[Samba] transferring profiles

John H Terpstra jht at samba.org
Mon Dec 2 23:03:01 GMT 2002


On Mon, 2 Dec 2002, Dragan Krnic wrote:

> > How can I move the profile for a local
> > user to the domain user?
>
> Ever tried to copy the whole profile to a /home/%U/profile
> and see what happens?

Don't waste your time with this method. You must follow the procedure
outlined in the MS Windows NT/2K/XP Resource Kit for copying user
profiles.

MS Windows NT/2K/XP loads NTUser.DAT and checks if the system or domain
SID match that stored, then it checks that the current user has access
rights to the profile, if not it blocks access.

To allow your user to access this copied profile it must have all the
right access attributes.

The key reasons you would want to copy a profile includes:
	1. Migration from one server to another
	2. Establishment of Group Profiles
	3. Establishment of a Mandatory profile (ie: One that can not
	   be changed by the user).

> Perhaps you need to fix the SID in a couple of places.
> It's bound to be fun.

More like, you need to change the Server SID to a Domain SID in several
places, you need to add permissions to the NTUser.DAT file in several
places, etc. This is not a trivial task without the right tools.

The right tool is dependant on the MS Windows version.

In WinXP, right click on the "My Computer" Start Menu entry, Choose
"Properties", Select "Advanced", then select 'User Profiles "Settings"'.

Next, choose the profile you wish to copy, click on "Copy To", etc.

This is really not trivial. You need to understand all the issues, and the
only documentation that coveres all of this is the MS Windows NT/2K/XP
Resource Kits. This is NOT meant as an advertisment for Microsoft!!!

Oh, did I mention, that to create a global profile, or to copy a user
profile from a standalone machine to a domain controller (can be
samba!!!), your standalone machine must first be made a member of the
domain. Also, you can only migrate a profile from MS Win2K/XP if you log
onto the local machine as the local administrator who hopefully has the
same password as the domain administrator. There are reasons for this, but
you will enjoy discovering this yourself.

- John T.
-- 
John H Terpstra
Email: jht at samba.org



More information about the samba mailing list