Oh no, I think I messed up at work (Networking/Server gurus please help :( )

[investinwaffles]

So I work for a university building, as the Sys admin's assistant. We have about ~150-200 computers in the building, and our own servers (Active Domain controller, file-server, computational server, and a few others). It is a fairly large network, but it is very hobbled together as several buildings moved into this one (I was not around for the migration though).

First warning, I know nothing about networking but I still for some stupid reason got the job

Anyway, today - I was migrating someone over to a new computer. His old computer was on our domain (lets just say network.school.edu), and he has a username/password on our network. Im not sure what all this really means.
When he logs into any computer on our network, he gets a "U" drive, and "P" Drive. Both of these "drives" are just different locations on the same networked drive (one is a bulk data folder, and one is his password protected user folder).

Moving on, after backing up everything local (at least I think and i hope EVERYTHING got properly transferred), I proceeded to rename his old computer to lets say "computer2", and rebooted. Then, without putting enough thought into what I was doing, I changed his computer from our domain, to a standard workgroup ("WORKGROUP"), and rebooted again. To do both I had to enter my network administrator username+password.
I think I logged in under the local admin again to double check it was off the network but I cant remember.

Then, I plugged his new computer into the network after renaming it "computer" (what his old computer was originally named), I added it to the domain (entering my admin username and password again), and rebooted it. When it started up, I logged back into the computer as him and transferred the rest of the files over.


AFTER doing all of this (to what I though was a successful computer migration), my boss came into help me make a few folders that were hidden after using ROBOCOPY un-hidden when the guy came back into the office, and asked if his login information would be the same if he tried to use the computer unplugged from our network.

My boss looked at me with a crazy I hope you didnt fuck anything up look, and said It would be the same since he never took it off the network. I told him, "No, I dont think I tookk it off the network" in a panic even though I know I changed it to "WORKGROUP"

My question, what the hell does this all mean???? I backed up his data, will his computer be fucked? I read online that I probably removed the computer from our domain controller by logging into our network with my admin credentials but what does this mean??
And why did my boss say "I hope you didnt take it off the network"????

I fucking hope I dont get fired because I really like this job. What the hell did I do by taking his old compute off the network? Will he loose any data on his old computer? Did I mess anything with his domain username up (he logged in properly into his new computer and it was working just fine).

I know my boss is going to find out as soon as the dude plugs in the computer and the login looks different (Local vs. network) and I dont want to get fired

 

[adam30k]

You've already logged into the new computer as the user, presumably seen that his network shares still work, and you've placed his non-network share files onto his new computer. (PS, recommend to people they always use their network share not local storage, of course excluding music and photos and anything else IT says not to store) Therefore, you're done! He can login on his new computer to get to the domain and he can access his network shares. I don't see what you did wrong.. the user's login is not going to change cause his login has nothing to do with taking the old computer out of the domain.

Just make sure the new computer is a part of the domain (You'll see so on the login screen) and that anyone who has a domain account can login on it.

In a domain, you not only have user accounts but you also have devices like computers and printers which are also allowed to join a domain.

I'm not sure if you're overly nervous about your job or if your boss is having you do to much but you should be willing to ask for help when needed. Don't worry it's a lot worse then doing something wrong because you didn't know how.

 

[thefreeaccount]

"Off the network" is definitely vague/imprecise/confusing terminology.

When you removed his old computer from the AD domain, you prevented anyone from logging into a domain account on that computer. This was not an unreasonable thing to do because as you have already found, renaming a computer in an AD domain doesn't usually work. The user's data and cached domain login credentials are still on the computer; he simply can't make use of them because the computer is not part of a domain at the moment.

Just ask your boss what he wants for computer naming and directory membership when performing user migrations. Then go back and do whatever he wants you to do with the user's old computer. Then impress your boss by typing up what he told you to do. Call it "User migration procedures." Then write a script to do what is written in the document automatically. At that point, you can request either a raise or a custom "wins at life" title on the hardocp forums.

 

[investinwaffles]

Cool, thanks for the reassurance guys.

Basically, what I am worried about is the user's old computer. I was very thorough and feel like I DID get everything off the old computer's local HDD, and it was all backed up to an external hdd.

I am still confused as to what happened to the old computer then. What changes were made by taking him off the domain? Will his domain user-folder still be there on his old HDD, and what would be broken by changing it to WORKGROUP (I already know he wont be able to login with his username)???

Thanks for the help. I know I should ask for help more but I already pester my boss.
I probably shouldn't be working there, but it is a student assistant job after all (i only recently turned 21).

 

[DeChache]

Anything stored on the local hard drive of the old machine is still there. Even taken off of the domain. All you did by removing it from the domain is prevented the user from logging on with his network credentials. All the data that was one the drive is still there. You will just need to use a different user account to get it.

