Switching Client to New Domain - How to retain settings?

[Guest Mike]

I am creating a new domain on a new server. Not doing a migration. Going from

WK2003 Server to SBS 2003 R2. The users will all be the same. When I remove

from old domain and add to new domain, all settings are lost on client like

Outlook, Desktop, etc.

 

I realize all the shortcuts and navs will be broke but is there a way to

rename the user under Doc and Sets to look at the new domain and retain some

of these settings?

 

Thanks

[Guest Lanwench [MVP - Exchange]]

Re: Switching Client to New Domain - How to retain settings?

 

Mike <Mike@discussions.microsoft.com> wrote:

> I am creating a new domain on a new server. Not doing a migration.

> Going from WK2003 Server to SBS 2003 R2. The users will all be the

> same. When I remove from old domain and add to new domain, all

> settings are lost on client like Outlook, Desktop, etc.

>

> I realize all the shortcuts and navs will be broke but is there a way

> to rename the user under Doc and Sets to look at the new domain and

> retain some of these settings?

>

> Thanks

 

It can be a huge PITA. What I recently found is that a roaming profile on

the old domain server, if copied to the new server, works for the new domain

user account. It surprised the hell out of me - *everything* worked, with

the exception of some orhpaned desktop/QuickLaunch shortcuts. Now, I nearly

always use roaming profiles, but many don't. If you don't have them in your

current domain, it's really quite simple to set them up, and I think it's

worthwhile ....even if it's only for this migtation project. I'm including

my boilerplate on roaming profiles below, but first -

 

* If you want to do this, make sure you've got the roaming profile setup

properly & working on DomainA - then when you copy all your data from your

DomainA server to your new SBS box, make sure you set up the shares, the

permissions are right, and also make sure you populate the profile path as

\\server\sharename\%username% in your new domain user account properties.

 

* If you don't want to use this method, you could try ADMT (yuck), File &

Settings Transfer Wizard, http://www.forensit.com, etc.

 

* You could also choose to merely copy the existing domain user's profile to

a local account profile. Then when you run the /connectcomputer wizard on

the PC to join the SBS domain, it will allow you to migrate the local

profile to the new domain user. Unfortunately, it won't work with an

existing cached domain profile.

 

* Post future SBS questions in m.p.windows.server.sbs - and remember, you

must use all the setup wizards in SBS or you'll live to regret it, even if

you've been supporting Windows/domains/whatnot for years.

 

* Regardless of how you choose to do this, *very* little should be in the

profiles at all. No data files/MyDocs, etc -

 

------------------------------------------

To copy a domain user profile to a local user account profile

------------------------------------------

 

1. While the computer is still in domain A, create a local user account

(name it something obvious).

2. Log in as the local user account and then log out.

3. Log back in as an account with admin rights (but *not* the real domain

user)

4. Go to control panel, system, advanced....in User Profiles, click the

Settings button

5. Select the domain user's profile, click on Copy To, and browse to the new

local user's c:\documents and settings\username folder.

6. Click OK.

7. Click the Change button in "Permitted to use" and select the

domain\username account you just copied, and then close out.

8. Log in as the local user and make sure the settings look right.

 

If so, you should be good to go...disjoin the computer from the domain,

making sure you know the local admin credentials....and then run the

/connectcomputer script. When asked which local account settings you want to

assign to the 'new' domain user on domain B, select the local user you just

created.

 

-----------------------------------------

Roaming Profile tips:

-----------------------------------------

 

1. Set up a share on the server. For example - d:\profiles, shared as

profiles$ to make it hidden from browsing. Make sure this share is *not* set

to allow offline files/caching! (that's on by default - disable it)

 

2. Make sure the share permissions on profiles$ indicate everyone=full

control. Set the NTFS security to administrators, system, and users=full

control.

 

3. In the users' ADUC properties, specify \\server\profiles$\%username% in

the profiles field

 

4. Have each user log into the domain once from their usual workstation

(where their existing profile lives) and log out. The profile is now

roaming.

 

5. If you want the administrators group to automatically have permissions to

the profiles folders, you'll need to make the appropriate change in group

policy. Look in computer configuration/administrative templates/system/user

profiles - there's an option to add administrators group to the roaming

profiles permissions.

