• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 170
  • Last Modified:

New Server with Existing Workstation Problem

Hello,

My Server crashed and I lost Active Directory. So, I rebuilt the server and added the accounts. My workstations are able to logon to the domain but there is still something odd going on. Even though I can logon and browse the network I suspect local security is a bit messed up.

Since I had to rebuild the server and Active Directory do I have to rejoin the workstations to the domain for local security to work properly? One time, I tried to do a Net Use command to map a drive and the error message was something like "The trust is broken..." or something similar to that.

If I have to place the workstation back into a WorkGroup first, will I lose my desktop settings once I join back to the domain? What's the best way to rejoin the workstations to the domain without losing the local settings?

The server is W2K and the desktops are W2K and XPPro.

Thanks,
John
0
jhieb
Asked:
jhieb
  • 3
  • 3
  • 2
4 Solutions
 
mikeleebrlaCommented:
im a bit confused by what you mean by "local security".... local security is when your computers are NOT in a domain, thus the term local.  But to answer part of your question, yes you will have to remove the computers from the old domain and then add them to the new domain.  Even though the hostnames of the computers are probably still the same, the new domain doesn't "know" about them at all, so they will have to join the new domain. yes you will have to make the workstations a member of a workgroup while you are moving them from old domain to new domain.  does old and new domain have the same name?  if so your desktop settings should be ok.  In any case, your profiles (storred locally) aren't going to go anywhere.  Worst case scenerio is that you will have to rename the profiles on the local machines, but you aren't going to lose them unless you manually delete them.
0
 
2hypeCommented:
you will have to readd them to the new domain.

Im afraid your local profiles wont work anymore.  When You Logon it will probally make a new profile for the user (like this User.Domain).  Once it makes this though you can log the user off.  Log on as an administrator and copy his info from his old profile to his new profile.  Just open the old profile and copy the items in desktop to the new profile desktop, Favorites, My Docs, Outlook Accounts, Etc..
0
 
mikeleebrlaCommented:
2hype,

actually if it does create a new profile based on the default user template (which it will probably do) all he has to do is log on as administrator, rename the old profile with the name of the new one that was created.  that way the next time the user logs in, they will be pointed to their old profile (with a new name), but the contents of the profile will be from their original profile.  This will include ALL their settings, not just desktop icons.
0
How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

 
2hypeCommented:
Since he started Active Directory/Domain From Scratch.  None of the users account Securit ID's would be the same.  In order for that local profile to work properly, He would have to change the permissions on the Local Profile.  Administrators Group would have to be the owner and Administrators / User would need full control of the profile.  Windows is very fussy about permissions when it comes to profiles.

0
 
jhiebAuthor Commented:
mikeleebrla & 2hype,

I've changed one workstation to a Workgroup, and then back to the domain. Once I went back to the domain I lost the settings for that user.

I then logged out and then logged back in as the local administrator, copied the profile contents from the old account profile into the contents of the new profile (username.domain). Everything copied accross until the last part where it bombed on NTUSER.

After copying the profile contents over I logged back into the domain as the individual user. So far, what I see that is still causing problems is that the email user profiles are gone, and a few apps default settings are gone. They need to be reset.

2hype, can you elaborate on your last statement concering changing permissions on the local profile? Given what I've been able to do (on an XPPro machine) would I still need to do that? Also, will I have different results on a W2K computer?

Thanks,
John
0
 
mikeleebrlaCommented:
you have to restart so the os will "release" any files that that it may have opened when the user was logged in.

as far as secuirty goes, just rightclick on the profile (in c:\docs and settings\), choose properties, security tab and make sure that the user that you want to use the profile has full rights to the folder.
0
 
2hypeCommented:
Try doing the following.  Logon to the computer as administrator.

1.) Delete the Profile that was created at his last Logon.
2.)Rename his old profile account UsernameOld or something similar.
3.) Copy the UsernameOld and Paste it and rename it to his username.  (I got you to copy his orignal and name it as something else, that way you will have his orignall profile if this doesn't work)
4.) Right click on the profile you just created (should be named his username) and click properites.  Select the security tab.  Select the Advanced Button.  Click the Owner Tab.  Click the Administrators Group (not the administrator account.) Click the Checkbox that says take Replace owner on Subcontents and folders.  Click Apply.

Go back to the security tab and add the user (the user that is using the profile) and give him and administrators group Full control.  Click advanced a click replace permisson on all child objects. Select apply.

Log off administrators account.  Log on as the user and see if it loads his old profile.

Also, You will probally have to reboot the computer and logon as admintrator that way you do not get the error with the NTUSer when trying to copy.
0
 
jhiebAuthor Commented:
2hype,

I believe your suggestions worked well. After applying the steps you listed I was able to logon as the user and the previous settings appear to work fine.

mikeleebrla,

To answer your first question, yes I was referring to local security, and as 2hype mentioned, the SID.

Thanks for both of your help.

John

0

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

  • 3
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now