Solved

Migrating user profiles from one domain to another

Posted on 2010-08-17
10
593 Views
Last Modified: 2012-05-10
We have been assigned the task of migrating about 200 Windows XP workstations to a new domain.  Currently they are all on one domain but due to a change in ownership and structure that domain is going to be demoted and the domain controller removed from the network.  All of that will happen prior to us have access to the network.  Then our job is to install a new domain controller (Win 2008) and visit each workstation and join it to the new domain.  We would like to keep the exisiting user profiles though and was wondering what method some of you experts would use in the same situation.  Thank you in advance for your suggestions.  -John
0
Comment
Question by:productivetech
10 Comments
 
LVL 24

Expert Comment

by:Mike Thomas
ID: 33454199
0
 
LVL 4

Expert Comment

by:a1rh0pper
ID: 33454218
0
 
LVL 27

Expert Comment

by:michko
ID: 33454226
You don't say if your current structure is under Active Directory or not.  If it is, you should be able to use the ADMT:

http://www.microsoft.com/downloads/details.aspx?FamilyID=6f86937b-533a-466d-a8e8-aff85ad3d212&displaylang=en

If they aren't in an AD structure right now, then the USMT is your best bet.
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 33454258
Personally I like the USMT best tool that I have used for this same procedure.
USMT - http://www.microsoft.com/downloads/details.aspx?FamilyID=799ab28c-691b-4b36-b7ad-6c604be4c595&displaylang=en

You can also use moveuser.exe
http://support.microsoft.com/kb/118510

Hope this helps~!
0
 
LVL 24

Expert Comment

by:Mike Thomas
ID: 33454268
They won't have a domain to migrate from by the time they take over, so ADMT is not an option.
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 10

Expert Comment

by:ImaCircularSaw
ID: 33454421
I would do the following:

1)  Create a virtual PC - Windows Server running as a domain controller.
2)  Use  ADMT to migrate the user account information (with password export server) to your virtually hosted domain.
3)  Keep your virtual domain safe connect it up to the new domain when available.
4)  Use ADMT to migrate users off your virtual domain onto your new domain.

Hope this strategy helps!
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 500 total points
ID: 33454491
This is a free tool we used during out last migration (for some users)
http://www.forensit.com/domain-migration.html
Not sure about the workgroup; but really good tool.
Thanks
Mike
0
 
LVL 2

Expert Comment

by:Mike_Brodeur
ID: 33474419
Since you're going to lose access to the old domain, and possibly your users' ability to log into their old profiles, I would say Copy To is your best option. Leave the old profile folder intact, don't delete it. Log the user in with their new domain username/password to create their new profile folder, then log back out and try the below:

1) log in as local admin (or another account that is not the profile you are trying to copy)
2) Right click My Computer, choose properties
3) advanced tab
4) User profiles button

After the user has logged into the new domain for the first time (effectively creating their new domain profile) you can select the user's old profile (DOMAIN\username) and then click Copy To, then you will need to browse to the new domain profile folder and select it. If you're using the same username in the new domain as the old domain, the new profile folder will be named  "username.NEWDOMAIN"

Hope this helps
0
 

Author Closing Comment

by:productivetech
ID: 33568856
I appreciate everyone's suggestions and I apologize for taking so long to get back on here with an update now that the job is done.

We could not use ADMT utility because we were forbidden access to the old domain prior to changeover and were left with a bunch a workstations configured for that domain without the domain controller.

We logged in as the local admin on each PC and joined to the new domain and migrated the profiles using the ProfWiz utility by ForensiT suggested by Mike which did exactly what we wanted and was very easy to use.  A number of the machines we migrated had multiple profiles and it worked perfectly.  You can even bring the profile back to workgroup mode if you want.

I can't say enough for this utility and wish I knew about it a long time ago because it sure could have came in handy on previous jobs but will certainly add to our tool library for future use.

The only thing I would suggest is to run a CleanUP! utility such as CleanUP452.EXE before migrating the profiles.  This really sped up the process and most profiles would migrate in 10-15 seconds. Without the CleanUp! utility some profiles would take 10 minutes or more to migrate depending on the size of the profile.

John
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 33601465
Glad to help with this one, and thanks for the suggestion,  that profile tool is a great free tool for sure
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Resolve DNS query failed errors for Exchange
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now