 

Notes:

 

* Make sure users understand that they should not log into multiple

computers at the same time when they have roaming profiles (unless you make

the profiles mandatory by renaming ntuser.dat to ntuser.man so they can't

change them). Explain that the last one out wins, when it comes to

uploading the final, changed copy of the profile.

 

* Keep your profiles TINY. Create a custom GPO and link it at the

appropriate level (in SBS, I'd do this at the MyBusiness OU level). In it

you can do various things to control your user/computer environment,

including Folder Redirection. I'd redirect My Documents at the very least.

Also consider redirecting Desktop & Application Data similarly. All these

should be in to a subfolder of the user's home directory or user folder.....

so the user will have:

 

\\server\home$\%username%\My Documents

\\server\home$\%username%\Desktop

\\server\home$\%username%\Application Data

 

If you aren't going to redirect the desktop, tell users that

they are not to store any files on the desktop or you will beat them with a

stick. Big profile=slow login/logout, and possible profile corruption.

 

* Note that user profiles are not compatible between different OS versions,

even between W2k/XP. Keep all your computers. Keep your workstations as

identical as possible - meaning, OS version is the same, SP level is the

same, app load is (as much as possible) the same.

 

* Do not let people store any data locally - all data belongs on the server.

 

* The User Profile Hive Cleanup Utility should be running on all your

computers. You can download it here:

http://www.microsoft.com/downloads/details.aspx?familyid=1B286E6D-8912-4E18-B570-42470E2F3582&displaylang=en

 

 

Roaming profile & folder redirection article -

http://www.windowsnetworking.com/articles_tutorials/Profile-Folder-Redirection-Windows-Server-2003.html

[Guest Mike]

Re: Switching Client to New Domain - How to retain settings?

 

Thanks for the Post. Lots of good info here. I am going to attempt to digest

it now.

 

Do you think copying to local then back to new domain when using

/connectcomputer would be as successful as the roaming profile method?

 

"Lanwench [MVP - Exchange]" wrote:

> Mike <Mike@discussions.microsoft.com> wrote:

> > I am creating a new domain on a new server. Not doing a migration.

> > Going from WK2003 Server to SBS 2003 R2. The users will all be the

> > same. When I remove from old domain and add to new domain, all

> > settings are lost on client like Outlook, Desktop, etc.

> >

> > I realize all the shortcuts and navs will be broke but is there a way

> > to rename the user under Doc and Sets to look at the new domain and

> > retain some of these settings?

> >

> > Thanks

>

> It can be a huge PITA. What I recently found is that a roaming profile on

> the old domain server, if copied to the new server, works for the new domain

> user account. It surprised the hell out of me - *everything* worked, with

> the exception of some orhpaned desktop/QuickLaunch shortcuts. Now, I nearly

> always use roaming profiles, but many don't. If you don't have them in your

> current domain, it's really quite simple to set them up, and I think it's

> worthwhile ....even if it's only for this migtation project. I'm including

> my boilerplate on roaming profiles below, but first -

>

> * If you want to do this, make sure you've got the roaming profile setup

> properly & working on DomainA - then when you copy all your data from your

> DomainA server to your new SBS box, make sure you set up the shares, the

> permissions are right, and also make sure you populate the profile path as

> \\server\sharename\%username% in your new domain user account properties.

>

> * If you don't want to use this method, you could try ADMT (yuck), File &

> Settings Transfer Wizard, http://www.forensit.com, etc.

>

> * You could also choose to merely copy the existing domain user's profile to

> a local account profile. Then when you run the /connectcomputer wizard on

> the PC to join the SBS domain, it will allow you to migrate the local

> profile to the new domain user. Unfortunately, it won't work with an

> existing cached domain profile.

>

> * Post future SBS questions in m.p.windows.server.sbs - and remember, you

> must use all the setup wizards in SBS or you'll live to regret it, even if

> you've been supporting Windows/domains/whatnot for years.

>

> * Regardless of how you choose to do this, *very* little should be in the

> profiles at all. No data files/MyDocs, etc -

>

> ------------------------------------------

> To copy a domain user profile to a local user account profile

> ------------------------------------------

>

> 1. While the computer is still in domain A, create a local user account

> (name it something obvious).

