ForensiT Profile Wizard worth it?

HCHTech

Well-Known Member
Reaction score
4,178
Location
Pittsburgh, PA - USA
I've got a DC replacement coming up in a week or so for a small client, and a much bigger one coming up 1st QTR of 2021 - I'm thinking it's probably worth it to buy some licenses of this tool or similar - it's cheap enough. I haven't used it before, but it's certainly well-known and the big advantage would be that is modifies the existing profile, avoiding the creation of a new profile and the moving/copying of data from the old domain profile. Also scriptable so it might even make the job 100% remotely doable, an important factor these days.

Anyone used it enough to give some pros/cons that aren't in the marketing brochure?
 
I can give it a check + and a gold star. Granted my use is probably much smaller than what you do @HCHTech it worked well for me on two occasions, 5 seats and 15 seats. Both W7 Pro to new 2019 servers with new domains. A handful did not migrate, seem to remember running it a second time seemed to help. Ended up only manually doing one. But the domains were very simple. Implemented AD/GP didn't even scratch the surface of whats possible.
 
I actually don't like those tools. If I'm doing something "new"...I cherry pick the data I want, leaving the "junk" behind. Don't want "all of it" to come over. Cuz that brings the quirks and issues along with the old profile (which is just modifies...yes).

I've seen it really hose folder redirection too.
 
If the old profile has no folder redirection, it does a respectable job of simply resetting it to work with the new account.

However, if I were to do a new DC now... it'd be linked to an M365 Tenant, and OneDrive, which would necessitate manual reconfiguration of most things while migrating data.

Technically speaking, if your users are configured correctly these days there's nothing to migrate. All the modern browsers have accounts with all their junk in it, M365 has all their documents, desktop, etc, as well as email. Group policy deploys printers.

So what exactly are you moving? They login to a new platform fresh, login to M365 and their browser and their user environment is now 100% complete.
 
If the old profile has no folder redirection, it does a respectable job of simply resetting it to work with the new account.

That's what I would have expected. I just recall, about 3 years ago...maybe closer to 2...or in between, I did a remote job across country. Took a peer to peer workgroup with a TON of complex settings in each profile, unfortunately GoDaddy IMAP email, all that crap. No OneDrive for this one. Yeah..it got ugly....I can't recall the deets but I sure regretted trying Forensi.

But mostly being "always a client with a server"...and esp with 365 these days....I agree with what you say, "not needed".
 
if your users are configured correctly these days there's nothing to migrate.

Well, you are implying that the only correct configuration is with M365. Not everyone is setup that way. In this immediately-upcoming case, they are using M365 for email, but not for anything else - and this was their choice, not a mis-configuration. So, no sharepoint and no onedrive. Data is local, save for email. My concern for disk space is largely because some users have large profiles and small SSDs, so there is likely not room to make a new profile in addition to the old. We don't have complete control over this client, we do networking and servers, a smaller IT company (family friend of the owner) provides workstations. So, to keep this client, we accept the inefficiencies caused by this setup. We've billed them about 18K this year so far, so I'm not about to kick them to the curb just because they aren't configured in a way that suits ME best.
 
@HCHTech Local data means folder redirection, for all the same reasons OneDrive. It means user data is protected, and users can simply hop stations when there's a problem with the end point.

Use of M365 to fulfill this goal is incidental. Workstations must be disposable. Users need to be able to recover their own stuff with the simplicity of logging into a working platform. Failure to meet this objective doesn't scale, and overwhelms IT assets when excrement elevates to the proverbial fan.

But if they want to do things the hard way, enjoy billing them for the extra time? I'd not use this tool and do things manually, they want to do business like it's 1990 then they can pay for the time to do so properly. Forensit is a great tool, but even they suggest backups before you do it. If you don't have the drive space for a copy of the profile, you don't have the drive space to migrate.

And that probably means FABsing the profile to a USB drive... which means EVEN MORE TIME.
 
Last edited:
Backtracking a bit from the other suggestions -- what is the reason you are building a new domain from scratch instead of just standing up a second DC > migrate roles > decommission the old one. There would be no need for any profile migration, it can be done 99% remotely and is almost seamless to the end users.

I assume there are issues with the current domain. In which case are you risking bringing some of those issues over with a profile migration?
 
Local data means folder redirection, for all the same reasons OneDrive. It means user data is protected, and users can simply hop stations when there's a problem with the end point.

Yes - I suppose I should get over my reticence to use roaming profiles. I had bad experiences with them early in my career when I was still an in-house IT guy (basically, the bigger they got, the worse it worked, then impatient users forcing reboots to try and get around the wait caused corruption - it was a mess that resulted in a ton of time to plan and carry out the conversion, only to be rolled back when the owner got fed up with the problems), so have pretty-much avoided them ever since.

