Joining a domain, saving local profile..?

[elzergone]

Hi everyone. I feel dumb...but...

When joining an XP Pro computer to a 2003 domain, how can I get the local profile to match up with the Active Directory logon? To clarify, when logging on to the Domain, I want to have the same desktop/my docs/everything as I do when logging on locally. I have to be missing something, this should be easy right?

Thanks in advance!

 

[Carnival Forces]

this is probably just me, but i don't understand the question. either i don't know enough and can't help you or you're phrasing it wrong.

at any rate, i think it's something to do with networking, so why not give the Networking FAQ a try?

 

[versello]

I believe the "Files & settings transfer wizard" will set you up with copying everything from one profile to the other... then you just stick with your domain profile. No pont in logging on locally really.

 

[dbwillis]

Can you sign into the PC as an admin user and copy the contents from the Local to the Domain profile?

 

[elzergone]

Can you sign into the PC as an admin user and copy the contents from the Local to the Domain profile?

I tried that... you know, using the User Profiles window under System Properties/Advanced. It wont let me copy the profile to another profile... I'm going to look into the file and settings transfer wizard.

 

[elzergone]

There has to be some way to do this easily right? I mean, imagine that there is a user and some office, their office gets a new domain, the administrator comes along and joins them to the domain...and poof, all there stuff is gone? That cant be right...

 

[versello]

Did you even look at the File & Settings Transfer Wizard I mentioned earlier? It's so dummy-proof when you open it.

Things aren't always going to be easy when you start setting up domains, and it's not really that hard if you're in a small company. There's no magic 1-click button to do everything like create your domain, join all your workstations to the domain, then automatically transfer users' profiles over and make them coffee.

 

[dbwillis]

For copying that profile, reboot then log on as another account, then you should be able to copy 1 to the other.

Logging out of the local account, then into the domain account, wont release the local profile (Ive encountered this as well)

Grant Everyone = Full in the permitted to use window

 

[elzergone]

Did you even look at the File & Settings Transfer Wizard I mentioned earlier? It's so dummy-proof when you open it.

Things aren't always going to be easy when you start setting up domains, and it's not really that hard if you're in a small company. There's no magic 1-click button to do everything like create your domain, join all your workstations to the domain, then automatically transfer users' profiles over and make them coffee.

Yes, I did. And thank you for the suggestion. I can see how that will work, and it looks like I may have to do it that way. But you have to agree thats not what the wizard was intended to do; its using a fork and a knife.

 

[versello]

I'm pretty sure you won't be able to do a 1 to 1 copy, as some settings are specific to the profile (SID's, etc.).

 

[Grimmda]

It's not something thats "easy". Profiles are seperate things, especially when dealing with Domain and local logins. There's no setting to auto-sync these profiles on a given workstation.

Do you want this to happen once a week, or be constantly the same profile.

Could you answer why it is you would like to do this, maybe than we can help you find a better alternative. I'm guessing it's because sometimes (we'll say if you have a laptop) you would like to log into the same profile, get access to all the files but wouldn't have access to the domain.

And my answer would be that with 2000 and XP if the domain isn't present then you will log into the SAME profile as the domain one but it will used "cached" settings.

Is that the scenario you're looking at?

 

[versello]

I'm pretty sure you won't be able to do a 1 to 1 copy, as some settings are specific to the profile (SID's, etc.).

Yes, I did. And thank you for the suggestion. I can see how that will work, and it looks like I may have to do it that way. But you have to agree thats not what the wizard was intended to do; its using a fork and a knife.

If it's main purpose is to migrate settings, then I'd have to give a nod to it, and as to reasons I mentioned above this, I think that a 1-to-1 copy would not work, hence only taking certain settings, which is what this utility does.

I concur with the poster before me about using cached profiles.

 

[elzergone]

It's not something thats "easy". Profiles are seperate things, especially when dealing with Domain and local logins. There's no setting to auto-sync these profiles on a given workstation.

Do you want this to happen once a week, or be constantly the same profile.

Could you answer why it is you would like to do this, maybe than we can help you find a better alternative. I'm guessing it's because sometimes (we'll say if you have a laptop) you would like to log into the same profile, get access to all the files but wouldn't have access to the domain.

And my answer would be that with 2000 and XP if the domain isn't present then you will log into the SAME profile as the domain one but it will used "cached" settings.

Is that the scenario you're looking at?

Using cached profiles would be fine, as once they are on the domain, its going to be the only profile they have. They dont need a local and a domain profile, just one. We are just going from having no domain, to having one. I'm just trying to avoid a) an extremely lengthy process for making their domain profile look like their old one, and b) confused and irritated users because their 'My Documents', wallpapers, outlook express, favorites, weird file structures, 'customized' icon arrangement is gone or different. Thank you everyone for your help!

 

[Grimmda]

Ahhh so you're going from no domain to having a domain.

Here's the easiest way (on a PC by PC basis). If you had 100's of users we'd need to talk about automating this process:

Have the client log into their new domain account which will create the new domain profile.

Then have them log out.

