Weird security issues after migration to new active directory domain...
Posted on 2004-11-04
I recently changed over my active directory domain from "mycompany.com" to "mycompany.local" and everything went along fine until I tried to start MS Outlook as "%username%" on their computer. Outlook would fail with an access exception error in some .cpl file. So, I logged on as admin and tried to start outlook, and it started with no problems.
I logged back on as the user to see what else was wrong...
The recent programs list (on XP Start Menu) was empty.
The "Run History" was empty.
And some other weird stuff.
By the way, I copied the user profile from the old (.com) domain to the new (.local) domain by logging on as admin and copying:
c:\documents and settings\%username%\
c:\documents and settings\%username%-MYCOMPANY.LOCAL
So, because I discovered these problems late on Sunday night and since people needed to work on Monday morning, I had to find a temporary solution. So, as a workaround, I made everyone a DOMAIN ADMIN and added %firstname.lastname@example.org have full control of the HKEY_CURRENT_USER reghive.
My questions related to this matter are:
1. What did I miss in transferring the profile over from the old domain to the new one that made it not work?
2. Is there a guide on the best way to secure a Windows 2000/2003 Network?