Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Migrate user profile between Domains

Posted on 2008-10-02
12
Medium Priority
?
820 Views
Last Modified: 2012-05-05
I currently have a domainA with W2K, I am going to create another domainB with W2k3. I would like to move the user profile from DomainA to DomainB so that all the files and settings are remains after the clients join DomainB.

Is there any way I can do that?

Thanks.
0
Comment
Question by:leoshiu
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
12 Comments
 
LVL 71

Expert Comment

by:Chris Dent
ID: 22622551

It depends a bit.

How are you migrating the user account?

If you're using Active Directory Migration Tool then it can be made to rewrite the profile when you migrate the computer account to the new domain.

Chris
0
 

Author Comment

by:leoshiu
ID: 22622642
Dear Chris,

I prefer USMT than ADMT but I do not know how to use it.

Thanks
0
 

Author Comment

by:leoshiu
ID: 22622653
All the user settings and files must be kept after they join the domain including print queue and IE settings.
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 71

Expert Comment

by:Chris Dent
ID: 22622709

Fair enough. Ultimately you're just copying the profile to a new one with USMT. It probably tidies it up a bit, but there's not much to it.

Configuration such as printers, IE settings, etc are stored in the users registry hive which loads as HKEY_CURRENT_USER when they log in. That runs from %UserProfile%\ntuser.dat, and is why you can copy the contents of a profile to preserve settings.

Will the user be moving onto a new computer? Or are you using the existing system?

Chris
0
 

Author Comment

by:leoshiu
ID: 22624451
Dear Chris

I have over 200 computers to upgrade, so I rather joining them to the new domain than moving them onto a new computer.

I found some solutions on the web about using USMT, but it doesn't work in my case, I dunno why
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 22624558

How are you getting the user accounts onto the new domain?

For that number of users and computers I'd seriously consider using ADMT, it can take all this hassle out of your hands.

Chris
0
 

Author Comment

by:leoshiu
ID: 22624601
Dear Chris,

I created user accounts on the new DC, I wanna their user profile remains unchange after they logon to the new domain

Thanks
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 22625605

Ahh, that's a shame.

I'm not sure USMT will work for you here, you really need to something to translate the profile, to rewrite the security rather than just pick it up and drop it as USMT seems inclined to do.

The difficulty is, without ADMT it's not easy to perform the translation, bear in mind that access to the profile is defined by the users Security Identifier rather than a simple user name. With ADMT it writes the old security ID into the new account (into an attribute called sidHistory).

On the simplest level you can just copy the profile contents from one to another. That's quite a big job for that many users.

Chris
0
 

Author Comment

by:leoshiu
ID: 22630423
Dear Chris,

Workload and time are not the main issue, we are going to do it department by department, so I am looking for the simplest way to do it.

thanks
0
 
LVL 71

Accepted Solution

by:
Chris Dent earned 900 total points
ID: 22632032

Then I would still recommend ADMT, even though it means deleting the accounts you've created in the new domain :)

Chris
0
 
LVL 4

Expert Comment

by:lscapa
ID: 22633966
ADMT is the ONLY way to do what you are wanting to do. USMT was designed for moving user data between computers WITHIN the same domain. Besides it sounds as if you are truely doing a domain migration and guess what? ADMT = Active Directory Migration Toolkit. Ahhh the solution as Chris-Dent has already pointed out is to use ADMT. Take the 2 hours read, understand, use...
Another benifit of ADMT is sid history. Instead of having to reconfigure all your permissions on shares and the like, ADMt will carry the old domain sid with it and voila!! your users have access to all the same information. Plus it will migrate PC and server accounts as well. 200 users would take only about 2-4 hours to migrate over. You're trying to backward enginner a process that Microsoft already has. Probebly wasted more time than if you would have begun with ADMT in the first place?
Again Chis is right USE ADMT...
0
 

Author Closing Comment

by:leoshiu
ID: 31504154
Thanks, but I found a third party tools called Forensit works perfectly for me.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question