Copy Local Users?

Posted on 2003-10-22
Last Modified: 2010-04-14
I have a w2k server running IIS, using it as an ftp server, with many local users.  

I want to build a backup machine.  I can backup and restore the data files (on a different partition from the OS) to a new machine, but how do I move the users over to the new machine, so that the file permissions are still valid for the same set of local users?

Question by:gateguard

Expert Comment

ID: 9601389
Set up the server as a Backup Domain Controller. As far as the users are concerned, Open Active Directory and then right-click the domain that's there now and click Operations Masters. It may be different as I am using Windows 2003 server and point the PBC to your Backup PC. That should make a duplicate for your users. Enjoy!
LVL 51

Expert Comment

ID: 9601432
Join the new computer to the domain.  All accounts in AD will replicate to the new DC.

Either leave it up and idle or shut it down.

If you decide to shut it down, then at least once a week you should start it to allow AD to replicate all changes to this DC.

LVL 51

Expert Comment

ID: 9601436
Ooops...should have added to join the server to the Domain by running DCPROMO.EXE

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.


Author Comment

ID: 9601691
This is not a domain server and the users accessing the FTP site all have LOCAL user accounts, on the standalone server.  The server is part of the domain, but it's not domain users that are accessing the FTP folders, but outside users coming in with FTP connections and gaining access to files based on local-user-account logons to this stand-alone server.  

I want the new server (the back-up server) to have the same set of local users (including GUIDs).

Here's the setup:

Server A, a standalone server in Domain D, has two hard drives: C & E.

C is the operating system, with w2k server & IIS.

E contains all the folders in the ftproot.

Now I have a new server B, that I want to use as a backup (only bringing it online if A fails).  B has identical hardware to A.

I can easily backup and restore the ftproot folders on the second hard drive, maintaining all the file permissions... but how do I get the LOCAL USER database from A -> B, so that people FTPing into the new server still have the same set of permissions they had on the old server?

Author Comment

ID: 9601699
Corollary questions:

1.  Where is the user account database stored on w2k server (not active directory)?

2.  Can I backup the system state on Server A and restore it on Server B and get the same set of local users on B as I have on A?
LVL 11

Accepted Solution

adonis1976 earned 250 total points
ID: 9602026
the best way to do this would be to create an image of your server A and then deploy it on server B. You can use symantec's ghost software for this, or any another software if you wish. Ghost, Altiris Deployment solution and I guess you can use SMS from microsoft to do this. I have used Ghost and it is pretty good. Altiris is extremely good but very expensive. But they do have a 30 day fully functional trial though.

here are the links:
for ghost:

for altiris:

Your corollary questions:
1. I'm not sure if I understood the question properly here, But you can see the users in the control panel --> user profiles

2. If the system hardware is exactly same, then you should be able to do it.
LVL 41

Assisted Solution

graye earned 250 total points
ID: 9604111
Whoa... slow down.

If you want to copy a local group from one standalone PC to another, then the Group Copy tool in the Win2k Resource Kit will do the trick. However, as you probably have already figured out...  A local account named "Bob" on Server1 doesn't have any relationship to a local account named "Bob" on Server2 (regardless of how the Account was created or copied).  So copying local groups only really makes sense if those local groups contain Domain User accounts... not local accounts.

Local Accounts are always stored in the registry (whether AD or stand-alone)

Backing up the system state from one PC to another is tricky... first of all, you can't have both up and running at the same time (because the domain controller won't allow two PCs with the same name... and will further freak out when it discovers that the SIDs are the same).  Another issue, is that the hardware will have to be pretty-darn similar to each other for the "transplant" to work.

We routinely "clone" PC with Norton Ghost (probably do 2-3 a day!).  We use the free utility called NewSID (from to change the SIDs so that we don't have any duplicates.  We *never* clone a server, since their hardware requirements are almost always unique.

I'd recommend that you just do a normal install onto a new server, copy over your files, create duplicate accounts/passwords, and spend a few minutes with XACLS replacing the old account SIDs with the new account SIDs.  Yeah, it's slow and painful, but it will produce something that you can run side-by-side.

Another (very reasonable suggestion) would be to redo your account management strategy.  There is a reason that Microsoft wanted you to put Accounts into Global Groups, but Global Groups into Local Groups, and then assign permissions via the Local Group.

Author Comment

ID: 9606773

Very wise advice, in everything you say.  And I'm going to lobby to make the changes that you suggest, especially change the way groups are organized.  And I might end up taking your suggestion on  using XACLS... but I'm going to try the system state first.  Here's why:

The online IIS server is going down for special hardware maintenance and I just need a duplicate up and running.  I'll be careful not to have two machines with the same SID online at the same time.  As for Norton, I might use Norton but the problem is, to do the first ghost I have to take the online server offline and I'd like to be able to perform this switchover with as close to zero downtime as I can get.

But anyway, your suggestions are very thorough and complete and I thank you for them.


Thanks to you too.  As weird as it might seem, I want to see if this system state backup-restore trick really works!

Featured Post

Backup Solution for AWS

Read about how CloudBerry Backup fully integrates your backups with Amazon S3 and Amazon Glacier to provide military-grade encryption and dramatically cut storage costs on any platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Enabling the Skype for Business Meeting Scheduler in Hybrid OWA
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit If you want to manage em…

713 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question