Weird security issues after migration to new active directory domain...

Hello Experts!

I recently changed over my active directory domain from "mycompany.com" to "mycompany.local" and everything went along fine until I tried to start MS Outlook as "%username%" on their computer. Outlook would fail with an access exception error in some .cpl file. So, I logged on as admin and tried to start outlook, and it started with no problems.

I logged back on as the user to see what else was wrong...

The recent programs list (on XP Start Menu) was empty.
The "Run History" was empty.

And some other weird stuff.

By the way, I copied the user profile from the old  (.com) domain to the new (.local) domain by logging on as admin and copying:

c:\documents and settings\%username%\

to

c:\documents and settings\%username%-MYCOMPANY.LOCAL

So, because I discovered these problems late on Sunday night and since people needed to work on Monday morning, I had to find a temporary solution. So, as a workaround, I made everyone a DOMAIN ADMIN and added %username%@mycompany.local have full control of the HKEY_CURRENT_USER reghive.

My questions related to this matter are:

1. What did I miss in transferring the profile over from the old domain to the new one that made it not work?
2. Is there a guide on the best way to secure a Windows 2000/2003 Network?

Thanks!

-neomage23
LVL 6
neomage23Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

TannerManCommented:
Oh man !
Woudn't just making them a local admin on their local machine work? Even in the current state, domain admin is not needed.

Not sure what went wrong with your profile moves, but get them folks out of domain admins ....fast !
0
Asta CuTechnical consultant & graphic designCommented:
Hope this adds some insight to your problem.
HOW TO: Apply Predefined Security Templates in Windows Server 2003
http://support.microsoft.com/default.aspx?scid=kb;en-us;816585
How To Apply Predefined Security Templates in Windows 2000
http://support.microsoft.com/kb/309689/EN-US/
Windows 2000 Active Directory Migration Tool
http://www.microsoft.com/technet/prodtechnol/windows2000serv/downloads/w2kadmt.mspx
Windows Server 2003 Active Directory
http://www.microsoft.com/windowsserver2003/technologies/directory/activedirectory/default.mspx
0
TMWSIYCommented:
Try starting outlook in save mode.

Instead of going the admin route just modify the perms in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office
0
What were the top attacks of Q1 2018?

The Threat Lab team analyzes data from WatchGuard’s Firebox Feed, internal and partner threat intelligence, and a research honeynet, to provide insightful analysis about the top threats on the Internet. Check out our Q1 2018 report for smart, practical security advice today!

neomage23Author Commented:
Hello Experts!

I would first like to thank you guys for trying to help me with this question, but I found the answer myself for XP machines:

http://www.experts-exchange.com/Operating_Systems/Windows_Server_2003/Q_21000917.html

The thing is, this doesn't really work on the three Windows 2000 machines. I will give the points to whomever can help me with getting this to happen on the Win2k Pro machines.

Thanks!

-neo
0
Asta CuTechnical consultant & graphic designCommented:
Creating new users/profiles doesn't help?  At work, and swamped.  Will check back when I can.
0
Paul SDesktop Support Manager / Network AdministratorCommented:
****this assumes you have already copied "C:\documents and settings\username-MYCOMPANY.com" tol "C:\documents and settings\username-MYCOMPANY.local\"


login as admin, open regedit. highlight local machine. Select file > load hive.

go to C:\documents and settings\username-MYCOMPANY.local\ntuser.dat

give name to hive

right click on new reg folder that appears.  select permissions. make sure that the correct user has permission. or give permission to everyone.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
neomage23Author Commented:
Thank you to everyone who helped me with this!
0
Paul SDesktop Support Manager / Network AdministratorCommented:
your welcome
0
Asta CuTechnical consultant & graphic designCommented:
Happy you're pleased.  ":-0)  Asta
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.