Link to home
Start Free TrialLog in
Avatar of ZenQuest

asked on

Had to rebuild domain controller... worries about profiles

Good day.  

I have a very small windows network and the domain controller recently crashed and we did not have a backup.

The domain controller was recreated with the same names, networking, etc.  

The PC's on the network were never 'removed' from the old domain with the same name.  I need to add them to the new domain controller.  My question is this...

If I log into the PC as a local admin.. remove from domain and add it back... will the OLD user profile remain in tact?  Or will a SID conflict exist creating a new profile?  And if it's going to be a problem, what's the best remedy?

The error we are getting is...  "the security database on the server does not have a computer account for this workstation trust relationship"

We tried manually adding the computer name to Active Directory Users and Computers but no luck.  NO computers are showing up in the 'computers' list on the DC.  However, all but one PC 'on the domain' are able to login.  I assume they're using cached / offline login?

Please assist.  I'm no pro at AD.


Avatar of Speedfox6
Flag of United Kingdom of Great Britain and Northern Ireland image

How are you attaching them to the domain? Also when you do add it to the new domain it will not delete the old one.

once the PCs are on the domain correctly ill talk you through recovering the user profiles. It's quite easy to do.
Avatar of ZenQuest


The PC's were attached to the old domain controller.  The old domain controller crashed and a new one was recreated with the same name.  While the server was down the PC's were able to continue to 'log in' using cached logins.  The profiles were stored locally on the PC's with the name  

New domain controller is online but the PC's were never 'added' to the DC.  

I'm not sure how to add the PC's to the new DC (with the same name) without destroying the profiles on the PC's...  or if they even would be destroyed.
By default, the user profiles will not be erased.
They will be re-used when you re-add the PC to the domain.
they will not be resued automaticly when its on the new domain! But you can merge them easly.

To add the PC you need to log on as a local admin. Right click on my computer then properties. Go to the computer name tab and then click network ID and run through the wizard using the network admin credentials. It will then restart, you can then log on as the user you created on the domain.
"they will not be resued automaticly when its on the new domain! "

Even if the new domain has the same name as the old domain?
it mite work, but you would have to have the same domain name, server name, IP range, user names. even with all this it mght not auto use the old profiles. If it does not, its no big deal to copy over everything from the old profile to the new, its very easy.
Avatar of kevinhsieh
Flag of United States of America image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
you dont need to buy anything. All you hve to do is rename the old profile to the new one created an thats it! I've done it hundreds of times.
What kevinhsieh says is correct.

ZenQuest, you can try to do this.

1. Ensure that you have the password for local administrator.
2. Join the PC to a temporary workgroup, reboot.
3. Join the PC to the domain, reboot.
4. Login at least once with user(s) AD account(s).
5. Copy specific folders (desktop, my documents, favorites, ect.) and files from old user profile to the new ones.
6. Check that files and folder permissions are correct.
7. Check membership of new AD users in local security groups.

This is like a long way, but depends all on your self.
Speedfox6, how do you handle the registry security on %username%\NTUSER.DAT? If you are willing to not have the registry settings move over it's not a problem, but if you want to keep it I have always had to manually load into into a temporary registry hive, change the permissions, and then unload it from the registry. It's a pain, which is why User Profile Wizard is worth it.
I've never had to move over the registry.
If you don't handle ntuser.dat, all of the user specific settings are lost. I guess that it depends on whether or not you only want the files or if you want files and registry settings.