• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 544
  • Last Modified:

Copy user Accounts FROM Active Directory to Local Windows XP Workstations.

I am trying to migrate FROM a windows 2000 active directory install that was not set up properly. After review the Client machines 90% are running windows XP, and have been made members of the active directory domain. The added Log-on, Log Off times for active directory synchronization are a hasle for the users, and I have a new server that they will be using as a file server, only. New Server is Win 2K3. New server has all local accounts setup, and the one client that is not logging into the domain, gets much faster access to network resources. I want to copy the Active directory user profiles, (desktop settings etc. to the local windows XP clients, and have them login locally to their machines. A safe How to would be appreciated.. thanks in advance.
0
cyrixsys
Asked:
cyrixsys
1 Solution
 
harleyjdCommented:
Whilst this doc refers to SBS200 - SBS2003 the steps are very much the same as Win2k - Win2k3

http://go.microsoft.com/fwlink/?LinkId=16414

Basically, you use ADMT to move the user and computer accounts to the new domain. By following this process exactly you will keep your SIDS - the identifiers that say who's who, and this will keep the desktops tied to each user.

0
 
Mike KlineCommented:
Cy,

What you could also do is to create roaming profiles for those users.  Then you create a share on  a server to store those profiles.  Then you will have a copy of the profiles on the server and you could copy them to the local machine.

How long is it taking the users to log off and log on?  I would start to troublehsoot that first.

Thanks
Mike
0
 
cyrixsysAuthor Commented:
Minutes, For the Login/Applying personal settings. I already know the problem, is MS DNS, related, but I really Don't see the Active directory payoff. I want to get the profiles out of active directory, and onto the local machines. In the future, they may have linux, or another solution to use that I really don't want to use active directory with. So the true question is has anyone, successfully moved out of active directory, with the users retaining desktop, office, and other history? and if so how to? Thanks. Tons of data on migration to.. but skimpy resources on from active directory.
0
New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

 
harleyjdCommented:
Sorry - the profiles aren't in active directory. That's probably why my answer doesn't seem to be sane, as I thought you just wanted to move the user accounts to a new domain.

The profiles are stored on the workstations unless an AD policy (AKA Group Policy Object or GPO) had set raoming profiles. If that's the case then they still aren't in AD, they are just stored on the server.

As for the minutes to log on - this is the prime symptom of badly configured DNS.

Make sure the server DNS is set to it's own DNS server (Or a DNS server you have external that is authorative for your domain, and allows dynamic updates) and that the workstations are all set to the same DNS either manually or via DHCP.

There is no need to dump the domain - you are going to cause headaches and lose control of the LAN.
0
 
cyrixsysAuthor Commented:
Thanks, I agree, that the DNS is configured improperly, and is causing the issues as mentioned before, but I really thinnk that the dependance on a local DNS, and other "Features" of the Active directory security, and management are just superfluous. I guess that the more accurate question would have been to move user pfofiles from the domainname\user to the local user. We are only dealing with simple file sharing here, and the reliance on MS DNS, and proprietary settings, is just inefficient. I would preface this (but I am at the end) that I like Microsoft products and am happy with many of the things that they do, however, Users have local mapped acces to the new server in the domain, not as a DC. The net result thatI am loking for is that the users somply logon to their computers, and pass authentication to the network shared resource that they need.. Old school, but efficient..Thanks so much for the assistance.
0
 
harleyjdCommented:
OK.

At the workstation log in as admin

Rename c:\documents and settings\default user to defauly user.old

rename the required user's profile to default user and apply "everyone" or "users" read permission

Create the new local user account

log in as the local user - this copies to old profile to the new user account

log on as admin

rename the default user back to "username.olddomain" or something you will recognize in the future

rename the default user.old back to default user

disjoin the domain.

This will keep settings, shares, printers et al set up, but there may be some artifacts left that you won't find until later. The other option - copying the profile over the top of a new user profile causes too many problems, particualrly with SIDs...
0
 
luv2smileCommented:
So.....you want to get rid of the domain and go from a domain back to a workgroup setting? Is this correct?
0
 
Wayne BarronCommented:
No comment has been added to this question in more than 21 days, so it is now classified as abandoned..
I will leave the following recommendation for this question in the Cleanup topic area:
[Accept: harleyjd]

Any objections should be posted here in the next 4 days. After that time, the question will be closed.

Carrzkiss
EE Cleanup Volunteer
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now