Solved

assign domain profile to workgroup user on same computer

Posted on 2013-01-27
3
728 Views
Last Modified: 2013-01-30
we have a server 2003 with DC. we are going to get rid of the server so everyone will unjoined the domain. I don't want to rebuild the user profile. I have tested the following but not sure if there will be any issue.

I created local user account first and logged off and logged in with domain admin account. Unjoined the domain. after the pc reboot, I logged in using the new local user account. Logged off and sign in using the local admin account. I renamed the new local account to ex: peter.OLD and then on the user's domain profile, I go to security and assign full permission to the new local account. on the folder, rename to peter.
logged in as peter, I see all his previous setting and didn't see any error message. It looks good to me. so, is the way I am doing will cause any issue?
0
Comment
Question by:okamon
3 Comments
 
LVL 77

Expert Comment

by:arnold
ID: 38825698
If it works, it should continue to work.
There could be issues you did not take into account, I.e. can users use efs to encrypt their files?

Separating workstations complicates management of computers and updates.
0
 
LVL 28

Assisted Solution

by:Ryan McCauley
Ryan McCauley earned 200 total points
ID: 38825700
I've gone from workgroup to domain and brought profiles with me a number of times, using the following steps (from my blog):

http://trycatchfinally.net/2009/04/join-an-active-directory-domain-and-keep-your-local-profile-intact/

It sounds much like what you're doing - I've never done it in reverse (going from domain to workgroup), but I don't see why it wouldn't work the same way. Every time I do it, I'm a bit nervous that I'll get a crazy error that I can't troubleshoot, but it's always worked just fine and I haven't had any negative impact yet.
0
 
LVL 16

Accepted Solution

by:
PaciB earned 200 total points
ID: 38825969
Hi,

You're missing something: a user profile is not only a set of files... it's also a set of registry keys that are stored in the NTUSER.DAT file in the profile directory. Registry keys ALSO have permissions given to the user account.
So, modifying only files permissions after a profile copy IS NOT ENOUGH to make the profile "usable".
What you need to do is to mount the user registry hive while you're logged on as an admin, replace permissions on the whole registry hive so that the old account permissions are replaced by the new account.

Have a good day.
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
Synchronize a new Active Directory domain with an existing Office 365 tenant
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now