[Samba] Move local profile to domain profile.

Jonathan Johnson jon at sutinen.com
Mon Mar 26 23:59:31 GMT 2007


OK, I haven't done this with ROAMING profiles, but I've done it so many 
times with locally-stored profiles I think I can do it in my sleep. (The 
following is not written for the novice user.)

Consider the following scenario: user Fred Flintstone has a local 
account FRED on the Windows XP Professional worstation FREDSCOMPUTER. 
You have already joined FREDSCOMPUTER to the BEDROCK domain, and Fred 
has been given an account in the BEDROCK domain called  FFLINTSTONE 
(note, I'm using caps so it's easy to read in my example).

   1. Log into FREDSCOMPUTER with admin rights, but not as FRED. Use
      NTBACKUP (the built-in backup utility), make a backup of
      "Documents and Settings\Fred" (or wherever his local-account
      profile happens to be stored). This is for bone-headed admins like
      me who will probably screw something up. NTBACKUP is suggested
      because it's fairly easy to used (read: quick) and will preserve
      permissions.
   2. Assign permissions (recursively) to "Documents and Settings\Fred"
      that allow BEDROCK\FFLINTSTONE full access.
   3. Load the registry hive "Documents and Settings\Fred\NTUSER.DAT"
      and assign permissions similarly. (I typically use REGEDIT, or
      REGEDT32 on Windows 2000 and earlier.)
   4. Unload the reigstry hive or reboot the computer.
   5. Log in as BEDROCK\FFLINTSTONE. This will create a new profile for
      Fred; make a note of the path where the profile is stored. This
      profile folder will be deleted shortly, but this step is necessary
      to create a registry key. Log out, and log back in as a local admin.
   6. Open the registry key HKLM\SOFTWARE\Microsoft\Windows
      NT\CurrentVersion\ProfileList. Under here you will see numerous
      keys named by the SIDs of users who have logged in. One of these
      will correspond with the BEDROCK\FFLINTSTONE account. Since you
      are using Samba, you can (rather conveniently, I might add) use
      pdbedit -L -v fflintstone to find out the SID. Otherwise, you can
      look thru until you find the one for which the ProfileImagePath
      value corresponds with the path noted in step 5, above. Modify the
      value for ProfileImagePath to correspond to the path to FRED's
      profile that you backed up in step 1.
   7. Delete the profile folder noted in step 5. You won't be needing it
      anymore.
   8. Log in as BEDROCK\FFLINTSTONE and you should be logged into the
      domain, but still using FRED's old profile.

Now here's how I would handle it if the domain profile was a roaming 
profile: temporarily disable the roaming profile configuration for 
BEDROCK\FFLINTSTONE before doing the above. After doing the above steps, 
convert the "domain local" profile to a "domain roaming" profile.

-Jonathan Johnson
Sutinen Consulting, Inc.
www.sutinen.com

Jason Baker wrote:
> So far I haven't found an automated way. I just log in to the domain 
> as the user, which creates the roaming profile on the network. Then 
> log out, log in to the local machine as admin and copy the contents of 
> My Documents, Desktop and Application Data (all from Documents and 
> Settings/<username>) from the local profile to the roaming profile. 
> Then log back in to the domain as the user and all the desktop icons 
> and user settings should be there. Just remember to delete the local 
> profile to avoid confusion.
>
> *Jason Baker
> */IT Coordinator/
>
>
> *Glastender Inc.*
> 5400 North Michigan Road
> Saginaw, Michigan 48604 USA
> 800.748.0423
> Phone: 989.752.4275 ext. 228
> Fax: 989.752.4444
> www.glastender.com <http://www.glastender.com>
>
> -----BEGIN GEEK CODE BLOCK----- Version: 3.1
> GIT$ d- s: a C++$ LU+++$ P+ L++>L++++ !E--- W+++ N o? K?
> w !O M !V PS PE- Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h--- r+++ y+++
> ------END GEEK CODE BLOCK------
>
>
>
> On 3/14/2007 6:57 PM, Dennis McLeod wrote:
>> Ok, I got the W2K3 resource kit tool to move my local profile to my 
>> domain
>> profile (moveuser.exe). Didn't really work that cleanly.
>> Even though I used the /k (keep the local account), it didn't really. It
>> seemed to change the permissions on MOST of the files.
>> It didn't really move the files either. It's just pointed my profile (or
>> parts of it) to the existing folder. Can't really go back now.
>> It didn't do My Documents and lower.
>> I had to log out, log is as domain administrator, and take ownership of
>> those files.
>> Even then, it lost some of my passwords (which is ok with me).
>> Does anyone have a nice CLEAN way to migrate the local profile to a 
>> domain
>> profile?
>> (something automated, perhaps...)
>> How about using the right click on My computer on the desktop, 
>> advanced tab,
>> User Profiles button, and copy to.
>> Has anyone tried that?
>> I supposed I'll need to re-image my machine and try it...
>> Dennis
>>
>>   


More information about the samba mailing list