Copy Local Users?

I have a w2k server running IIS, using it as an ftp server, with many local users.  

I want to build a backup machine.  I can backup and restore the data files (on a different partition from the OS) to a new machine, but how do I move the users over to the new machine, so that the file permissions are still valid for the same set of local users?

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Set up the server as a Backup Domain Controller. As far as the users are concerned, Open Active Directory and then right-click the domain that's there now and click Operations Masters. It may be different as I am using Windows 2003 server and point the PBC to your Backup PC. That should make a duplicate for your users. Enjoy!
Join the new computer to the domain.  All accounts in AD will replicate to the new DC.

Either leave it up and idle or shut it down.

If you decide to shut it down, then at least once a week you should start it to allow AD to replicate all changes to this DC.

Ooops...should have added to join the server to the Domain by running DCPROMO.EXE

IT Pros Agree: AI and Machine Learning Key

We’d all like to think our company’s data is well protected, but when you ask IT professionals they admit the data probably is not as safe as it could be.

gateguardAuthor Commented:
This is not a domain server and the users accessing the FTP site all have LOCAL user accounts, on the standalone server.  The server is part of the domain, but it's not domain users that are accessing the FTP folders, but outside users coming in with FTP connections and gaining access to files based on local-user-account logons to this stand-alone server.  

I want the new server (the back-up server) to have the same set of local users (including GUIDs).

Here's the setup:

Server A, a standalone server in Domain D, has two hard drives: C & E.

C is the operating system, with w2k server & IIS.

E contains all the folders in the ftproot.

Now I have a new server B, that I want to use as a backup (only bringing it online if A fails).  B has identical hardware to A.

I can easily backup and restore the ftproot folders on the second hard drive, maintaining all the file permissions... but how do I get the LOCAL USER database from A -> B, so that people FTPing into the new server still have the same set of permissions they had on the old server?
gateguardAuthor Commented:
Corollary questions:

1.  Where is the user account database stored on w2k server (not active directory)?

2.  Can I backup the system state on Server A and restore it on Server B and get the same set of local users on B as I have on A?
the best way to do this would be to create an image of your server A and then deploy it on server B. You can use symantec's ghost software for this, or any another software if you wish. Ghost, Altiris Deployment solution and I guess you can use SMS from microsoft to do this. I have used Ghost and it is pretty good. Altiris is extremely good but very expensive. But they do have a 30 day fully functional trial though.

here are the links:
for ghost:

for altiris:

Your corollary questions:
1. I'm not sure if I understood the question properly here, But you can see the users in the control panel --> user profiles

2. If the system hardware is exactly same, then you should be able to do it.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Whoa... slow down.

If you want to copy a local group from one standalone PC to another, then the Group Copy tool in the Win2k Resource Kit will do the trick. However, as you probably have already figured out...  A local account named "Bob" on Server1 doesn't have any relationship to a local account named "Bob" on Server2 (regardless of how the Account was created or copied).  So copying local groups only really makes sense if those local groups contain Domain User accounts... not local accounts.

Local Accounts are always stored in the registry (whether AD or stand-alone)

Backing up the system state from one PC to another is tricky... first of all, you can't have both up and running at the same time (because the domain controller won't allow two PCs with the same name... and will further freak out when it discovers that the SIDs are the same).  Another issue, is that the hardware will have to be pretty-darn similar to each other for the "transplant" to work.

We routinely "clone" PC with Norton Ghost (probably do 2-3 a day!).  We use the free utility called NewSID (from to change the SIDs so that we don't have any duplicates.  We *never* clone a server, since their hardware requirements are almost always unique.

I'd recommend that you just do a normal install onto a new server, copy over your files, create duplicate accounts/passwords, and spend a few minutes with XACLS replacing the old account SIDs with the new account SIDs.  Yeah, it's slow and painful, but it will produce something that you can run side-by-side.

Another (very reasonable suggestion) would be to redo your account management strategy.  There is a reason that Microsoft wanted you to put Accounts into Global Groups, but Global Groups into Local Groups, and then assign permissions via the Local Group.
gateguardAuthor Commented:

Very wise advice, in everything you say.  And I'm going to lobby to make the changes that you suggest, especially change the way groups are organized.  And I might end up taking your suggestion on  using XACLS... but I'm going to try the system state first.  Here's why:

The online IIS server is going down for special hardware maintenance and I just need a duplicate up and running.  I'll be careful not to have two machines with the same SID online at the same time.  As for Norton, I might use Norton but the problem is, to do the first ghost I have to take the online server offline and I'd like to be able to perform this switchover with as close to zero downtime as I can get.

But anyway, your suggestions are very thorough and complete and I thank you for them.


Thanks to you too.  As weird as it might seem, I want to see if this system state backup-restore trick really works!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 2000

From novice to tech pro — start learning today.