Solved

XP Profiles

Posted on 2011-02-17
10
845 Views
Last Modified: 2012-06-27
Hi i have a small branch office but the 3 pc's and 1 laptop in that branch office have never been a member of my Win 2003 Active Directory. So basically they have just been logging on locally to their xp machines with local profiles and happily working away.

I now want to add these machines to the active directory as i want them to part of the same group policies as everyone else but i see a couple of pitfalls.

They are connected to our wan and therefore can ping our DC/GC's but the site has only 3 users so we never needed a server there and i dont have the budget to do so. How will the machines first join the domain if they are pointing to the local router for DNS and not to any DNS on our WAN?

Once i join the machines to the domain they will end up with a brand new blank profile but they have been using their local profiles for years and will have them setup particular ways to suit themselves some programs may even work only under that profile. How can i copy the complete old local profile over the new domain one so the user does not know any difference essentitally. Is there any freeware tools that do that sort of thing?

thanks
0
Comment
Question by:kingcastle
  • 3
  • 3
  • 2
  • +1
10 Comments
 
LVL 6

Expert Comment

by:mslunecka
ID: 34921348
I'm pretty sure you can accomplish this with an LMHOSTS file.

Check out this link from microsoft:

http://support.microsoft.com/kb/314108

This only works if the network your DCs are on does not filter that kind of incoming traffic as many do.
0
 
LVL 6

Expert Comment

by:Kris Montgomery
ID: 34921394
We have used ForensiT for this dozens of times.  Works very well.  Before I found that app, we recreated each profile... 1.5 hours each computer.  Ick!  Forensit takes about 30 seconds.

http://www.ForensiT.com
http://www.forensit.com/downloads.html

Thanks.
Kris


0
 

Author Comment

by:kingcastle
ID: 34921544
this looks just what i need nearlly to good to be true and even joins the computer to domain as well.....

does it really work as easy at that, what do i need to do - install the client on the target machine and let the profile go over? Do i need a AD account already setup for the user? WIll the software move the computer accoun to the domain as well?

any help would be great
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 6

Accepted Solution

by:
Kris Montgomery earned 500 total points
ID: 34921591
:)   Tell me about it!   A lifesaver.

Yes, in our case.  The employee already had a new and old domain account.  It only works on the local machine.  It doesn't create the account... as I recall.  Again, we didn't use it like that.

The manual is pretty lengthy for such a small app, but it will show you step by step how to do exactly what you need done.  The corporate edition can be run remotely... another bell and whistle that we never used, but could be very useful in a domain environment.

Good luck!
mug

0
 
LVL 3

Expert Comment

by:WiReDWolf
ID: 34928814
ForensIT is an excellent application and I've used it myself several times.  However, this doesn't help you join the machines to the domain unless your DC's are available via a Public IP.  How are the workstations at the site office able to see the DC's?  Branch VPN or are you using a client?

ForensIT basically remaps the SID of the domain user to the SID of either the previous domain user or the local user to the user profile.  You can use a usermap text file that tells forensit exactly which local user profile gets mapped to which domain user account.  It's very fast and works very well and has saved me weeks worth of time doing domain conversions.

ForensIT is not free but it's not expensive, either.  I think it's about $2 per user license.
0
 

Author Comment

by:kingcastle
ID: 34928895
yip the machines or on privaet vpn and i was going to edit the hosts file to point to cloest DC over wan, i wonder how that will effect delivery of group policies from the DC tho
0
 
LVL 6

Expert Comment

by:mslunecka
ID: 34928926
Your DCs won't be able to push things onto the computers, probably.  But your workstations should automatically run gpupdate every so often (I think the default is 16 hours, if I remember right) and pull the new policies down.
0
 

Author Comment

by:kingcastle
ID: 34928950
wonder will be really slow or have an adverse effect on network either at headqtrs or remote site
0
 
LVL 6

Expert Comment

by:Kris Montgomery
ID: 34928979
It won't affect it, policy and application-wise.  However, authentication will take longer than usual.

I think is manageable. Just don't update software via GP.

mug
0
 
LVL 3

Expert Comment

by:WiReDWolf
ID: 34930540
HOSTS files are great for cheap DNS but if you're using branch VPN the primary DNS of each workstation should still be your DC on the other side of the VPN.  Secondary and tertiary DNS can be for the ISP but primary should always be your DC.  DNS requests are small and quick so shouldn't pose much of a network performance impact to the remote site computers.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question