 

[stormy1]

I am still confused as to what happened to the old computer then. What changes were made by taking him off the domain? Will his domain user-folder still be there on his old HDD, and what would be broken by changing it to WORKGROUP (I already know he wont be able to login with his username)???

I take it he is going to be using his old computer and data elsewhere?
Here is what I would have done:
a: make sure there is a local admin account on the computer and you know the password. Reset the password as needed
b: copy any data that needs copying to a folder in my documents including pst files if using outlook.
c: make sure there is a local admin account on the computer and you know the password. Reset the password as needed
d: remove computer from domain.
e: login as local admin
f: create a new user for the person
g: log in as that user
h: log off and log in as admin.
i: find the old my docs folder for the domain user profile, take ownership/change permissions as needed to access it.
j: copy it to the new user you created in step F my docs folder
k: log off then log in as the user, set up outlook with the old pst files, verify data is there.
l: log off.
m: have a pepsi

 

[stormy1]

The biggest rookie mistake is not doing A and C in which case the user is locked out of the computer and your fired.

 

[stormy1]

just kidding!!!! use a password reset tool to reset the local admin password then add the new user account and do the rest of the steps.

link: http://pogostick.net/~pnh/ntpasswd/

 

[MrGuvernment]

This is why it is always good pratice that when you move someone to a new computer, to keep their old harddrive for a week or 2, or even more, this way incase they realize something is missing, you can go back and get it.

But, in an ideal world, you already have a full backup of their computer somewhere.

This pesonally why i love Roaming profiles and folder redirection and email hosted on exchange in OWA or Imap - this way their system can literally go up in smoke and everything is pretty much safe.

 

[YeOldeStonecat]

I'm curious though, why did you remove his computer from the domain in the first place? And why change the workgroup name..when you were only going to go and join the domain again? When your boss asked you if you took it off the network, the truth is...you DID (I don't know why), even tough you put it back on.

There are two groups to remember when on a domain, domain users, and local users (usually never used).

If it's a laptop that will come and go, you generally still leave it setup on the domain, the user credentials are cached...and when away from the network that user can log in with the same user/pass that is used on the domain.

 

[Mackintire]

The biggest rookie mistake is not doing A and C in which case the user is locked out of the computer and your fired.

I was about to say, just use a konboot cd and move on. Geeesh

 

[Jay_2]

The biggest rookie mistake is not doing A and C in which case the user is locked out of the computer and your fired.

Some noob did that here with a database server, I had to come in on my day off to fix it. I actually managed to guess the password!

 

[Mackintire]

Yep Kon boot has proven itself to be safe on XP and older and Server 2003 and older. The last build I used can get into a Vista , Win 7, Server 2008-11 machines but it sometimes wrecks the machine. So for those newer OS's I would use other tools.

 

[adam30k]

Does it still work if I substitute a different drink for the Pepsi in step M? I believe the substitute drink is still 64-bit.

I take it he is going to be using his old computer and data elsewhere?
Here is what I would have done:
a: make sure there is a local admin account on the computer and you know the password. Reset the password as needed
b: copy any data that needs copying to a folder in my documents including pst files if using outlook.
c: make sure there is a local admin account on the computer and you know the password. Reset the password as needed
d: remove computer from domain.
e: login as local admin
f: create a new user for the person
g: log in as that user
h: log off and log in as admin.
i: find the old my docs folder for the domain user profile, take ownership/change permissions as needed to access it.
j: copy it to the new user you created in step F my docs folder
k: log off then log in as the user, set up outlook with the old pst files, verify data is there.
l: log off.
m: have a pepsi

 

[YeOldeStonecat]

Does it still work if I substitute a different drink for the Pepsi in step M? I believe the substitute drink is still 64-bit.

Works better if it's a Guinness!

 

[stormy1]

Works better if it's a Guinness!

pepsi wont get you fired most places.... beer will

 

[AceXsmurF]

pepsi wont get you fired most places.... beer will

Then maybe you didnt want to work there in first place!

 

[Nate7311]

pepsi wont get you fired most places.... beer will

Hehe, Find a better place. My old boss used to keep a case in the fridge for evening OT consumption.

 

[jeffmoss26]

Read in the paper about a real estate company that has a kegerator in their offices...not fair!

 

[YeOldeStonecat]

pepsi wont get you fired most places.... beer will

We stock it in our office, as well as other brews 'n booze. We won't fire ourselves.

 

[stiltner]

Relax, you didn't do anything major.

