Copy Local Users?

gateguard used Ask the Experts™
I have a w2k server running IIS, using it as an ftp server, with many local users.  

I want to build a backup machine.  I can backup and restore the data files (on a different partition from the OS) to a new machine, but how do I move the users over to the new machine, so that the file permissions are still valid for the same set of local users?

Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Set up the server as a Backup Domain Controller. As far as the users are concerned, Open Active Directory and then right-click the domain that's there now and click Operations Masters. It may be different as I am using Windows 2003 server and point the PBC to your Backup PC. That should make a duplicate for your users. Enjoy!
Top Expert 2005

Join the new computer to the domain.  All accounts in AD will replicate to the new DC.

Either leave it up and idle or shut it down.

If you decide to shut it down, then at least once a week you should start it to allow AD to replicate all changes to this DC.

Top Expert 2005

Ooops...should have added to join the server to the Domain by running DCPROMO.EXE

Rowby Goren Makes an Impact on Screen and Online

Learn about longtime user Rowby Goren and his great contributions to the site. We explore his method for posing questions that are likely to yield a solution, and take a look at how his career transformed from a Hollywood writer to a website entrepreneur.


This is not a domain server and the users accessing the FTP site all have LOCAL user accounts, on the standalone server.  The server is part of the domain, but it's not domain users that are accessing the FTP folders, but outside users coming in with FTP connections and gaining access to files based on local-user-account logons to this stand-alone server.  

I want the new server (the back-up server) to have the same set of local users (including GUIDs).

Here's the setup:

Server A, a standalone server in Domain D, has two hard drives: C & E.

C is the operating system, with w2k server & IIS.

E contains all the folders in the ftproot.

Now I have a new server B, that I want to use as a backup (only bringing it online if A fails).  B has identical hardware to A.

I can easily backup and restore the ftproot folders on the second hard drive, maintaining all the file permissions... but how do I get the LOCAL USER database from A -> B, so that people FTPing into the new server still have the same set of permissions they had on the old server?


Corollary questions:

1.  Where is the user account database stored on w2k server (not active directory)?

2.  Can I backup the system state on Server A and restore it on Server B and get the same set of local users on B as I have on A?
the best way to do this would be to create an image of your server A and then deploy it on server B. You can use symantec's ghost software for this, or any another software if you wish. Ghost, Altiris Deployment solution and I guess you can use SMS from microsoft to do this. I have used Ghost and it is pretty good. Altiris is extremely good but very expensive. But they do have a 30 day fully functional trial though.

here are the links:
for ghost:

for altiris:

Your corollary questions:
1. I'm not sure if I understood the question properly here, But you can see the users in the control panel --> user profiles

2. If the system hardware is exactly same, then you should be able to do it.
Whoa... slow down.

If you want to copy a local group from one standalone PC to another, then the Group Copy tool in the Win2k Resource Kit will do the trick. However, as you probably have already figured out...  A local account named "Bob" on Server1 doesn't have any relationship to a local account named "Bob" on Server2 (regardless of how the Account was created or copied).  So copying local groups only really makes sense if those local groups contain Domain User accounts... not local accounts.

Local Accounts are always stored in the registry (whether AD or stand-alone)

Backing up the system state from one PC to another is tricky... first of all, you can't have both up and running at the same time (because the domain controller won't allow two PCs with the same name... and will further freak out when it discovers that the SIDs are the same).  Another issue, is that the hardware will have to be pretty-darn similar to each other for the "transplant" to work.

We routinely "clone" PC with Norton Ghost (probably do 2-3 a day!).  We use the free utility called NewSID (from to change the SIDs so that we don't have any duplicates.  We *never* clone a server, since their hardware requirements are almost always unique.

I'd recommend that you just do a normal install onto a new server, copy over your files, create duplicate accounts/passwords, and spend a few minutes with XACLS replacing the old account SIDs with the new account SIDs.  Yeah, it's slow and painful, but it will produce something that you can run side-by-side.

Another (very reasonable suggestion) would be to redo your account management strategy.  There is a reason that Microsoft wanted you to put Accounts into Global Groups, but Global Groups into Local Groups, and then assign permissions via the Local Group.



Very wise advice, in everything you say.  And I'm going to lobby to make the changes that you suggest, especially change the way groups are organized.  And I might end up taking your suggestion on  using XACLS... but I'm going to try the system state first.  Here's why:

The online IIS server is going down for special hardware maintenance and I just need a duplicate up and running.  I'll be careful not to have two machines with the same SID online at the same time.  As for Norton, I might use Norton but the problem is, to do the first ghost I have to take the online server offline and I'd like to be able to perform this switchover with as close to zero downtime as I can get.

But anyway, your suggestions are very thorough and complete and I thank you for them.


Thanks to you too.  As weird as it might seem, I want to see if this system state backup-restore trick really works!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial