We are having an issue with Home Folder provisioning policy.
There is only one provisioning policy object with Home Folder settings in scope on the target users.
On the “Home Folder” tab under “Operations on file server” we have “Create or rename home folder on file server as needed” and “Copy user permissions on home folder from parent folder” set (enabled), the “Set user permissions on home folder” option is enabled and set to “Grant Change access”.
Nothing is configured on the Home Share tab.
During user provisioning the home folder is created and the ACL on the home folder is correct, i.e., it has inherited the permissions from the parent folder and added an explicit ACE for the user with Modify access. This also works correctly post provisioning when we set the home directory and home drive attributes. This works as expected.
There is only one de-provisioning policy object with Home Folder settings in scope of the target users.
The “Remove the user’s permissions on the home folder”, “Grant the user’s manager read-only access to the home folder” and “Delete the home folder when the user account is deleted: Always” options are set (enabled).
Upon a deprovision this too works as expected. The inherited ACEs remain present, the explicit ACE for the user is removed and an explicit ACE for the manager is added with read only access.
Our problem occurs on an undo-deprovision. ARS is consistently unable to reverse the deprovisioning changes and enters this error into the change history (and event log).
Failed to restore the original security setting on the user home folder.
Method failed with unexpected error code 3.
We enabled Diagnostics and we do see the error…and the home folder path in this log is correct.
[2018-05-21T10:19:30.078] [0x149C]: [Error] UserUndoDeprovisioningPolicy.RollbackHomeFolderDeprovisioningPolicy: Error='Method failed with unexpected error code 3.'
Any assistance would be appreciated.