Hell, knowing how to remove a machine from the domain and rejoining it is actually a positive, not a negative. I've had 2-3 machines (laptops) lose their domain trust relationship, and have to be redone. So, you learned something that can come in handy for the future, without even realizing it.

Suggestion #2 - If you're doing XP to 7 upgrades, use Windows Easy Transfer. Yes, i know Robocopy and all that stuff works. But Easy Transfer is just that. Its awesome. I just did 11 XP to 7 migrations, and it didn't miss a single file, setting, nothing. Its absolutely a piece of cake (may be unrelated to your migration). You can store the entire packaged file container offsite / server side, and once the system is migrated just double click and let it go.

 

[E7130]

I take it he is going to be using his old computer and data elsewhere?
Here is what I would have done:
a: make sure there is a local admin account on the computer and you know the password. Reset the password as needed
b: copy any data that needs copying to a folder in my documents including pst files if using outlook.
c: make sure there is a local admin account on the computer and you know the password. Reset the password as needed
d: remove computer from domain.
e: login as local admin
f: create a new user for the person
g: log in as that user
h: log off and log in as admin.
i: find the old my docs folder for the domain user profile, take ownership/change permissions as needed to access it.
j: copy it to the new user you created in step F my docs folder
k: log off then log in as the user, set up outlook with the old pst files, verify data is there.
l: log off.
m: have a pepsi

I can honestly say I probably wouldn't hire any of you; such a simple task yet so many of you turn it into a complex one. I can tell none of you follow MS best practices and suggested methods for transferring user profiles and settings to a new system.

 

[stiltner]

I can honestly say I probably wouldn't hire any of you; such a simple task yet so many of you turn it into a complex one. I can tell none of you follow MS best practices and suggested methods for transferring user profiles and settings to a new system.

I've made it clear in other threads my preferred method:

Step 1. Load Windows Easy Transfer (its basically USMT lite)
Step 2: Go to new PC press go
Step 3: Go watch Netflix while those guys do 10 unnecessary steps

 

[DeChache]

I can honestly say I probably wouldn't hire any of you; such a simple task yet so many of you turn it into a complex one. I can tell none of you follow MS best practices and suggested methods for transferring user profiles and settings to a new system.

I can say for one. I don't bother to move profiles and settings. I just create a new profile and move the data

 

[Verge]

You don't have to remove the old computer from the domain, after you are done backing up, just shut it off, reset the computer account, and add the new one to the domain.

 

[stormy1]

I can say for one. I don't bother to move profiles and settings. I just create a new profile and move the data

me 2... one huge reason!
it doesn't being over a bunch of messed up garbage from the old system/user.

 

[da sponge]

I can honestly say I probably wouldn't hire any of you; such a simple task yet so many of you turn it into a complex one. I can tell none of you follow MS best practices and suggested methods for transferring user profiles and settings to a new system.

Wow, how douchey of you. I'm sure they'd prefer to not be hired by you.

It's fine to think their way is stupid/inefficient. It's not fine to belittle them (especially when it works), and it's not fine act like a condescending know-it-all with a vague reference that you know the 'MS best practices and suggested methods' and everyone else doesn't. Just say it's inefficient and link to the best practices directly or mention and summarize them so we can all learn a better way. This forum is as much about helping the OP as it is learning and sharing between the rest of us.

 

[adam30k]

Wow, how douchey of you. I'm sure they'd prefer to not be hired by you.

It's fine to think their way is stupid/inefficient. It's not fine to belittle them (especially when it works), and it's not fine act like a condescending know-it-all with a vague reference that you know the 'MS best practices and suggested methods' and everyone else doesn't. Just say it's inefficient and link to the best practices directly or mention and summarize them so we can all learn a better way. This forum is as much about helping the OP as it is learning and sharing between the rest of us.

This.. thank you.

 

[MrGuvernment]

We stock it in our office, as well as other brews 'n booze. We won't fire ourselves.

and it makes for such a more enjoyable late night :0

 

[MrGuvernment]

Wow, how douchey of you. I'm sure they'd prefer to not be hired by you.

It's fine to think their way is stupid/inefficient. It's not fine to belittle them (especially when it works), and it's not fine act like a condescending know-it-all with a vague reference that you know the 'MS best practices and suggested methods' and everyone else doesn't. Just say it's inefficient and link to the best practices directly or mention and summarize them so we can all learn a better way. This forum is as much about helping the OP as it is learning and sharing between the rest of us.

i can agree, i dont know how many times i have read over an "MS" best practice and found a better, more efficient way of doing something because of MS' lack of clear explination of a situation of just using a "general" assumption of one's situation to try and fix a situation.

In this case i would follow the new profile, copy over, done.. but i also have roaming profiles backed up daily, so for me it is a non-issue more or less.