This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(92.8, 57.99999999999999%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPE%3C/text%3E%3C/svg%3E)
We are currently attempting to migrate Roaming Profiles to FSLogix Profile Container Profiles utilizing the following the instructions provided here:
https://www.christiaanbrinkhoff.com/2020/02/14/youtube-how-to-migrate-from-upd-to-fslogix-profile-container-profiles-to-windows-virtual-desktop/
Convert-RoamingProfile
Convert-RoamingProfile -ParentPath <String> -Target <String> -VHDMaxSizeGB <UInt64> -VHDLogicalSectorSize <String> [-VHD][-IncludeRobocopyDetail] [-LogPath <String>] [-WhatIf] [-Confirm] [<CommonParameters>]`
Our user roaming profiles are stored on the Domain Controller @ \dc\rdsprofiles$\ - however, profile folders are: <username>.domain.v6. This inherently causes issues using that command as it results in the following error:
"Profile \dc\rdsprofiles$\fstest3.domain.v6 Could not resolve to AD User. Cannot copy."
What I've done to get around this is grant ownership and full permissions on the user's v6 folder, copy it to a temp location, rename it (remove "domain.v6") then copy it back.
Convert-RoamingProfile -ParentPath \dc\rdsprofiles$\user -Target \fileserver\profile_containers$\ -VHDMaxSizeGB 100 -VHDLogicalSectorSize 512 -IncludeRobocopyDetail -Verbose -LogPath C:\Temp\LogixConversion.log
This works for the most part, except for by the end of the script where it mounts the converted .vhdx to then apply NTFS permissions and subsequently fails...
If that user were then to login, nothing works for them (browsers, start menu, any apps, etc). I can go and mount the .vhdx and apply the permissions myself but there's no way we can do this manually for 300+ users (and I haven't given scripting that a thought yet).
I can provide any further details if needed.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(150.4, 43%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDG%3C/text%3E%3C/svg%3E)
If your profiles are already in a UPD you can use this script
https://github.com/andif888/convert-udp-fslogix
The guide is very useful and pretty straight forward.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 96%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETL%3C/text%3E%3C/svg%3E)
Have the same issue.
Try to working on it today.
It is somewhere here:
icacls $Destination /setowner SYSTEM
icacls $Destination /inheritance:r
icacls $Destination /grant $env:userdomain\$(($P).Username):(OI)(CI)F icacls $Destination /grant SYSTEM:(OI)(CI)F
icacls $Destination /grant Administrators:(OI)(CI)F icacls $Destination /grant $env:userdomain\$(($P).Username):(OI)(CI)F
icacls (($P).Target | Split-Path) /setowner $env:userdomain\$(($P).Username) /T /C
icacls (($P).Target | Split-Path) /grant $env:userdomain\$(($P).Username):(OI)(CI`)F /T
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(60.8, 74%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EWS%3C/text%3E%3C/svg%3E)
Hi,
The same issue here too.
I tried to change permissions (icacls) but Access Denied like Paul. I have to make manually ...
If anyone have ideas !
Thanks :)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(179.20000000000002, 42%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDK%3C/text%3E%3C/svg%3E)
Hello,
I have found a workaround for this Problem.
Please check the function script "Convert-RoamingProfil"
Check line: 198
Replace the code with the following:
try {
icacls $Destination /inheritance:r
icacls $Destination /setowner DOMAIN-ADMINS
icacls $Destination /grant $env:userdomain\$(($P).Username)`:`(OI`)`(CI`)F
icacls $Destination /grant SYSTEM`:`(OI`)`(CI`)F
icacls $Destination /grant Administratoren`:`(OI`)`(CI`)F
icacls $Destination /grant $env:userdomain\$(($P).Username)`:`(OI`)`(CI`)F
icacls $Destination /setowner SYSTEM
icacls (($P).Target | Split-Path) /setowner $env:userdomain\$(($P).Username) /T /C
icacls (($P).Target | Split-Path) /grant $env:userdomain\$(($P).Username)`:`(OI`)`(CI`)F /T
}
The problem with the permissions was that after SYSTEM was set as the owner, the permissions could no longer be set.
First I set DOMAIN-ADMINS as owner and after setting the permissions I changed the owner to SYSTEM.
This worked for me. I hope it helps others as well.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(28.799999999999997, 32%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPB%3C/text%3E%3C/svg%3E)
Same problem here.
Access denied with icacls