configuring homedrives etc. to sync by "Work Folders" everything becomes much better. Some problems especially with the duration of logontime (searching for loginscript?), open command prompt or open other programs with recent files on a share are still coming up sometimes.

So i want to know, what kind of experience do you have. Are there any best practices or do´s and don´ts for this kind of configuration? Is there a chance to prevent the notebook to search the connected network if it is not the company network - to prevent time outs?

In the past there have been a lot of good changes like the Work Folders. Are there best practices for notebooks not connected to the domain network?

Thanks a lot
Micha

Windows 10
Windows 10
A Microsoft operating system that runs on personal computers and tablets.
6,747 questions
Windows Group Policy
Windows Group Policy
A feature of Windows that enables policy-based administration using Active Directory.
2,021 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
4,010 questions
Windows 10 Network
Windows 10 Network
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Network: A group of devices that communicate either wirelessly or via a physical connection.
2,004 questions
Windows Server Infrastructure
Windows Server Infrastructure
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Infrastructure: A Microsoft solution area focused on providing organizations with a cloud solution that supports their real-world needs and meets evolving regulatory requirements.
438 questions

4 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Vicky Wang 2,591 Reputation points
    2021-01-21T09:26:02.307+00:00

    There are any number of circumstances where you may want to have a client computer join to a domain when they have no access to a domain controller.

    On example might be if you are creating a new branch office and the servers are not functional yet in that location, but you would like to begin rolling out the clients.

    1 – On the Windows Server, open CMD and type :

    Windows = your Domain name
    CLIENT-10 = PC Client
    djoin /provision /domain “Windows” /machine “CLIENT-10” /savefile win10blob.txt

    ~~ If the djoin /provision command completes successfully, you’ll see your new Clients PC account in the Computers container in AD. ~~ (Please Refer to the Pictures)

    reference:https://newhelptech.wordpress.com/2017/07/05/step-by-step-how-to-use-offline-domain-join-djoin-exe-active-directory-in-windows-server-2016/
    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    Best wishes
    Vicky

  2. Michael Fana 21 Reputation points
    2021-01-21T10:05:58.377+00:00

    May be you misunderstood my question. The clients are normally connected to the domain network and the controller, when they are in the office. If they are @/c/ , they have no connection to the domain and when they connect via VPN, they have no access to shares (cause of security policy).
    The problem is the delay or poor performance when opening programs while beeing "offline".... So i am looking for best practices concerning Folder redirection, Loginscripts etc....

  3. Vicky Wang 2,591 Reputation points
    2021-01-28T07:44:49.607+00:00

    The problem you mentioned is that when users work from home, they can only contact intra domain through VPN. When an operation needs to contact the domain, it will affect the performance of the corresponding applicaiton.
    There are two cases of this impact:

    To
    When the customer logs on: If the VPN can be turned on after the logon, the user login is to use the locally cached credential without contacting the DC, which usually does not affect the duration of the logon; if the VPN is turned on after the startup before the logon, and the VPN bandwidth Limitations may affect the time for users to load the group policy in the domain during the logon process, resulting in longer logon time. Regarding the second case, there are some GPO settings such as older Redirection, Software Installation, which must be run at startup. See https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj573586(v=ws.11)#asynchronous-and for details -synchronous-processing
    When the user needs to access the resources of the domain after logging on: the user needs to send a verification request to the domain controller. If the network bandwidth of the VPN to the DC is not large, the speed of accessing resources will be affected.

    If the user can't contact the domain at all, but there is still a problem of slow opening, we need to pick an application to view the performance problem when the app is opened separately. This problem may not be related to AD.

  4. Vicky Wang 2,591 Reputation points
    2021-02-01T09:15:04.677+00:00

    Hi,

    Just checking in to see if the information provided was helpful.

    Please let us know if you would like further assistance.

    Best Regards,
    Vicky