Migrate user accounts to another server
Does anyone know if there is a way to migrate local user accounts from a Windows 2000 Server machine to another Windows 2000 server machine (export then import)? Ideally, with passwords as well. I don't need to know what they are per se, just need them to work on the new server.
Thanks
Oops, too fast, you're talking about local user accounts, sorry then that won't work... (another case of the click-finger being faster than the brain cell, sorry)
John
John
ASKER
hehe.... No Problem
There's a utility called ldifde that comes with 2k server that you can use to export all of your accounts and then run the same utility to import them into the new domain. It'll take some playing with though. Here's the MS page detailing its use.
http://support.microsoft.com/kb/q237677/
Basically, the export command you'll run (on a domain controller) will follow something like this
ldifde -f users.txt -s serverName -c dn, cn, objectclass, displayname, SAMAccountName
Where dn, cn, etc are the actual parts of the user's AD object you'll be exporting. If you don't specify the -c and options following then you'll get everything. That is probably the best bet to begin with, then you can go through and specify what you don't want. It'll take some trial and error but it works.
Then the import command will be
ldifde -i -f users.txt -s serverName
I've done this many times with success. The only thing I'm not sure about is exporting and importing a user's password.
-Bernie
http://support.microsoft.com/kb/q237677/
Basically, the export command you'll run (on a domain controller) will follow something like this
ldifde -f users.txt -s serverName -c dn, cn, objectclass, displayname, SAMAccountName
Where dn, cn, etc are the actual parts of the user's AD object you'll be exporting. If you don't specify the -c and options following then you'll get everything. That is probably the best bet to begin with, then you can go through and specify what you don't want. It'll take some trial and error but it works.
Then the import command will be
ldifde -i -f users.txt -s serverName
I've done this many times with success. The only thing I'm not sure about is exporting and importing a user's password.
-Bernie
ASKER
Bernie, ___local___ user accounts... not AD...
- Ryan
- Ryan
Woops! Wow, sorry, still finishing the coffee... I wasn't even the first one to do that, man..
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I don't believe that you can import local users. The closest thing I could find was a utility called NTUserExport that'll export user account info into a .csv file.
http://redtiesolutions.com/20901.html
-Bernie
http://redtiesolutions.com/20901.html
-Bernie
oBdA, nice.
ASKER
Somarsoft's CopyPwd (http://www.systemtools.com/free_main.htm) will export the password hashes, and then you can reimport them, but it doesn't work.
What happens is when you create the new users on the new system, they all have new SIDs. That is a problem because the old user SIDs were used when encrypting the user's passwords into those hashes.
I am going to try researching whether or not you can change SIDs for a user, and if so, if there is a utility that will do it. If I get that far and all is a success, I will try importing the password hashes and see if it works.
I'll post my results when/if I find the answer.
What happens is when you create the new users on the new system, they all have new SIDs. That is a problem because the old user SIDs were used when encrypting the user's passwords into those hashes.
I am going to try researching whether or not you can change SIDs for a user, and if so, if there is a utility that will do it. If I get that far and all is a success, I will try importing the password hashes and see if it works.
I'll post my results when/if I find the answer.
John