G
Gary
Our company is planning on moving from a Novell environement to a
Windows 2000/2003 domain environment. The Windows XP workstations are
currently set up in different workgroups. We need to transfer them to
domain while keeping the user profiles in tact.
We have 2 different methods we are considering and would be interested
in any feedback as to if one is more desired than the other or any
potential problems one may have. The areas of concern are potential
SID problems and/or permission issues both on the domain and the local
computer:
Method 1
========
1. Log in as local administrator
2. Join computer to domain: My Computer, Properties, Computer Name
3. Login as domain user to create profile
4. Logout and Log back in as local Administrator
5. Make domain user a member of the Local Administrators group
6. Copy local user profile to domain user profile: My Computer,
Properties, Advanced, User Profile Settings, Copy To…
a. Make sure Permitted to use is Everyone
7. Copy Local Settings folder to domain user profile
8. Rename old profile in Windows Explorer to something else (ex:
user-donotuse)
9. Delete the local user account from Users section of Control Panel.
10. Change the user profile name under the Document and Settings tree,
(ex: change from username.000 or username.domain to username)
a. Open Regedit
b. Go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\ProfileList
c. Find the SID that has the ProfileImagePath set to the value
you want to change and change it to the desired name. (ie.
%SystemDrive%\Documents and Settings\username)
d. In Windows Explorer, go to Document and Settings tree and
rename the profile home directory to match the name entered into the
registry.
11. Login as the user to the domain
12. Make sure pst files (personal folders.pst, archive.pst, etc) in
Outlook are pointing to the right place.
13. Test desktop shortcuts
14. When you're comfortable that everything is working fine delete the
old profile that was renamed in step 8 above.
Method 2
========
Assumptions:
The local user is also an administrator of their machine.
The local user is named identically to the new AD Domain account
The Novell login options for Windows will be adjusted as needed for
local and Domain needs during this process
1. Log in as local administrator
2. Join computer to Domain – then Restart the Computer.
3. Login as the Local Administrator.
4. Make a backup copy of the Primary Local User profile into a safe
location (clear the Temporary Internet Files before this step).
5. Rename the Primary Local User profile: For example – username would
be renamed to username-Local.
6. Logoff the Local Administrator and then Login with the new Domain
Account (the same user name – username)
7. Logoff the Domain Account and then Login as the Local Administrator
again.
8. Delete the new domain profile that has been created by logging in
as the GC Domain Account
9. Rename the Original local Profile to match the new Domain Account
10. Make new Domain User a member of the local administrators group.
11. Right click on the New Profile (Under documents and settings –
username) – click properties – then make sure that the security tab is
set to have the new user account as an administrator (Should be
changed to FULL Control under Permission for ....box.).
12. Logoff the Local Administrator and then Login with the new Domain
Account
13. Check all settings, favorites, Desktop Folder, My Documents, and
primary applications for correct file access and usage.
14. When all has been verified, delete the Local User account from
"Local Users and Groups." This action will leave an SID attached to
certain security areas (attached to profile, etc…), and can be deleted
if needed.
Windows 2000/2003 domain environment. The Windows XP workstations are
currently set up in different workgroups. We need to transfer them to
domain while keeping the user profiles in tact.
We have 2 different methods we are considering and would be interested
in any feedback as to if one is more desired than the other or any
potential problems one may have. The areas of concern are potential
SID problems and/or permission issues both on the domain and the local
computer:
Method 1
========
1. Log in as local administrator
2. Join computer to domain: My Computer, Properties, Computer Name
3. Login as domain user to create profile
4. Logout and Log back in as local Administrator
5. Make domain user a member of the Local Administrators group
6. Copy local user profile to domain user profile: My Computer,
Properties, Advanced, User Profile Settings, Copy To…
a. Make sure Permitted to use is Everyone
7. Copy Local Settings folder to domain user profile
8. Rename old profile in Windows Explorer to something else (ex:
user-donotuse)
9. Delete the local user account from Users section of Control Panel.
10. Change the user profile name under the Document and Settings tree,
(ex: change from username.000 or username.domain to username)
a. Open Regedit
b. Go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\ProfileList
c. Find the SID that has the ProfileImagePath set to the value
you want to change and change it to the desired name. (ie.
%SystemDrive%\Documents and Settings\username)
d. In Windows Explorer, go to Document and Settings tree and
rename the profile home directory to match the name entered into the
registry.
11. Login as the user to the domain
12. Make sure pst files (personal folders.pst, archive.pst, etc) in
Outlook are pointing to the right place.
13. Test desktop shortcuts
14. When you're comfortable that everything is working fine delete the
old profile that was renamed in step 8 above.
Method 2
========
Assumptions:
The local user is also an administrator of their machine.
The local user is named identically to the new AD Domain account
The Novell login options for Windows will be adjusted as needed for
local and Domain needs during this process
1. Log in as local administrator
2. Join computer to Domain – then Restart the Computer.
3. Login as the Local Administrator.
4. Make a backup copy of the Primary Local User profile into a safe
location (clear the Temporary Internet Files before this step).
5. Rename the Primary Local User profile: For example – username would
be renamed to username-Local.
6. Logoff the Local Administrator and then Login with the new Domain
Account (the same user name – username)
7. Logoff the Domain Account and then Login as the Local Administrator
again.
8. Delete the new domain profile that has been created by logging in
as the GC Domain Account
9. Rename the Original local Profile to match the new Domain Account
10. Make new Domain User a member of the local administrators group.
11. Right click on the New Profile (Under documents and settings –
username) – click properties – then make sure that the security tab is
set to have the new user account as an administrator (Should be
changed to FULL Control under Permission for ....box.).
12. Logoff the Local Administrator and then Login with the new Domain
Account
13. Check all settings, favorites, Desktop Folder, My Documents, and
primary applications for correct file access and usage.
14. When all has been verified, delete the Local User account from
"Local Users and Groups." This action will leave an SID attached to
certain security areas (attached to profile, etc…), and can be deleted
if needed.