(Now you can do this part from your own desk if you're an admin on the PC, just go to \\clientpcname\c$ and do this once they log out of the domain account)

Go into their OLD profile c:\documents and settings\oldprofile and copy ALL FILES AND FOLDERS EXCEPT ntuser.dat and ntuser.ini to their new domain profile c:\documents and settings\newdomainprofile and let it overwrite any files and folders it wants.

When they log back into their domain profile it will be JUST LIKE their old profiles. And I promise this works as I've done it over a dozen times on Win 2000 and XP.

Good luck!

 

[elzergone]

Ahhh so you're going from no domain to having a domain.

Here's the easiest way (on a PC by PC basis). If you had 100's of users we'd need to talk about automating this process:

Have the client log into their new domain account which will create the new domain profile.

Then have them log out.

(Now you can do this part from your own desk if you're an admin on the PC, just go to \\clientpcname\c$ and do this once they log out of the domain account)

Go into their OLD profile c:\documents and settings\oldprofile and copy ALL FILES AND FOLDERS EXCEPT ntuser.dat and ntuser.ini to their new domain profile c:\documents and settings\newdomainprofile and let it overwrite any files and folders it wants.

When they log back into their domain profile it will be JUST LIKE their old profiles. And I promise this works as I've done it over a dozen times on Win 2000 and XP.

Good luck!

Ok! Thats not as bad as I though. Thanks!!

 

[SirKenin]

No pont in logging on locally really.

Sure there is. Some programs won't let you install if you are logged into the domain. Also some programs won't run if you are logged into the domain. I have just set up a complete network in my office and I am running into this problem more frequently than I would like.

 

[SirKenin]

Ahhh so you're going from no domain to having a domain.

Here's the easiest way (on a PC by PC basis). If you had 100's of users we'd need to talk about automating this process:

Have the client log into their new domain account which will create the new domain profile.

Then have them log out.

(Now you can do this part from your own desk if you're an admin on the PC, just go to \\clientpcname\c$ and do this once they log out of the domain account)

Go into their OLD profile c:\documents and settings\oldprofile and copy ALL FILES AND FOLDERS EXCEPT ntuser.dat and ntuser.ini to their new domain profile c:\documents and settings\newdomainprofile and let it overwrite any files and folders it wants.

When they log back into their domain profile it will be JUST LIKE their old profiles. And I promise this works as I've done it over a dozen times on Win 2000 and XP.

Good luck!

There are two more files that won't let you copy them in the user's profile. They are under C:\Documents and Settings\<user>\Local Settings\Application Data\Microsoft\Windows. Both files in there will not copy as they are in use.

Also, it is all three ntuser files that will not copy, not just two.

 

[rhofford]

theres a easier answer

regedit
hkeylocal\software\microsoft\windows nt\currentversion\profile list\
find corresponding ssid (if i have to tell u how to do this, u shouldnt own a pdc)
change 'profilepath' as you see fit

 

[SJConsultant]

Sure there is. Some programs won't let you install if you are logged into the domain. Also some programs won't run if you are logged into the domain. I have just set up a complete network in my office and I am running into this problem more frequently than I would like.

What programs are these that you speak of? Domain administrators have essentially the same control as local admins.

theres a easier answer

regedit
hkeylocal\software\microsoft\windows nt\currentversion\profile list\
find corresponding ssid (if i have to tell u how to do this, u shouldnt own a pdc)
change 'profilepath' as you see fit.

Easy there tiger, no one knows everyone and we all start out with a basic knowledge. The OP apparently has minimal experience and the method you speak of is not documented or taught in any Microsoft class that I am aware of.

Do you know if this is a supported method? I'm sure there are plenty of others here who have far more experience that may not know about the reg change. But I think I'll test it before using it in any production network.

 

[rhofford]

what? i use that everyday the only issue u may have is if the local user clicked 'make my files and folders private' in which case you have to reset security permissions on the profile dir .\documents and settings\username

oh yea dont forget to make your domain acct a local admin on ur pc <3

 

[SJConsultant]

what? i use that everyday the only issue u may have is if the local user clicked 'make my files and folders private' in which case you have to reset security permissions on the profile dir .\documents and settings\username

oh yea dont forget to make your domain acct a local admin on ur pc <3

Domain acct a local admin? I would not suggest doing so since it allows a user to have complete control over their system and could allow a user to easily circumvent any security settings.

 

[SirKenin]

What programs are these that you speak of? Domain administrators have essentially the same control as local admins.

Running as a local admin is something different. If you are logged in as a simple user on your domain, you don't have admin rights on your PC (obviously). There are all kinds of programs that don't like that arrangement. I just ran into another one tonight from Microsoft that required admin rights to install, and two more earlier on today that would not install or run right without admin rights.

If you log in as an admin all the time, what is the point of even bothering with trying to attempt anything remotely resembling security?

