Solved

Computer account reset so comp out of domain, but need user profile on that machine

Posted on 2006-07-21
6
633 Views
Last Modified: 2008-02-01
Okay well here is the scenario -- due to some miscommunication a user reset a computer account which disjoined a workstation from the domain (I believe it is XP pro) from a 2000 or 2003 domain. So when she tried to login with this account she go the error "windows can not connect to the domain either because the DC is down (which it wasnt) or otherwise unable or because computer acccount is not found"

Now the user account we want to logon to was named lets say Jake -- we could just rejoin this machine to the domain and then logon as Jake but that would wipe out  Jake's local user profile which we would like to have when we logon
with his domain login.

Now we could just go into the local machine as admin and copy all the user data to an external drive and then just copy it into the new "Jake" after the machine is joined to the domain and the user logs in. However, it would be helpful to have all the settings:

Craylord solved a similar problem but was not sure if his solution applied:

Here is how he put it:

The key is to login to windows with the user first! Windows creates a profile folder at this time and associates it with the user account. Once this folder has been created, you can delete/rename it and rename/add the correct folder in its place. Skip the Advanced user copy button thing, takes waaaay too long. Once you get the hang of it, this process can be done in less than 5 minutes.

Restart and logon as a local administrator or another user with admin rights.
Rename the C:\documents and settings\username folder to username_bak
Delete (or rename) any bad folders that were created in a similar manner.
Add user to the pc's local administrators group. Login to pc with the "correctusername" or domain username. Restart and logon as a local administrator or another user with admin rights. (Restart is necessary because if you logoff, windows will still have some of the users files locked)
delete the newly created profile folder c:\documents and  settings\correctusername folderrename the c:\documents and settings\username_bak to the name of "correctusername" (the
newuserfolder)Logout and login as the new user. Tada done. You may have to reconnect Outlook .pst files.
 
So, gentlemen, would Craylords solution apply or would this procedure have to be modified for this situation?




0
Comment
Question by:appsolute
6 Comments
 
LVL 11

Accepted Solution

by:
Eric earned 168 total points
ID: 17155596
what if you remove the eithernet cable. use cached credentials. .  then use the xp file and settings transfer wizzard?

0
 
LVL 26

Assisted Solution

by:Pber
Pber earned 166 total points
ID: 17155676
So let me try and understand this.  The machine just got disjoined from the domain and the user can't logon.  You are worried if you just rejoin the domain, the users domain profile will get lost.  Is this right?

If so you can safely rejoin the domain and the user will automatically connect back to the original profile as they are assigned to the SID of the domain account and that didn't change.

Profiles usually never get over written, it just creates a new one with a suffix.  i.e. jake, jake.000, jake.domain.com, etc.

If you are worried about it, log on locally and copy the profile from documents and settings to another location before you try the above, but you'll be ok.
0
 

Author Comment

by:appsolute
ID: 17159679
Yes, but its a bit more complicated than that. How you back up -- from
my computer/advanced/user profiles or just from Explore makes a difference? Dont security settings get transferred with the profile?

0
 
LVL 3

Assisted Solution

by:artthegeek
artthegeek earned 166 total points
ID: 17160070
It's frustrating, I know - we've been thourhg this on a large scale in a poor disaster recovery environment -

Correct, the user profile should not get overridden, and yes, permissions can be a pblm - so you'll have to add the new domain user to the permissions & force inheritance.

Best approach other than rebuilding the profile from scratch:
Rename the profile (usernameBACKUP)
Rejoin to the domain,
Log in as the user, log out again,
Log in as Administrator, replace the newly created profile with the backup (rename or delete the new, rename the backup to the username)
Add the user to the ACL of the profile folder and force inheritance.

Test, test, test.

Good luck!
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

The HP utility "HP Lights-Out Online Configuration Utility for Windows Server 2003/2008" could be of great use when it comes to remotely configure a HP servers ILO WITHOUT rebooting the server. We would only need to create and run scripts using thi…
This may not be a text book method to resolve VSS backup issues but it seemed to have worked on few of the Windows 2003 servers we had issues while performing a Volume Shadow Copy backup. If you have issues while performing a shadow copy backup usin…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video discusses moving either the default database or any database to a new volume.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now