Solved

assign domain profile to workgroup user on same computer

Posted on 2013-01-27
3
744 Views
Last Modified: 2013-01-30
we have a server 2003 with DC. we are going to get rid of the server so everyone will unjoined the domain. I don't want to rebuild the user profile. I have tested the following but not sure if there will be any issue.

I created local user account first and logged off and logged in with domain admin account. Unjoined the domain. after the pc reboot, I logged in using the new local user account. Logged off and sign in using the local admin account. I renamed the new local account to ex: peter.OLD and then on the user's domain profile, I go to security and assign full permission to the new local account. on the folder, rename to peter.
logged in as peter, I see all his previous setting and didn't see any error message. It looks good to me. so, is the way I am doing will cause any issue?
0
Comment
Question by:okamon
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 78

Expert Comment

by:arnold
ID: 38825698
If it works, it should continue to work.
There could be issues you did not take into account, I.e. can users use efs to encrypt their files?

Separating workstations complicates management of computers and updates.
0
 
LVL 28

Assisted Solution

by:Ryan McCauley
Ryan McCauley earned 200 total points
ID: 38825700
I've gone from workgroup to domain and brought profiles with me a number of times, using the following steps (from my blog):

http://trycatchfinally.net/2009/04/join-an-active-directory-domain-and-keep-your-local-profile-intact/

It sounds much like what you're doing - I've never done it in reverse (going from domain to workgroup), but I don't see why it wouldn't work the same way. Every time I do it, I'm a bit nervous that I'll get a crazy error that I can't troubleshoot, but it's always worked just fine and I haven't had any negative impact yet.
0
 
LVL 16

Accepted Solution

by:
Bruno PACI earned 200 total points
ID: 38825969
Hi,

You're missing something: a user profile is not only a set of files... it's also a set of registry keys that are stored in the NTUSER.DAT file in the profile directory. Registry keys ALSO have permissions given to the user account.
So, modifying only files permissions after a profile copy IS NOT ENOUGH to make the profile "usable".
What you need to do is to mount the user registry hive while you're logged on as an admin, replace permissions on the whole registry hive so that the old account permissions are replaced by the new account.

Have a good day.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question