 

[rhofford]

Domain acct a local admin? I would not suggest doing so since it allows a user to have complete control over their system and could allow a user to easily circumvent any security settings.

ok thx then edit ur secuirty permissions on the profile dir to reflect your limited user group or acct

 

[SJConsultant]

Running as a local admin is something different. If you are logged in as a simple user on your domain, you don't have admin rights on your PC (obviously). There are all kinds of programs that don't like that arrangement. I just ran into another one tonight from Microsoft that required admin rights to install, and two more earlier on today that would not install or run right without admin rights.

If you log in as an admin all the time, what is the point of even bothering with trying to attempt anything remotely resembling security?

I wasn't implying that I setup any user as a domain admin, I was simply questioning what programs you ran into that required administrative rights to run.

I always try to setup users as domain users, even to the point of using sysinternal utilities to determine what permissions have to be set on files and registry in order to make the program work under user rights.

IMHO, local admin rights are not granted unless absolutely required.

ok thx then edit ur secuirty permissions on the profile dir to reflect your limited user group or acct

In the OPs case it should be the user account and not a security group. This way user profiles are kept secure from other users snooping around.

 

[Treyshadow]

yes the registry method does work, but I do not reccomend it as an initial method to copy a single profile. I would only recommend microsoft approved methods and best practices (I mean hell they did make the OS).

Logon as new domain user for the first time
Logoff as new domain user and log on as a local administrator (can be a domain admin)
Right-Click My computer and click properties
Click the Advanced tab and then settings under user profiles
Choose the old profile you want the data to move from and click "copy to"
At the new window click "browse" and browse to the new domain user profile folder
Select the New domain user folder and click OK
Under "Permitted to use" click change and type everyone
Click OK you will get a confirm copy and click OK again

It will copy the profile from the existing user to the New user. Logoff and login as the New domain user. Verify all the info is there, that is it.

Yes this is longer, yes this works, and yes it is Microsoft Approved.

 

[Grimmda]

There are two more files that won't let you copy them in the user's profile. They are under C:\Documents and Settings\<user>\Local Settings\Application Data\Microsoft\Windows. Both files in there will not copy as they are in use.

Also, it is all three ntuser files that will not copy, not just two.

Well I did say "Then have them log out." So that releases the hold on those files.

 

[navyjax2]

Well I did say "Then have them log out." So that releases the hold on those files.

No, actually usually only a full reboot will release an in-use ntuser.dat and Cookie and Temporary Internet Files folders' index.dat, along with those pesky Temp hsperfdata_yourname folders - not just logging out. But you can actually move over/copy a full profile, including all preferences stored in the ntuser.dat file, despite what some of these guys are talking about locked or in-use files.

They were right when one guy said to log in to build a blank profile, but don't copy over the files while still logged in as that user! And you have to first rename the old profile folder in Documents and Settings to "yournamehere_old" so that you can start off with a new profile folder in Documents and Settings that just says "yournamehere" instead of "yournamehere.COMPUTER" or "yournmamehere.DOMAIN" as the folder name (which can mess up some applications' features, by the way) in the first place. The way you can do that - reboot and log in as Administrator.

The trick is, in-between, you must REBOOT to release those in-use/locked files, and you never log back into the old profile, you have to log in as someone totally different than either one to rename the old profile folder & copy the files over, but that's what the local Administrator built-in account was created for.

So to summarize, from a fresh boot, log in as Administrator (or have your administrator do this for you if you don't know how or have the password). You'll rename the old profile folder to "yournamehere_old". Reboot. Log in as the user to create the new, blank profile. Reboot again and re-log in as Administrator. Only then you can copy the entire contents of profile_old into the new profile from within C:\Documents and Settings, though before you do, clean out the Temp and Temporary Internet Files folders under the Local Settings folders - shorter copy time, and you don't need those files, anyway.

If the ntuser.dat is corrupt, when you go to log in as that user again, it will create yet another profile than the new blank one (a "yournamehere.COMPUTER" or .DOMAIN like I talked about earlier), which means you'll have to repeat this process, except you'll have to delete this latest profile that was created. Do this, as Administrator, by right-clicking My Computer, click Properties, then the Advanced tab, then the Settings button under "User Profiles". Click all profiles for that user and click Remove. If they aren't present, go to HKLM\Software\Microsoft\WindowsNT\CurrentVersion\ProfileList and find the key that is associated with that user and delete that S-1-... key and the associated folder in Documents and Settings. Just keep your "yournamehere_old" folder so you can still copy the files out of it and into a new profile. You can then reboot and log back in as the user to create the new profile again, then reboot and log in as the Administrator to do the copying, just don't copy over the ntuser.dat or ntuser.ini files this time. Log in as the user. You'd just then have to redo your e-mail settings (if you use Outlook and an Exchange server), Start Menu & Desktop shortcuts if you customized any of that, you'll have to make IE show your favorite toolbars again, etc. - any other preferences like that.

If anyone reading this needed to do it for their own personal computer, they would need to boot into Safe Mode to see the Administrator account appear on a Welcome screen and use it that way.

If you forgotten the admin password, try this: http://www.clazh.com/how-to-hack-or-crack-a-windows-xp-administrator-password/
or Austrumi 0.9.2: http://www.torrentbar.com/torrent/308667/0/austrumi-0.9.2.iso.torrent

Cheers.