How to Migrate old SBS User Profile to New Domain?

I have a couple computers on the network that were in a SBS domain. Then I had to wipe out my SBS server and re-install.

Now when I run the 'ConnectComputer' wizzard on a client computer that used to be in the old SBS Domain, it doesn't show the old SBS profiles )that are still physically on the client computer) , it only shows profiles that were created on the local machine such as 'Administrator' and 'User1' etc. I even tried to go to My Computer Properties > Advanced Tab > Profiles...but it doesn't show the old SBS profile in the list, though the profile and the profile folder IS on the pc in Documents and Settings > usersprofilename?!?

How can I migrate an old SBS user profile so the user can use the same profile in the new SBS domain?
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
You can "cheat" the system to accomplish this... see this article for the how-to:


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Y'know... I hadn't reviewed that article in awhile and just did so... realizing that it tells you to copy the existing profile from the place where you say you can't see it... this should actually just work by copying the profile out of the documents and settings folder to somewhere else... don't worry about the NTUSER.DAT and associated log file though... they aren't necessary.

I had a quick glimpse at the document a while back, and felt that there is an easier way:

Rename the users profile to username.old
Run connectcomputer, and set it up for the user with a new empty profile
Log in as the user
Log off and log in as a user with local admin rights
Make a note of the permissions and delete the users newly created profile
Rename the username.old profile to match the one you just deleted
Modify the permissions on that profile
Log in as the new user again to check it works
OWASP: Avoiding Hacker Tricks

Learn to build secure applications from the mindset of the hacker and avoid being exploited.

Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:

Since you've now posted that set of steps on a couple of questions in the SBS Topic Area, I thought it would be important to point out that this would break all of the important features of Small Business Server, such as the automatic configuration of Outlook.

In essence you are deleting some of the items created by connectcomputer.

Thanks for your feedback Jeff.

As far as I'm aware, practically all user settings within SBS2003 are set via group policy. My experience with this at several sites has been flawless. No single feature of SBS2003 appears to be compromised by doing this. The only issue I have with it is that the Outlook profile needs to be deleted, which needs to be reconfigured the next time Outlook is run. Everything else works fine - users home page is still set to http://companyweb, security settings remain intact, and all remote features continue to work fine.

Can you be more specific as to what problems there  - I don't want to give out bad advice, but this method in my experience does seem to be flawless. Likewise, I have used this method at over a dozen sites, and if something is broken I want to fix it. Again though, none of these sites have experienced any problems with this method.
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:

It's difficult to say what will and what won't work if you do it the way you are describing... because that, of course, depends on how things were configured prior to running the connectcomputer wizard.  I'm sure that you've seen cases before where a computer was joined to a domain and a new profile is created called "username.DOMAIN" instead of just "username"... this is pretty common and not generally an issue.  Except --- THEN, an errant program decides that it wants to keep using the ntuser.dat file from the old profile... or it thinks it needs to create an entirely NEW profile path for it's application data folder.

Many of those things are standard problems when you copy a profile over rather than allowing Windows to build it.  These are caused by variations in the registry keys for items which reference the SID of the user.  EACH of these keys would need to have the permissions changed as well if you are to be completely successful with copying the old profile.

So, how does this relate to SBS's features?  First, look at all that connectcomputer does:

Most of it is computer related, not user related... howver there are a few items that matter... the most important is that SBS has a unique utility it runs called moveuser.exe which does the profile migration.  I haven't fully traced what all this utility does... but as far as I've seen it does go into the registry to make sure that permissions are correct in addition to the other items that are listed in the article I linked above.

Since most of the user and computer settings are kept in C:\Program Files\Microsoft Windows Small Business Server\Clients on each workstation, your solution COULD work much of the time... but I would be very hesitant to say that it would work ALL the time.  Basically, the procedure outlined in the certmag article is only a few more steps than yours... the main difference is that instead of renaming the profile you are referencing it in the user settings and allowing Windows to generate a completely new one based on the old.  I'm just more comfortable with this and believe that taking 3 or 4 more steps the first time is much better than troubleshooting a "strange" behavior later on.

Cheers for the indepth info Jeff. You are definitely right, and I withdraw my comment above. I will definitely go with the other route for the future. Everything does work fine at the sites that I have done this for, but all of those sites have Domain Users in the Local Administrators group on each computer. On the odd occasion when somebody logs on to a machine that they don't have Local Admin rights on, all sorts of strange things start happening - probably down to what you said about permissions on registry keys.

Cheers once again.
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
No problem.. thanks for asking for the more detailed info... it's not always easy to post that level of info on an initial reply, but I do understand the need to get a better grip on this stuf!  :-)

Good Luck!


I have tried ChadHooper solution but came across with one problem. The procedure only works if I disable User Account Control. With User Account Control on, the new user with the old profile does not login. It starts the login process but just immediately makes logoff. I will appreciate any help.

Thank you.
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
This question was originally asked before Vista was released, therefore UAC wasn't a factor.  Thanks for adding the extra info though.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.