Solved

Re-connect profile after recreating account

Posted on 2006-11-26
6
412 Views
Last Modified: 2010-04-18
A user has been a domain admin when he should not have been, and just removing the permissions is not enough.
I am trying to recreate a user account so here is the process that I have been following.

1: I removed the exchange attributes so I can keep the mailbox
2: I made a note of the profile location and group memberships from the active directory
3: I deleted the user account in active directory
4: I recreated the users account without creating a mailbox
5: I reconnected the mailbox to the user account
6: I placed the profile paths back into the account along with the user group memberships.
7: I tried to log in.

The error comes when I try to log into that computer.  "A profile could not be loaded and a local profile will be used, access is denied."

We use roaming profiles and I need to reconnect the profile to the user account for all of his setting and information

So my questions are how do I re-attach the profile?
Do I have to recreate the profile also?  
I know how but I would rather not have to re-create the profile.

Please help.
Thanks
0
Comment
Question by:Raynovac
  • 3
  • 2
6 Comments
 
LVL 13

Assisted Solution

by:itcoza
itcoza earned 250 total points
ID: 18015574
You need to give the new user full control to the profile path as well as reset all the rights on the files on the profile directory.  The user needs to be owner of the files there to use them correctly.
0
 
LVL 48

Accepted Solution

by:
Jay_Jay70 earned 250 total points
ID: 18015741
the theory behind this is that you have created a new user which has a new SID, you will need to give him permission again as shown above - just make sure you set the permission to propogate to all files
0
 

Author Comment

by:Raynovac
ID: 18020939
Just a note that everything i have done has been with a test user and not the actual users yet.

the user is the same username and password
Does this change the SID?

Also, i tried to assign permissions to that user for that profile and it won't take it.
When i tried to take the permissions as an administrator, it wouldn't let me assign it back to the user.

Eventually, it would stop trying to log in under the roaming profile and created a local profile.

I had to delete all profile folders for that user and re-create it.

What do i do since i can't assign the profile ownership or is there something im missing?

Thanks
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 18049176
doesnt matter if the name is the same - you still have a new SID
0
 

Author Comment

by:Raynovac
ID: 18055308
I logged in as that user and added the domain admin with full control.

This allowed me to re-establish the owner of the profile along with the permissions.

Thanks for your help.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 18066964
cool :)
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The HP utility "HP Lights-Out Online Configuration Utility for Windows Server 2003/2008" could be of great use when it comes to remotely configure a HP servers ILO WITHOUT rebooting the server. We would only need to create and run scripts using thi…
Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question