Solved

Migrating local profiles to roaming profiles

Posted on 2000-03-05
2
1,548 Views
Last Modified: 2013-12-23
We are in the process of moving users over to our PDC. We delete each user's local account on their PC, create them an account on the PDC.  We also want to migrate their old profile to their new account. Is it a case of just copying their old profile directory on their local PC to the roaming profile directory on the server? Or is there more to it than that?

Cheers

~paul~
0
Comment
Question by:pauldurrant
2 Comments
 
LVL 1

Accepted Solution

by:
greebo earned 10 total points
ID: 2587257
pauldurrant,

You don't even have to copy the old profiles to the PDC. This is done automatically next time a user logs on after you change their local profile to a roaming profile.

If you want to configure a user account to use a roaming profile, the first thing to do is set the profile path in the User Manager for Domains to that account.

First select all the users you want to have roaming profiles, then select Properties… from the User menu.

The most common setting is to have a directory shared with a share name such as profiles. It should allow the local group Users the permission of Full Control. With this share, you can now set the user’s profile path to be \\SERVER\SHARE\%USERNAME% (be sure to type %USERNAME% and not the actual username itself). The next time the user logs on, his profile information can be saved to this central profile directory.

For roaming profiles to work without any user intervention, be sure to synchronize all workstation clocks to the same time as the domain controller that will be storing the user profile. This prevents them from potentially having a local version of the profile with a more recent date/time stamp than the version stored on the server.

greebo
0
 

Expert Comment

by:cadeblack@beta
ID: 2655922
I would subscribe to Windows2000 Magazine (then you have access to thier NT archive at ntmag.com):

Windows NT User Profiles ·Drew Heywood
 September 1997

Profile confusion occurs because NT can associate a given username with more than one profile. NT identifies a user account not by the username, but by a numeric security ID (SID). Each time NT creates a user account, it assigns the account a unique SID.

Now let's consider the following scenario. An administrator assigns Buster's computer to a workgroup, and Buster diligently creates a profile that suits him to a T. His company decides to implement NT Server, and the administrator assigns Buster a domain account, equipped with a roaming profile. Buster logs on to the domain and gets his default profile, not the beautiful profile he has labored over. What happened?

The problem is that Buster's workgroup and domain accounts, although they share a username, have different SIDs. As far as NT is concerned, they are distinct accounts with distinct profiles. If Buster logs on to the domain, he gets his domain profile; if he logs on to the workgroup, he gets his workgroup profile. When an administrator creates Buster's domain user account, the SID for the domain account is different from the SID for the workgroup account. Consequently, when Buster logs on to the domain for the first time, NT Server says, "Hmm, a new user. He doesn't have a profile, so he gets the default." NT initializes Buster's desktop using the local Default User profile.

Migrating NT Workstations to a New Domain ·Robert Schwendinger
·Michael Atalla
 March 1999
describes a way to do something similar via login scripts.

Marc Minasi writes for them and he is regarded as one of the best NT authors.  We use his books on NT Server and Workstation and he includes an excellent discussion of this and other topics.

We have had problems with profiles growing to many MBs in size.  We are currently using System Policy Editor to prevent writing these Internet Explorer folders:  Temporary Internet Files and History as well as Microsoft\Application Data\Outlook (by default Outlook was Journaling a small amount each time a user opened an Office document).  http://www.i386.com/admin/policy/ discusses this also.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

FIPS stands for the Federal Information Processing Standardisation and FIPS 140-2 is a collection of standards that are generically associated with hardware and software cryptography. In most cases, people can refer to this as the method of encrypti…
Have you ever set up your wireless router at home or in the office to find that you little pop-up bubble in the bottom right-hand corner of Windows read "IP Conflict - One of more computers on the network have been assigned the following IP address"…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

861 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now