Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Copy Local Users?

Posted on 2003-10-22
Medium Priority
Last Modified: 2010-04-14
I have a w2k server running IIS, using it as an ftp server, with many local users.  

I want to build a backup machine.  I can backup and restore the data files (on a different partition from the OS) to a new machine, but how do I move the users over to the new machine, so that the file permissions are still valid for the same set of local users?

Question by:gateguard

Expert Comment

ID: 9601389
Set up the server as a Backup Domain Controller. As far as the users are concerned, Open Active Directory and then right-click the domain that's there now and click Operations Masters. It may be different as I am using Windows 2003 server and point the PBC to your Backup PC. That should make a duplicate for your users. Enjoy!
LVL 51

Expert Comment

ID: 9601432
Join the new computer to the domain.  All accounts in AD will replicate to the new DC.

Either leave it up and idle or shut it down.

If you decide to shut it down, then at least once a week you should start it to allow AD to replicate all changes to this DC.

LVL 51

Expert Comment

ID: 9601436
Ooops...should have added to join the server to the Domain by running DCPROMO.EXE

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.


Author Comment

ID: 9601691
This is not a domain server and the users accessing the FTP site all have LOCAL user accounts, on the standalone server.  The server is part of the domain, but it's not domain users that are accessing the FTP folders, but outside users coming in with FTP connections and gaining access to files based on local-user-account logons to this stand-alone server.  

I want the new server (the back-up server) to have the same set of local users (including GUIDs).

Here's the setup:

Server A, a standalone server in Domain D, has two hard drives: C & E.

C is the operating system, with w2k server & IIS.

E contains all the folders in the ftproot.

Now I have a new server B, that I want to use as a backup (only bringing it online if A fails).  B has identical hardware to A.

I can easily backup and restore the ftproot folders on the second hard drive, maintaining all the file permissions... but how do I get the LOCAL USER database from A -> B, so that people FTPing into the new server still have the same set of permissions they had on the old server?

Author Comment

ID: 9601699
Corollary questions:

1.  Where is the user account database stored on w2k server (not active directory)?

2.  Can I backup the system state on Server A and restore it on Server B and get the same set of local users on B as I have on A?
LVL 11

Accepted Solution

adonis1976 earned 1000 total points
ID: 9602026
the best way to do this would be to create an image of your server A and then deploy it on server B. You can use symantec's ghost software for this, or any another software if you wish. Ghost, Altiris Deployment solution and I guess you can use SMS from microsoft to do this. I have used Ghost and it is pretty good. Altiris is extremely good but very expensive. But they do have a 30 day fully functional trial though.

here are the links:
for ghost:


for altiris:


Your corollary questions:
1. I'm not sure if I understood the question properly here, But you can see the users in the control panel --> user profiles

2. If the system hardware is exactly same, then you should be able to do it.
LVL 41

Assisted Solution

graye earned 1000 total points
ID: 9604111
Whoa... slow down.

If you want to copy a local group from one standalone PC to another, then the Group Copy tool in the Win2k Resource Kit will do the trick. However, as you probably have already figured out...  A local account named "Bob" on Server1 doesn't have any relationship to a local account named "Bob" on Server2 (regardless of how the Account was created or copied).  So copying local groups only really makes sense if those local groups contain Domain User accounts... not local accounts.

Local Accounts are always stored in the registry (whether AD or stand-alone)

Backing up the system state from one PC to another is tricky... first of all, you can't have both up and running at the same time (because the domain controller won't allow two PCs with the same name... and will further freak out when it discovers that the SIDs are the same).  Another issue, is that the hardware will have to be pretty-darn similar to each other for the "transplant" to work.

We routinely "clone" PC with Norton Ghost (probably do 2-3 a day!).  We use the free utility called NewSID (from www.sysinternals.com) to change the SIDs so that we don't have any duplicates.  We *never* clone a server, since their hardware requirements are almost always unique.

I'd recommend that you just do a normal install onto a new server, copy over your files, create duplicate accounts/passwords, and spend a few minutes with XACLS replacing the old account SIDs with the new account SIDs.  Yeah, it's slow and painful, but it will produce something that you can run side-by-side.

Another (very reasonable suggestion) would be to redo your account management strategy.  There is a reason that Microsoft wanted you to put Accounts into Global Groups, but Global Groups into Local Groups, and then assign permissions via the Local Group.

Author Comment

ID: 9606773

Very wise advice, in everything you say.  And I'm going to lobby to make the changes that you suggest, especially change the way groups are organized.  And I might end up taking your suggestion on  using XACLS... but I'm going to try the system state first.  Here's why:

The online IIS server is going down for special hardware maintenance and I just need a duplicate up and running.  I'll be careful not to have two machines with the same SID online at the same time.  As for Norton, I might use Norton but the problem is, to do the first ghost I have to take the online server offline and I'd like to be able to perform this switchover with as close to zero downtime as I can get.

But anyway, your suggestions are very thorough and complete and I thank you for them.


Thanks to you too.  As weird as it might seem, I want to see if this system state backup-restore trick really works!

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Ready to kick start your career in 2018? Add app developer skills to your resume. January’s Course of the Month features Android App Development training with hands-on learning.  Read on to learn why these skills are important.
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …
Screencast - Getting to Know the Pipeline
Suggested Courses

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question