[Samba] Move local profile to domain profile.
jon at sutinen.com
Mon Mar 26 23:59:31 GMT 2007
OK, I haven't done this with ROAMING profiles, but I've done it so many
times with locally-stored profiles I think I can do it in my sleep. (The
following is not written for the novice user.)
Consider the following scenario: user Fred Flintstone has a local
account FRED on the Windows XP Professional worstation FREDSCOMPUTER.
You have already joined FREDSCOMPUTER to the BEDROCK domain, and Fred
has been given an account in the BEDROCK domain called FFLINTSTONE
(note, I'm using caps so it's easy to read in my example).
1. Log into FREDSCOMPUTER with admin rights, but not as FRED. Use
NTBACKUP (the built-in backup utility), make a backup of
"Documents and Settings\Fred" (or wherever his local-account
profile happens to be stored). This is for bone-headed admins like
me who will probably screw something up. NTBACKUP is suggested
because it's fairly easy to used (read: quick) and will preserve
2. Assign permissions (recursively) to "Documents and Settings\Fred"
that allow BEDROCK\FFLINTSTONE full access.
3. Load the registry hive "Documents and Settings\Fred\NTUSER.DAT"
and assign permissions similarly. (I typically use REGEDIT, or
REGEDT32 on Windows 2000 and earlier.)
4. Unload the reigstry hive or reboot the computer.
5. Log in as BEDROCK\FFLINTSTONE. This will create a new profile for
Fred; make a note of the path where the profile is stored. This
profile folder will be deleted shortly, but this step is necessary
to create a registry key. Log out, and log back in as a local admin.
6. Open the registry key HKLM\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\ProfileList. Under here you will see numerous
keys named by the SIDs of users who have logged in. One of these
will correspond with the BEDROCK\FFLINTSTONE account. Since you
are using Samba, you can (rather conveniently, I might add) use
pdbedit -L -v fflintstone to find out the SID. Otherwise, you can
look thru until you find the one for which the ProfileImagePath
value corresponds with the path noted in step 5, above. Modify the
value for ProfileImagePath to correspond to the path to FRED's
profile that you backed up in step 1.
7. Delete the profile folder noted in step 5. You won't be needing it
8. Log in as BEDROCK\FFLINTSTONE and you should be logged into the
domain, but still using FRED's old profile.
Now here's how I would handle it if the domain profile was a roaming
profile: temporarily disable the roaming profile configuration for
BEDROCK\FFLINTSTONE before doing the above. After doing the above steps,
convert the "domain local" profile to a "domain roaming" profile.
Sutinen Consulting, Inc.
Jason Baker wrote:
> So far I haven't found an automated way. I just log in to the domain
> as the user, which creates the roaming profile on the network. Then
> log out, log in to the local machine as admin and copy the contents of
> My Documents, Desktop and Application Data (all from Documents and
> Settings/<username>) from the local profile to the roaming profile.
> Then log back in to the domain as the user and all the desktop icons
> and user settings should be there. Just remember to delete the local
> profile to avoid confusion.
> *Jason Baker
> */IT Coordinator/
> *Glastender Inc.*
> 5400 North Michigan Road
> Saginaw, Michigan 48604 USA
> Phone: 989.752.4275 ext. 228
> Fax: 989.752.4444
> www.glastender.com <http://www.glastender.com>
> -----BEGIN GEEK CODE BLOCK----- Version: 3.1
> GIT$ d- s: a C++$ LU+++$ P+ L++>L++++ !E--- W+++ N o? K?
> w !O M !V PS PE- Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h--- r+++ y+++
> ------END GEEK CODE BLOCK------
> On 3/14/2007 6:57 PM, Dennis McLeod wrote:
>> Ok, I got the W2K3 resource kit tool to move my local profile to my
>> profile (moveuser.exe). Didn't really work that cleanly.
>> Even though I used the /k (keep the local account), it didn't really. It
>> seemed to change the permissions on MOST of the files.
>> It didn't really move the files either. It's just pointed my profile (or
>> parts of it) to the existing folder. Can't really go back now.
>> It didn't do My Documents and lower.
>> I had to log out, log is as domain administrator, and take ownership of
>> those files.
>> Even then, it lost some of my passwords (which is ok with me).
>> Does anyone have a nice CLEAN way to migrate the local profile to a
>> (something automated, perhaps...)
>> How about using the right click on My computer on the desktop,
>> advanced tab,
>> User Profiles button, and copy to.
>> Has anyone tried that?
>> I supposed I'll need to re-image my machine and try it...
More information about the samba