This particular client is an Architect who uses Revit, so I don't know how that would be impacted by using roaming profiles - I know it pulls a local copy of every file that is opened. I'd bet their infrastructure likely would be strained. It took me a whole year to get them to upgrade their 10/100 switch when I first got involved 5 years ago!
 
Last edited:
Backtracking a bit from the other suggestions -- what is the reason you are building a new domain from scratch instead of just standing up a second DC > migrate roles > decommission the old one. There would be no need for any profile migration, it can be done 99% remotely and is almost seamless to the end users.
We are doing it the hard way to avoid carrying anything over from the old DC. It was the last act of the previous IT support, which was an employee at the time. He had hand-built a crappy AMD server in 2016 with SBS2011 (they already owned the license, so couldn't bear to not reuse it - look at the money we saved!). It has only survived as long as it did because they are small with simple needs. I had to tread carefully because he remained employed even though they took most of his tech duties away when we came onboard. Anyway, I'm more comfortable starting with a clean slate - which I think answers the question about profile migration. It's only a few employees with the larger profiles, guess we'll just copy 'em off.
 
Yes - I suppose I should get over my reticence to use roaming profiles. I had bad experiences with them early in my career when I was still an in-house IT guy (basically, the bigger they got, the worse it worked, then impatient users forcing reboots to try and get around the wait caused corruption - it was a mess that resulted in a ton of time to plan and carry out the conversion, only to be rolled back when the owner got fed up with the problems), so have pretty-much avoided them ever since.

This particular client is an Architect who uses Revit, so I don't know how that would be impacted by using roaming profiles - I know it pulls a local copy of every file that is opened. I'd bet their infrastructure likely would be strained. It took me a whole year to get them to upgrade their 10/100 switch when I first got involved 5 years ago!
The suggestion is "redirected folders" not "roaming profiles." I also had a very bad experience with roaming profiles in my one and only experience with it.
Folder redirection for desktop & my documents works entirely different and just maps these folders to the server. It works great.
 
@HCHTech Yes, I'm going to reiterate the above, Redirected Folders != Roaming Profiles.

I'd never suggest the latter, they're an ugly mess. The former just tells Windows to sync selected folders to a server location. The user doesn't know any difference, it's a lot like using OneDrive backups, except completely automated and aimed at a UNC path.

I like aiming them at DFS shares, so I can move them around without poking at Group Policy. It makes moving the shares to a new file server easier when they run out of space. But if you decide to add that layer of abstraction make darned sure you don't use DFS replication... ever... ONE replication engine per folder... that's it. Anymore and bad things happen, trust me. Folder Redirection means Offline Files is in the mix from the workstation side. Let it be! And while you're at it warn your people not to configure OneDrive backups... because that plus redirected folders doesn't end well either... That's how people lost their crap when 1809 launched!
 
Last edited:
The suggestion is "redirected folders" not "roaming profiles."
Redirected Folders != Roaming Profiles.
Ahh - I see. Most of my companies have a policy: Company & client data gets saved to the server. Anything you save to your workstation is not backed up and you might lose it. That's what shared drives are for. I can almost see your point with the desktop directory (although users tend to store a lot of unnecessary crap there for sure), but when you have a domain, I'm not convinced saving local documents & pictures & downloads, etc. for every employee on the server is a good use of that resource. Company data is already on the server, people tend to stuff their local directories with personal data. We usually give every user a single personal directory on the server, but it's never been our practice to do it your way.

The storage requirements of this method also give me pause. Server storage isn't cheap, and that begets local and cloud backup storage, which isn't free either. One last thing...
Users need to be able to recover their own stuff with the simplicity of logging into a working platform. Failure to meet this objective doesn't scale, and overwhelms IT assets when excrement elevates to the proverbial fan.
If company data is on the server where it should be, it isn't lost when a workstation fails. If a company is big enough to need a server in the first place, they will be on cloud email as well, so that isn't lost either. Because of storage requirements the redirection method seems to have trouble scaling as well. How much space do each employee's redirected folders require on the server and therefore backups? I'll admit that things are probably different in larger markets - my view is definitely SMB.
 
@HCHTech You're not wrong! I've run networks like that too. The key is... I have a signed document from the owners that stipulates that. And I'm further not responsible for hot footing it over there to get a new station online for them. Otherwise they're forever screaming at me because "I lost something" the user didn't file. Or "this user" has "a mission critical project" that has to "be done right this very second."

Redirected folders just saves that entire phone call and I can get back to doing other more useful things, like figuring out how to keep the next Nigerian Prince out.

Storage hasn't ever really been much of an issue. Though you can do quotas, but I've never had to go that far.

In my view if a client has a DC on prem they're no longer SMB... so I make changes these days. SMBs stuff their junk into M365 so they don't have to have a server.

