Matrix1000
asked on
How to Migrate old SBS User Profile to New Domain?
I have a couple computers on the network that were in a SBS domain. Then I had to wipe out my SBS server and re-install.
Now when I run the 'ConnectComputer' wizzard on a client computer that used to be in the old SBS Domain, it doesn't show the old SBS profiles )that are still physically on the client computer) , it only shows profiles that were created on the local machine such as 'Administrator' and 'User1' etc. I even tried to go to My Computer Properties > Advanced Tab > Profiles...but it doesn't show the old SBS profile in the list, though the profile and the profile folder IS on the pc in Documents and Settings > usersprofilename?!?
How can I migrate an old SBS user profile so the user can use the same profile in the new SBS domain?
Now when I run the 'ConnectComputer' wizzard on a client computer that used to be in the old SBS Domain, it doesn't show the old SBS profiles )that are still physically on the client computer) , it only shows profiles that were created on the local machine such as 'Administrator' and 'User1' etc. I even tried to go to My Computer Properties > Advanced Tab > Profiles...but it doesn't show the old SBS profile in the list, though the profile and the profile folder IS on the pc in Documents and Settings > usersprofilename?!?
How can I migrate an old SBS user profile so the user can use the same profile in the new SBS domain?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ChadHooper...
Since you've now posted that set of steps on a couple of questions in the SBS Topic Area, I thought it would be important to point out that this would break all of the important features of Small Business Server, such as the automatic configuration of Outlook.
In essence you are deleting some of the items created by connectcomputer.
Jeff
TEchSoEasy
Since you've now posted that set of steps on a couple of questions in the SBS Topic Area, I thought it would be important to point out that this would break all of the important features of Small Business Server, such as the automatic configuration of Outlook.
In essence you are deleting some of the items created by connectcomputer.
Jeff
TEchSoEasy
Thanks for your feedback Jeff.
As far as I'm aware, practically all user settings within SBS2003 are set via group policy. My experience with this at several sites has been flawless. No single feature of SBS2003 appears to be compromised by doing this. The only issue I have with it is that the Outlook profile needs to be deleted, which needs to be reconfigured the next time Outlook is run. Everything else works fine - users home page is still set to http://companyweb, security settings remain intact, and all remote features continue to work fine.
Can you be more specific as to what problems there - I don't want to give out bad advice, but this method in my experience does seem to be flawless. Likewise, I have used this method at over a dozen sites, and if something is broken I want to fix it. Again though, none of these sites have experienced any problems with this method.
As far as I'm aware, practically all user settings within SBS2003 are set via group policy. My experience with this at several sites has been flawless. No single feature of SBS2003 appears to be compromised by doing this. The only issue I have with it is that the Outlook profile needs to be deleted, which needs to be reconfigured the next time Outlook is run. Everything else works fine - users home page is still set to http://companyweb, security settings remain intact, and all remote features continue to work fine.
Can you be more specific as to what problems there - I don't want to give out bad advice, but this method in my experience does seem to be flawless. Likewise, I have used this method at over a dozen sites, and if something is broken I want to fix it. Again though, none of these sites have experienced any problems with this method.
Chad,
It's difficult to say what will and what won't work if you do it the way you are describing... because that, of course, depends on how things were configured prior to running the connectcomputer wizard. I'm sure that you've seen cases before where a computer was joined to a domain and a new profile is created called "username.DOMAIN" instead of just "username"... this is pretty common and not generally an issue. Except --- THEN, an errant program decides that it wants to keep using the ntuser.dat file from the old profile... or it thinks it needs to create an entirely NEW profile path for it's application data folder.
Many of those things are standard problems when you copy a profile over rather than allowing Windows to build it. These are caused by variations in the registry keys for items which reference the SID of the user. EACH of these keys would need to have the permissions changed as well if you are to be completely successful with copying the old profile.
