Profile Migration help needed

[attrofy]

Ok, here is the situation. I recently had a W2K3SBS servr crash, and had to reinstall the system - wasn't able to run from backups - had to do a fresh install.

I had a few users that were still working while the server was down, and their profiles stayed in tact (on their local machines). Now that the server is back up, and the domani refreshed, the old profiles do not work with the new domain - even though the same user names exist (obviously).

So, when I boot back into the local machines, it creates a new profile. I can explore the Documents and settings and see the old profile info, but they are not in the /windows/system32/config areas, and therefore, their profiles are not able to be copied or handled as regular profiles.

I have been doing some reading on editing the registry, and it all seems pretty straight forward, but I am apparently doing something wrong. I basically need to assign the profile from Username (old) to Username.DOMAIN (new). I saw where this is edited in the registry in the following articles:

http://www.certmag.com/articles/anmviewer.asp?a=819&print=no

http://technet2.microsoft.com/Windo...5064-470e-a281-0eb1c28b9cf01033.mspx?mfr=true

Following the info from the first one leaves a few steps out since once the hive is loaded, it asks for a new key. This has been made as a bogus name ("username old profile") and once the hive is unloaded, it is removed from the registry. Moreover, the only way that makes any sense to assign permisions to the new user is by logging in as the new user to assign the permissions for the old profile (and ntuser.dat) hive.

Anyway, if someone can shed some light on this, or give me another way that will work. As best as I can tell, most migrations tools will not work since the old server has been installed overtop with the new server, and all that remains is the Documents and Settings profile on the local machines. Most all automated tools I find usually involve the old and new domains still being active and accessible.

Thanks in advance for any help.

 

[Spirit]

It creates a new profile because like you state its a new domain thereofre the users have a new SID and are seen as different. (be the same even if the new domain is built identically).

Theres not really that much to save on a Client PC. Just copy across the Docs&settings to the new profile and you're done!

You can even copy across cookies, internet history desktop icons the lot.

That would take you about 6 minutes, or even better give the user permissions to the old folder and tell them to save what they want.

Tell the user sorry and now get over it server crashes happen!

...........or maybe I've been dealing with users tooooo long?

Iain

 

[attrofy]

LOL - no....users need to get over it. I was under the impression that this method would cause some permission issues? Is this not the case? Anything need to be done with the ntuser.dat files? Or is this all just in my head?

Thanks for the reply...

 

[Spirit]

When the user logs in for the first time with a user name say Spirit (I like that name for some reason!) XP / 2000 will create a new profile in Docs&Settings called Spirit and by default only user Spirit and admins can access this folder.

Now if you migrate domains, delete the account and recreate etc. what happens is the Security Identifyer (SID) for the account changes so although the name looks the same Spirit and Spirit the SID is completely new. (unless you migrate the SID's but that's a WHOLE different topic).

So when the new Spirit logs in to the same PC the PC sees Spirit as a new user which inconveintly has the same friendly name as an existing user so it creats a new profile along the lines of Spirit.001.

So in D&Settings you have the original profile Spirit and the new Profile Spirit.001. And the new Spirit doesn't have permission to the Folder Spirit.

So all you need to do is log in as an admin and change the permissions on the folder.

Just copy and paste these from the Folders in Spirit to the corosponding folders in Spirit.001
essentials: Documents, Favourites,
Possible: cookies, desktop
Leave: anything else

When you copy these files by default they will inhereit the target folders permissions.

Iain

 

[attrofy]

I will give that a whirl. Didn't have much luck yesterday. I tried manually copying, and got stuck on error on a particular copy, so I did an xcopy on the entire folder. That still only had marginal results. All of the desktop icons were tehre, but alot of the functionality was not there (i.e. folder settings, emails, etc).

I am not too concerned about manually restoring functionality to some of these items, my main concern now is restoring email. I am not sure what email one important user was using, all I know is Incredimail was installed on there. Any idea if that is a web based mail or if it ties to outlook express? A quick search on incredimails site didn't reveal too much useful info. Any thoughts on copying the entire profile so it is in the same functional state it was before the new domain?

Thanks again for the help.

 

[attrofy]

Spirit, again, thanks for the advice, but it didn't get me totally where I needed, but got me thinking on the right track.