I'd love that not to be true... but the alternative seems to be these glorified desktops people think are servers that I'm honestly sick of resurrecting. But I live where the storms eat things alive, and I like to torture spend time with my kids. I think you're in this space too, because if redirected folders is causing a performance problem... you aren't working with a server, you're working with an overgrown desktop, and your network is made out of tin cans and string. If that's the case yeah... don't do that.
 
Ok - you've given me enough of a nudge that I will investigate this. Of my 160 or so SMB clients, only 12 have servers - it used to be more like 20, but we moved a handful to Sharepoint in the last refresh, and COVID took another one this year. I'm going to pick a couple of the smaller ones and actually tally the data and see what an actual sample looks like instead of my seasoned-but-possibly-inaccurate estimation.
 
@HCHTech That's the hardest part... How much storage do you need?

Get your RMM out, run some scripts to get some workstation usage totals. What I do is just add up the combined usage of all of the hard disks... I don't bother with folders. If that C drive has 462gb of crap on it, that's what I count. I add that all up, toss in another 50% and that's my storage volume.

I usually wind up over engineering the storage, but when you're building something that needs to last potentially ten years without change, too much is better than not enough.
 
If that C drive has 462gb of crap on it, that's what I count. I add that all up, toss in another 50% and that's my storage volume.

It's the bit that comes after that part that worries me:

"and that's my storage volume.......needed for the folder redirections. You add this to the volume needed for the company/client data and the volume needed for the server host and VMs and THIS TOTAL is the storage You need to provide in a server.....and maybe 1.5 x that for backup.

So lots of back-of-the-napkin math here (confession, I had to use a RAID calculator, can't do that stuff in my head):

So let's say you have a dozen workstations, and your host server has a DC VM, and Application Server VM, maybe a SQL VM and one or two workstation VMs. The company dataset is 5TB, for arguments sake. Let's say 150GB for the DC, 1TB for the App server, and 500GB for the SQL VM, yeah? So before we get to the folder redirection footprint, we've got storage needs of 6.65TB of storage with 50% fudge factor for growth, that's 10TB. If the workstations have 500GB drives, then by your rule, you need to plan for something close to that as the max redirection for a workstation. x 12 = 6TB x 1.5 to give some room for growth (but not much really), you're at 9TB. So without folder redirection, the server needs 10TB, and with redirection, it needs 19TB, call it 20. To put this into play, you need to DOUBLE the storage you are designing into the physical server.

So let's say you have a standard 2U rack server, you get 8 bays for disks. If you do one big array, which seems to be the favored approach these days, 8 x 2TB SSDs in a RAID 10 gets you 8TB, not enough. You could go RAID6, which would get you 10.9TB. That will do. For server drives, let's say $425 per disk (approx wholesale cost) means $3,400 in storage cost. Maybe $4,400 to the customer? Now, with folder redirection, what would we need? 8 x 4TB disks in a RAID6 would give you 21.8TB, that's probably as close to 20 as you'll get. Now we're up to $760 per disk for server drives so that totals $6,080 cost, maybe $8,000 to the customer. So $3,600 increase to provide folder redirection. And, I'm not sure that's enough to allow for company growth. What if they add 10 employees over the life of the server?

I hadn't worked out an example like this in the past, but I think it illustrates my point. Redirecting folders would add a sizable increase in the cost of a company's server. Some clients are great - they say "We trust you for the details, just tell us what we need". Most are a little less trusting. "$15,000 for a server?!? We're just a little company, we're not MADE of money, you know! What else you got?"

It's a lot to ask of a small (well, whatever you call 12 employees - they would be "medium" to me) business. I'll dig out my RMM this weekend if I can to see if my guesses have any validity. :)
 
It's rare to find folder redirection that hogs up that much. Yeah I can name a few, and there's always a few which has HUGE pictures and music (don't back up music), and limit pictures to the bosses/owners. But back in the days of on prem servers...yeah a small handful could suck up a lot. But I never had crazy bloat problems from it. Most staff keeps (should) things in the mapped drives to the server anyways. We've averaged around 150+ biz clients majority with servers.

One of the many beauties of 365...it now makes it a "who cares" to the size of their personal folders.
 
I didn't say 12 x 500gb, I said use the RMM to run a report to find out how much of each of those 500gb drives were in use, add that up and toss in your 50% growth.

Because as Stonecat indicated, you have heavy users, and you have light users, and most of the time... the latter wins. Not redirecting pictures and music is another solid help, desktop / documents don't tend to get that big.

And I hear what you're saying on the server costs, but the bottom line is they're going to pay that money. The only difference is they're going to be paying for lost data and your time to help them rebuilt, and employee time reworking stuff because some nitwit somewhere didn't save correctly. Employees are not computer people, and the kids entering the work force right now are raised 100% cloud. They won't "choose" a folder, they assume the system knows what to do with it for them.

So you can advance, or you can deploy yesterday's systems and pay through the nose in additional employee training. Either way, the client is paying for it.
 
Back
Top