When attempting to assign a Home Folder to a User in Active Roles, the operation fails with the error:
Active Roles failed to create Home Folder \\server\share
The network path was not found.
The UNC path provided is valid, but is not accessible by the Active Roles Service Account for legitimate security or networking configuration reasons. For example, if using Microsoft ESAE (Enhanced Security and Administration Environment) also known as a Red Forest.
Active Directory Users and Computers allows setting the same path on the same User without issue.
By default, Active Roles resolves the Home Folder path and attempts to add permissions onto the folder in order to support administrative functions, specifically built-in options in the Deprovisioning Policy.
If the Active Roles Service Account cannot resolve the Home Folder path, it cannot add these permissions and the error message is expected.
Feature Request 117139 has been made to allow a change in this functionality and have Active Roles write a value to this attribute without resolving the path.
The attached script module can be implemented as a Policy Script in order to prevent Active Roles from attempting to add permissions to the home folder, and will instead allow the home folder to be updated with any value.
NOTE: Because the expected permissions will not be present on the home folder if this workaround is used, none of the options in the Home Folder Deprovisioning Policy will function. Active Roles will not be able to:
Remove the user's permissions on the home folder
Grant the user's manager read-only access to the home folder
Grant specific users or groups read-only access to the home folder
Make specific users or groups the owner of the home folder
Delete the home folder when the user account is deleted