Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Is there a tool to migrate server03 local users to server03 ad domain users?

Posted on 2009-02-18
Medium Priority
Last Modified: 2013-12-24
We have two web servers using IIS6 and MSFTP . One server is a domain controller the other just resides within the domain. we want to premote the second server to DC status. but there are over 100 local user accounts on the server which control website and MSFTP access on a site by site basis.
The local users have been added due to an error in the configuration of our Helm our control panel solution. when adding a new domain on the non DC server it had been adding local users to that server and not AD within the domain!

 I need to migrate these local users into the AD on the DC. This then will enable me to run DCPROMO on the second server because i'm aware when running this, all Local users will be deleted!

You advice is appreciated!

Question by:eonic
1 Comment
LVL 13

Accepted Solution

dhoffman_98 earned 750 total points
ID: 23671465
You would have to create each of the new user objects (and don't forget any local groups) in AD.

You could do this manually, or if you can create a CSV file that contains the proper format and all information, then you could use CSVDE to import that information into AD.

However, there is something you are missing.
Just having an account in AD that has the same user name as a local account does nothing for you because rights, permissions, and group memberships that were associated with the old accounts will not be copied to the new accounts. A domain account and a local account are two separate security principals. They have different SIDs and can not simply be copied and pasted. You would have to create new groups, and manually add the users to the new groups. And then you would have to go to each application, folder, share... anywhere the local account had access... and give the new account access.

Also, just as a point of opinion... or rather a point of commonly accepted best practices. It's not a good idea to have any other applications besides AD and DNS running on a domain controller. If a DC fails, you still have other DCs... and even backing up and restoring DCs then becomes less important (because if a DC crashes, it can be rebuilt and replication can replace the AD info)... but if you have other applications installed on the DC, or in your case, other accounts and groups... then you are very likely to run into other problems.

So in this case... if the idea behind promoting another DC is to have another DC in the environment... my suggestion would be to get another machine dedicated just for a DC.

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This month, Experts Exchange’s free Course of the Month is focused on CompTIA IT Fundamentals.
This article will show you step-by-step instructions to build your own NTP CentOS server.  The network diagram shows the best practice to setup the NTP server farm for redundancy.  This article also serves as your NTP server documentation.
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question