So, how does this relate to SBS's features? First, look at all that connectcomputer does:
http://msmvps.com/blogs/bradley/archive/2005/01/23/33632.aspx
Most of it is computer related, not user related... howver there are a few items that matter... the most important is that SBS has a unique utility it runs called moveuser.exe which does the profile migration. I haven't fully traced what all this utility does... but as far as I've seen it does go into the registry to make sure that permissions are correct in addition to the other items that are listed in the article I linked above.
Since most of the user and computer settings are kept in C:\Program Files\Microsoft Windows Small Business Server\Clients on each workstation, your solution COULD work much of the time... but I would be very hesitant to say that it would work ALL the time. Basically, the procedure outlined in the certmag article is only a few more steps than yours... the main difference is that instead of renaming the profile you are referencing it in the user settings and allowing Windows to generate a completely new one based on the old. I'm just more comfortable with this and believe that taking 3 or 4 more steps the first time is much better than troubleshooting a "strange" behavior later on.
Jeff
TechSoEasy
It's difficult to say what will and what won't work if you do it the way you are describing... because that, of course, depends on how things were configured prior to running the connectcomputer wizard. I'm sure that you've seen cases before where a computer was joined to a domain and a new profile is created called "username.DOMAIN" instead of just "username"... this is pretty common and not generally an issue. Except --- THEN, an errant program decides that it wants to keep using the ntuser.dat file from the old profile... or it thinks it needs to create an entirely NEW profile path for it's application data folder.
Many of those things are standard problems when you copy a profile over rather than allowing Windows to build it. These are caused by variations in the registry keys for items which reference the SID of the user. EACH of these keys would need to have the permissions changed as well if you are to be completely successful with copying the old profile.
So, how does this relate to SBS's features? First, look at all that connectcomputer does:
http://msmvps.com/blogs/bradley/archive/2005/01/23/33632.aspx
Most of it is computer related, not user related... howver there are a few items that matter... the most important is that SBS has a unique utility it runs called moveuser.exe which does the profile migration. I haven't fully traced what all this utility does... but as far as I've seen it does go into the registry to make sure that permissions are correct in addition to the other items that are listed in the article I linked above.
Since most of the user and computer settings are kept in C:\Program Files\Microsoft Windows Small Business Server\Clients on each workstation, your solution COULD work much of the time... but I would be very hesitant to say that it would work ALL the time. Basically, the procedure outlined in the certmag article is only a few more steps than yours... the main difference is that instead of renaming the profile you are referencing it in the user settings and allowing Windows to generate a completely new one based on the old. I'm just more comfortable with this and believe that taking 3 or 4 more steps the first time is much better than troubleshooting a "strange" behavior later on.
Jeff
TechSoEasy
Cheers for the indepth info Jeff. You are definitely right, and I withdraw my comment above. I will definitely go with the other route for the future. Everything does work fine at the sites that I have done this for, but all of those sites have Domain Users in the Local Administrators group on each computer. On the odd occasion when somebody logs on to a machine that they don't have Local Admin rights on, all sorts of strange things start happening - probably down to what you said about permissions on registry keys.
Cheers once again.
Cheers once again.
No problem.. thanks for asking for the more detailed info... it's not always easy to post that level of info on an initial reply, but I do understand the need to get a better grip on this stuf! :-)
Good Luck!
Jeff
TechSoEasy
Good Luck!
Jeff
TechSoEasy
Hi,
I have tried ChadHooper solution but came across with one problem. The procedure only works if I disable User Account Control. With User Account Control on, the new user with the old profile does not login. It starts the login process but just immediately makes logoff. I will appreciate any help.
Thank you.
I have tried ChadHooper solution but came across with one problem. The procedure only works if I disable User Account Control. With User Account Control on, the new user with the old profile does not login. It starts the login process but just immediately makes logoff. I will appreciate any help.
Thank you.
This question was originally asked before Vista was released, therefore UAC wasn't a factor. Thanks for adding the extra info though.
Jeff
TechSoEasy
Jeff
TechSoEasy
Jeff
TechSoEasy