Solved

XP Profiles

Posted on 2011-02-17
10
842 Views
Last Modified: 2012-06-27
Hi i have a small branch office but the 3 pc's and 1 laptop in that branch office have never been a member of my Win 2003 Active Directory. So basically they have just been logging on locally to their xp machines with local profiles and happily working away.

I now want to add these machines to the active directory as i want them to part of the same group policies as everyone else but i see a couple of pitfalls.

They are connected to our wan and therefore can ping our DC/GC's but the site has only 3 users so we never needed a server there and i dont have the budget to do so. How will the machines first join the domain if they are pointing to the local router for DNS and not to any DNS on our WAN?

Once i join the machines to the domain they will end up with a brand new blank profile but they have been using their local profiles for years and will have them setup particular ways to suit themselves some programs may even work only under that profile. How can i copy the complete old local profile over the new domain one so the user does not know any difference essentitally. Is there any freeware tools that do that sort of thing?

thanks
0
Comment
Question by:kingcastle
  • 3
  • 3
  • 2
  • +1
10 Comments
 
LVL 6

Expert Comment

by:mslunecka
ID: 34921348
I'm pretty sure you can accomplish this with an LMHOSTS file.

Check out this link from microsoft:

http://support.microsoft.com/kb/314108

This only works if the network your DCs are on does not filter that kind of incoming traffic as many do.
0
 
LVL 6

Expert Comment

by:Kris Montgomery
ID: 34921394
We have used ForensiT for this dozens of times.  Works very well.  Before I found that app, we recreated each profile... 1.5 hours each computer.  Ick!  Forensit takes about 30 seconds.

http://www.ForensiT.com
http://www.forensit.com/downloads.html

Thanks.
Kris


0
 

Author Comment

by:kingcastle
ID: 34921544
this looks just what i need nearlly to good to be true and even joins the computer to domain as well.....

does it really work as easy at that, what do i need to do - install the client on the target machine and let the profile go over? Do i need a AD account already setup for the user? WIll the software move the computer accoun to the domain as well?

any help would be great
0
 
LVL 6

Accepted Solution

by:
Kris Montgomery earned 500 total points
ID: 34921591
:)   Tell me about it!   A lifesaver.

Yes, in our case.  The employee already had a new and old domain account.  It only works on the local machine.  It doesn't create the account... as I recall.  Again, we didn't use it like that.

The manual is pretty lengthy for such a small app, but it will show you step by step how to do exactly what you need done.  The corporate edition can be run remotely... another bell and whistle that we never used, but could be very useful in a domain environment.

Good luck!
mug

0
 
LVL 3

Expert Comment

by:WiReDWolf
ID: 34928814
ForensIT is an excellent application and I've used it myself several times.  However, this doesn't help you join the machines to the domain unless your DC's are available via a Public IP.  How are the workstations at the site office able to see the DC's?  Branch VPN or are you using a client?

ForensIT basically remaps the SID of the domain user to the SID of either the previous domain user or the local user to the user profile.  You can use a usermap text file that tells forensit exactly which local user profile gets mapped to which domain user account.  It's very fast and works very well and has saved me weeks worth of time doing domain conversions.

ForensIT is not free but it's not expensive, either.  I think it's about $2 per user license.
0
 

Author Comment

by:kingcastle
ID: 34928895
yip the machines or on privaet vpn and i was going to edit the hosts file to point to cloest DC over wan, i wonder how that will effect delivery of group policies from the DC tho
0
 
LVL 6

Expert Comment

by:mslunecka
ID: 34928926
Your DCs won't be able to push things onto the computers, probably.  But your workstations should automatically run gpupdate every so often (I think the default is 16 hours, if I remember right) and pull the new policies down.
0
 

Author Comment

by:kingcastle
ID: 34928950
wonder will be really slow or have an adverse effect on network either at headqtrs or remote site
0
 
LVL 6

Expert Comment

by:Kris Montgomery
ID: 34928979
It won't affect it, policy and application-wise.  However, authentication will take longer than usual.

I think is manageable. Just don't update software via GP.

mug
0
 
LVL 3

Expert Comment

by:WiReDWolf
ID: 34930540
HOSTS files are great for cheap DNS but if you're using branch VPN the primary DNS of each workstation should still be your DC on the other side of the VPN.  Secondary and tertiary DNS can be for the ISP but primary should always be your DC.  DNS requests are small and quick so shouldn't pose much of a network performance impact to the remote site computers.
0

Join & Write a Comment

We have adopted the strategy to use Computers in Student Labs as the bulletin boards. The same target can be achieved by using a Login Notice feature in Group policy but it’s not as attractive as graphical wallpapers with message which grabs the att…
Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now