[Samba] Migrating user profiles from local to domain

Steve Williams steve at celineandsteve.com
Wed Jul 6 17:32:38 GMT 2005 

Hi,

I am trying to plan a migration of approximately 160 PC's from a 
workgroup environment to using Samba (3.0.14a) as a PDC (on AIX 4.3, to 
be 5.3 in near future).

They will NOT be using roaming profiles, as this is not appropriate for 
the client.

Joining the machine to the domain, logging in works, everything's cool.

These computers were all in a workgroup previously and had a local user 
set up for them to use.  After joining the domain and logging into the 
domain, they get a "default" desktop.  Appropriately so, as they are a 
different user than the "local" one that they used to use on the computer.

Browsing the local hard disk, I can see that there is a "keith" user 
that is a local user.  There is also a "keith.<domain>" user, which is 
obviously the user for the domain.

I have a couple of questions.

1.  When the user on a PC (eg: XP SP2) logs on into the domain the first 
time, how does Windows know what kind of "Default Profile" to create for 
the user?  I assume that it comes from the Samba server.
On the Samba Server, I have done a
net rpc group addmem Administrators "DOM\Keith"
When Keith logs into a PC, is that what is giving him Domain 
Administrator rights?  What if he belongs to multiple groups?  What 
"group wins" for his default group?  The one with the highest rights?  
His default Unix group?

2.  We want to copy the enviroment (Desktop, Bookmarks, My Documents, 
etc) of the local user to the new Domain User.  Remember, we are not 
using roaming profiles.  We can do that using "System Properties->User 
Profiles->Copy To".  Is this the "BEST" way to accommplish this?  Is it 
going to affect the rights  assigned from the Primary Domain 
Controller?  (because it's being done as the local administrator, in 
theory it might have "permission" to do this.

3.  Just a "shot in the dark", is there any way to share the profile 
between a local user and the domain user?  I can't imagine so, given 
permission problems and everything. 

Everything needs to be done "RIGHT", as someone has to walk around to 
every PC to do this, and we only want to have to do that once!  :-)  
(and yes, they are turning on Remote Desktop at the same time ;-) ).

In the Samba3-HOWTO.pdf, I found:

> 26.2.5.3 moveuser.exe
> The Windows 200x professional resource kit has moveuser.exe. moveuser.exe
> changes the security of a profile from one user to another. This 
> allows the
> account domain to change and/or the username to change.
> This command is like the Samba profiles tool.

I'm a bit confused... would this sequence of events work?
1.  Log in as the local administrator
2.  Join PC to the domain
3.  Use the "moveuser.exe" to change the local profile for "keith" to be 
the profile for the domain user "keith"
4.  Delete the local user "keith"

Could it be that simple?

Unfortunately I'm about 4000 km away from the server & any PC's right 
now, and have to walk "unskilled" people through any testing, so I can't 
really test & experiment too much on my own.

Also, I'm trying to find the "RIGHT" way to do this, rather than just a 
way that "WORKS".

Thanks for any assistance!

Cheers,
Steve Williams

More information about the samba mailing list