Q: What is Active Directory device affinity in Windows Server 2012 Active Directory?
A: With the changing world of IT, where users use multiple devices and want their settings and data to roam between different machines, it's sometimes desirable for users to be associated with specific "primary" machines that are treated differently from other non-primary devices. For example, on a user's primary device the profile and data are cached locally, but on a non-primary machine, the user data is removed after the user logs off.
A new user attribute, msDs-PrimaryComputer, can be populated with multiple distinguished names of computers which can be treated differently from machines not stored within the msDs-PrimaryComputer attribute (which is added after the Windows 2012 schema update has been applied).
The screen shot below shows my user account with a single primary computer--however, it's a multi-string value so that I can add multiple machines.
Specific Group Policy settings can then be applied based on whether a machine is primary or not. Here are two examples:
- Under Computer Configuration or User Configuration, navigate to Policies, Administrative Templates, then System, Folder Redirection. Choose the Redirect folders on primary computers only option.
- Under Computer Configuration, Policies, Administrative Templates, then System, User Profiles, choose the Download roaming profiles on primary computers only option.
Read more about Active Directory features in Windows Server 2012 at "Windows Server 2012 Active Directory Moves Forward."