For others that might need help in COMPLETELY migrating (copying) from a stand alone (or old domain) profile to a new Domain Profile here is what I did (I hope that is enough key words to help with the search engine - lol)

Taken from the above link:

http://www.certmag.com/articles/anmviewer.asp?a=819&print=no

User Profile Registry Way
This method, while slightly more complex, has worked without fail. You can retain the complete profile customizations for a PC that was logged into one domain and now must be logged into a new one. The method works for both Windows 2000 and XP. It has also worked for upgrading SBS 2000 to SBS 2003, where it is happening on the same server, meaning that you have to reformat the SBS 2000 server and load “freshie,” as you would say, with SBS 2003. Here’s how it works: 

    1.) Once the SBS 2003 server is set up and the computers are set up on the server side, log into the client computer and run the http:\\<sbs2003 server name>\connectcomputer URL. When that step is completed, log in as the user. Then, immediately log off and log on as the domain administrator. 
    2.) Be sure the domain user account is in the Local Administrator’s group. Then open Registry Editor (run REGEDIT at the command line) and navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ProfileList. You will see a listing for each Security Identifier (SID). Within each SID key, you will see an, entry for ProfileImagePath with a path to the user’s profile in the form of %SystemDrive%\Documents and Settings\UserName. 
   3.) The trick is to find the new key that was set up at logon to the SBS 2003 server and edit the path to refer back to the original profile path. So, for example, if you are migrating and changing domains, you want to have a path like %SystemDrive% \Documents and Settings\User Name.OldDomain. You then have a new SID key with a path like %SystemDrive%\Documents and Settings\User Name.NewDomain. You can edit this key and replace NewDomain with OldDomain to point to the old profile. 
    4.) In the case of a server migration within the same domain, you have a path to the effect of %SystemDrive%\Documents and Settings\User Name.Domain and %SystemDrive%\Documents and Settings\UserName.Domain.000. In this instance, you delete the .000 to point back to the original profile.

However, just editing the registry path is not enough. User settings in the registry are stored in the user.dat file for each specific user. Only the original user has permissions to that file. You must give the new user permissions to the old user.dat. If you don’t do this, the default user profile will be used instead of the old one. To set appropriate permissions, you must do the following:

    1.) Launch REGEDIT from the command line to launch the Registry Editor. From the Registry Editor, go to File, Load Hive. [COLOR=red]EDIT - You can only access (un-grey) the "Load Hive" option by selecting the root key of HKEY_LOCAL_MACHINE or HKEY_USERS.  I chose HKEY_LOCAL_MACHINE since I was already there.[/color] 
    2.) Navigate to the user.dat file of the old user. It’s located in that person’s folder under documents and settings. You need to make sure hidden files are visible (in Windows Explorer, select Folder Options, View, View hidden files and folders). [COLOR=red]EDIT - Windows 2003 SBS asks you to name the "key", I chose a bogus name like [I]username_old[/i].  This created a new "Key" (folder) under the HKEY_LOCAL_MACHINE, and I right clicked on that Key to access the Permissions settings (see step 3).[/color]
    3.) Once you have loaded the user.dat file as a hive, go to Edit, Permissions in Windows XP (or go straight to the Permissions menu in Windows 2000).  [COLOR=red] EDIT - be sure in the Permissions to "Add" the new user - which is most likely the [I]username.DOMAIN.000[/I][/color] 
    4.)Give the new user full permissions to the registry key you have created. Once you are done, highlight the registry key and click File, Unload hive. 
    5.) That’s all there is to it. The new user now has full access to the user.dat file.

This method worked, once I figured out the "Edit" parts - also - a complete shutdown and restart is essential. And it goes without saying, you MUST work from within a different profile to make these changes, as the current profile locks certain settings open while you are in them.

One last caveat, for anyone concerned with Incredimail backup and recovery - the data hides in /Documents and Settings/Username/Local Settings/Application Data/IM/Identities/{...XXXX...} (some variable hash number)/

This has all the database info for emails, address book, etc. Incredimail is kinda dorky in that they really want you to use their Import and Export functions, but if you don't do that ahead of time, you are sort of screwed. It would make migrating data easier, but the *.CAB file won't be created until you export the data first. Doing the above registry hack allowed me to enter the profile and enter the email and create the backup *.CAB file.

Anyway, I hope this helps someone.