Ithizar
asked on
Converting Domain Account to Local Account
Hi folks!
We run Windows 7 Enterprise workstations in an Active Directory environment based on Windows Server 2003 R2 and Windows Server 2008 R2 servers. Everyone uses a domain account, along with a roaming profile. We also use group policy to do folder redirection on certain local folders, such as Documents and Application Data, to shares on the network.
I've got a user who is going to be moving his computer out of the building and no longer using our network. However, he needs to retain access to all his data, settings, etc. I could certainly make him a new, local user account and manually copy everything, but I am wondering if there is an easier route.
Is there a way to take a domain account and convert it to be a local account on the system, with all its profile data and so forth intact?
Thanks,
Ithizar
We run Windows 7 Enterprise workstations in an Active Directory environment based on Windows Server 2003 R2 and Windows Server 2008 R2 servers. Everyone uses a domain account, along with a roaming profile. We also use group policy to do folder redirection on certain local folders, such as Documents and Application Data, to shares on the network.
I've got a user who is going to be moving his computer out of the building and no longer using our network. However, he needs to retain access to all his data, settings, etc. I could certainly make him a new, local user account and manually copy everything, but I am wondering if there is an easier route.
Is there a way to take a domain account and convert it to be a local account on the system, with all its profile data and so forth intact?
Thanks,
Ithizar
Disable the Roaming Profile for him.. but I'm certain you'd still need to copy the data from his redirected folders down to his pc.
ASKER
I understand I can just disable the roaming profile in Active Directory. But that still leaves him with a domain-based account. What I'm looking for is a way to convert that domain account to a local account and retain all his profile data.
If he's been logging into the same workstation then any account info would be cached. Not actually having needed to do this before mind you, I don't see the need to convert his account.
ASKER
You're right, his information is cached on the local machine as well as out on the file server. However, once he's disconnected from our network and can no longer communicate with the domain controller, he will no longer be able to log in to his domain account. It will just error and say that no domain controller could be contacted to do the authentication. Therefore, he will have to be logging in with a new, local account.
Thus I'm left with either the "create a new account and try to manually copy and duplicate everything" or figure out how to convert the domain account to a local account.
Thus I'm left with either the "create a new account and try to manually copy and duplicate everything" or figure out how to convert the domain account to a local account.
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
I'm sorry, perhaps there is something I do incorrectly, but every domain-based network I have ever worked on, including this current one, immediately loses the ability to login to domain accounts if you unplug the network cable. All you can access are local accounts.
Also, I am "over-complicating" this because I need to make sure that when this computer goes home with him it is 100% the same as it has been here, with all settings, preferences, applications, etc. I'm afraid if I do it manually, I will miss something.
Also, I am "over-complicating" this because I need to make sure that when this computer goes home with him it is 100% the same as it has been here, with all settings, preferences, applications, etc. I'm afraid if I do it manually, I will miss something.
You've got nothing to be sorry about.. that's your experience. I've never worked for a company that used roaming profiles so that's got to be the difference here. You have a test pc? Create a user account like you would normally, login a few times.. then try to without the network cable plugged in. Then change it from roaming to local.. login to the domain then attempt to without the cable plugged in. I bet you five dollars that's the reason.
If this work you will still need to move his computer account outside the OU that has your GPO doing the folder redirection for a day or two allowing you to move all that redirected data to his local folders.
If this work you will still need to move his computer account outside the OU that has your GPO doing the folder redirection for a day or two allowing you to move all that redirected data to his local folders.
make sure that in folder redirection you have the box checked to move files back to the original location when folder redirection is not in use. Or something along those lines.
move the user to an OU that does not have folder redirection policy and then wait for the files to copy over.
Even easier create a local account, login to the local account to initialize it. logout of the local user account login as an administrator and copy the files from the redirected folder to the newly created user account.
move the user to an OU that does not have folder redirection policy and then wait for the files to copy over.
Even easier create a local account, login to the local account to initialize it. logout of the local user account login as an administrator and copy the files from the redirected folder to the newly created user account.
I know that you are trying to accomodate your users. But, from one IT pro to another, watch out for what corporate data you give an end user to take with them.
With that said:
The safest way is to create a local account for this user and copy/paste data from the domain profile to the local profile. This user will not have domain access and will not be able to logon as a domain user. The computer will not be a part of the domain.
Also delete all domain profiles from his/her computer after you transfer the data you wish to give this person. When the user leaves, delete the AD domain account.
With that said:
The safest way is to create a local account for this user and copy/paste data from the domain profile to the local profile. This user will not have domain access and will not be able to logon as a domain user. The computer will not be a part of the domain.
Also delete all domain profiles from his/her computer after you transfer the data you wish to give this person. When the user leaves, delete the AD domain account.
ASKER
Ultimately, I had to heed your advice and just do it the manual way. Not my preferred solution, but it worked. Thanks for the help!