Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Had to rebuild domain controller...  worries about profiles

Posted on 2011-02-11
12
Medium Priority
?
1,020 Views
Last Modified: 2012-05-11
Good day.  

I have a very small windows network and the domain controller recently crashed and we did not have a backup.

The domain controller was recreated with the same names, networking, etc.  

The PC's on the network were never 'removed' from the old domain with the same name.  I need to add them to the new domain controller.  My question is this...

If I log into the PC as a local admin.. remove from domain and add it back... will the OLD user profile remain in tact?  Or will a SID conflict exist creating a new profile?  And if it's going to be a problem, what's the best remedy?

The error we are getting is...  "the security database on the server does not have a computer account for this workstation trust relationship"

We tried manually adding the computer name to Active Directory Users and Computers but no luck.  NO computers are showing up in the 'computers' list on the DC.  However, all but one PC 'on the domain' are able to login.  I assume they're using cached / offline login?

Please assist.  I'm no pro at AD.

Thanks!

0
Comment
Question by:ZenQuest
  • 5
  • 3
  • 2
  • +1
12 Comments
 
LVL 3

Expert Comment

by:Speedfox6
ID: 34872059
How are you attaching them to the domain? Also when you do add it to the new domain it will not delete the old one.

once the PCs are on the domain correctly ill talk you through recovering the user profiles. It's quite easy to do.
0
 

Author Comment

by:ZenQuest
ID: 34872121
The PC's were attached to the old domain controller.  The old domain controller crashed and a new one was recreated with the same name.  While the server was down the PC's were able to continue to 'log in' using cached logins.  The profiles were stored locally on the PC's with the name username@domain.com.  

New domain controller is online but the PC's were never 'added' to the DC.  

I'm not sure how to add the PC's to the new DC (with the same name) without destroying the profiles on the PC's...  or if they even would be destroyed.
0
 

Expert Comment

by:HBal2011
ID: 34872247
By default, the user profiles will not be erased.
They will be re-used when you re-add the PC to the domain.
0
Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

 
LVL 3

Expert Comment

by:Speedfox6
ID: 34872293
they will not be resued automaticly when its on the new domain! But you can merge them easly.

To add the PC you need to log on as a local admin. Right click on my computer then properties. Go to the computer name tab and then click network ID and run through the wizard using the network admin credentials. It will then restart, you can then log on as the user you created on the domain.
0
 

Author Comment

by:ZenQuest
ID: 34872404
"they will not be resued automaticly when its on the new domain! "

Even if the new domain has the same name as the old domain?
0
 
LVL 3

Expert Comment

by:Speedfox6
ID: 34872566
it mite work, but you would have to have the same domain name, server name, IP range, user names. even with all this it mght not auto use the old profiles. If it does not, its no big deal to copy over everything from the old profile to the new, its very easy.
0
 
LVL 42

Accepted Solution

by:
kevinhsieh earned 2000 total points
ID: 34872623
The local workstation keeps a list of SIDs of users that have logged on and what the profile path is for each SID. You have recreated the domain and users, but since it is a new domain and the users are technically new, they have a new SID. When they logon, Windows knows that it's a new user and will generate a new profile. The username and domain name have nothing to do with this process, so it doesn't matter that the names are the same, it's only the SIDs that matter. The profiles have ACLs on the files and within the user's registry, so it isn't exactly trivial to manually copy them over for a new user. Your absolute best bet is to buy User Profile Wizard 3.0. Cost is $2 per user, 25 user minimum purchase. It is very easy to use and soooo much better than trying to manually fix the profiles.
http://www.forensit.com/domain-migration.html
0
 
LVL 3

Expert Comment

by:Speedfox6
ID: 34874030
you dont need to buy anything. All you hve to do is rename the old profile to the new one created an thats it! I've done it hundreds of times.
0
 

Expert Comment

by:HBal2011
ID: 34874662
What kevinhsieh says is correct.

ZenQuest, you can try to do this.

1. Ensure that you have the password for local administrator.
2. Join the PC to a temporary workgroup, reboot.
3. Join the PC to the domain, reboot.
4. Login at least once with user(s) AD account(s).
5. Copy specific folders (desktop, my documents, favorites, ect.) and files from old user profile to the new ones.
6. Check that files and folder permissions are correct.
7. Check membership of new AD users in local security groups.

This is like a long way, but depends all on your self.
0
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 34875287
Speedfox6, how do you handle the registry security on %username%\NTUSER.DAT? If you are willing to not have the registry settings move over it's not a problem, but if you want to keep it I have always had to manually load into into a temporary registry hive, change the permissions, and then unload it from the registry. It's a pain, which is why User Profile Wizard is worth it.
0
 
LVL 3

Expert Comment

by:Speedfox6
ID: 34880056
I've never had to move over the registry.
0
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 34880793
If you don't handle ntuser.dat, all of the user specific settings are lost. I guess that it depends on whether or not you only want the files or if you want files and registry settings.
0

Featured Post

Veeam Task Manager for Hyper-V

Task Manager for Hyper-V provides critical information that allows you to monitor Hyper-V performance by displaying real-time views of CPU and memory at the individual VM-level, so you can quickly identify which VMs are using host resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
High user turnover can cause old/redundant user data to consume valuable space. UserResourceCleanup was developed to address this by automatically deleting user folders when the user account is deleted.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question