> 2. Log in as the local user account and then log out.

> 3. Log back in as an account with admin rights (but *not* the real domain

> user)

> 4. Go to control panel, system, advanced....in User Profiles, click the

> Settings button

> 5. Select the domain user's profile, click on Copy To, and browse to the new

> local user's c:\documents and settings\username folder.

> 6. Click OK.

> 7. Click the Change button in "Permitted to use" and select the

> domain\username account you just copied, and then close out.

> 8. Log in as the local user and make sure the settings look right.

>

> If so, you should be good to go...disjoin the computer from the domain,

> making sure you know the local admin credentials....and then run the

> /connectcomputer script. When asked which local account settings you want to

> assign to the 'new' domain user on domain B, select the local user you just

> created.

>

> -----------------------------------------

> Roaming Profile tips:

> -----------------------------------------

>

> 1. Set up a share on the server. For example - d:\profiles, shared as

> profiles$ to make it hidden from browsing. Make sure this share is *not* set

> to allow offline files/caching! (that's on by default - disable it)

>

> 2. Make sure the share permissions on profiles$ indicate everyone=full

> control. Set the NTFS security to administrators, system, and users=full

> control.

>

> 3. In the users' ADUC properties, specify \\server\profiles$\%username% in

> the profiles field

>

> 4. Have each user log into the domain once from their usual workstation

> (where their existing profile lives) and log out. The profile is now

> roaming.

>

> 5. If you want the administrators group to automatically have permissions to

> the profiles folders, you'll need to make the appropriate change in group

> policy. Look in computer configuration/administrative templates/system/user

> profiles - there's an option to add administrators group to the roaming

> profiles permissions.

>

> Notes:

>

> * Make sure users understand that they should not log into multiple

> computers at the same time when they have roaming profiles (unless you make

> the profiles mandatory by renaming ntuser.dat to ntuser.man so they can't

> change them). Explain that the last one out wins, when it comes to

> uploading the final, changed copy of the profile.

>

> * Keep your profiles TINY. Create a custom GPO and link it at the

> appropriate level (in SBS, I'd do this at the MyBusiness OU level). In it

> you can do various things to control your user/computer environment,

> including Folder Redirection. I'd redirect My Documents at the very least.

> Also consider redirecting Desktop & Application Data similarly. All these

> should be in to a subfolder of the user's home directory or user folder.....

> so the user will have:

>

> \\server\home$\%username%\My Documents

> \\server\home$\%username%\Desktop

> \\server\home$\%username%\Application Data

>

> If you aren't going to redirect the desktop, tell users that

> they are not to store any files on the desktop or you will beat them with a

> stick. Big profile=slow login/logout, and possible profile corruption.

>

> * Note that user profiles are not compatible between different OS versions,

> even between W2k/XP. Keep all your computers. Keep your workstations as

> identical as possible - meaning, OS version is the same, SP level is the

> same, app load is (as much as possible) the same.

>

> * Do not let people store any data locally - all data belongs on the server.

>

> * The User Profile Hive Cleanup Utility should be running on all your

> computers. You can download it here:

> http://www.microsoft.com/downloads/details.aspx?familyid=1B286E6D-8912-4E18-B570-42470E2F3582&displaylang=en

>

>

> Roaming profile & folder redirection article -

> http://www.windowsnetworking.com/articles_tutorials/Profile-Folder-Redirection-Windows-Server-2003.html

>

>

>

[Guest Lanwench [MVP - Exchange]]

Re: Switching Client to New Domain - How to retain settings?

 

Mike <Mike@discussions.microsoft.com> wrote:

> Thanks for the Post. Lots of good info here. I am going to attempt to

> digest it now.

 

Yeah, I'm a bit verbose.

>

> Do you think copying to local then back to new domain when using

> /connectcomputer would be as successful as the roaming profile method?

 

Yes - but you have to visit every desk and it's tedious. Whereas if you just

enable profiles in the existing domain, you don't - all you need to do is

have the users log in, log out & it should create/populate their roaming

profile folder.

 

To move the data from the old server I'd use robocopy across the network -

and then on the new SBS server, ensure the share & NTFS permissions on

\\server\profiles$ are correct - create your users (use the !@$ #$%^

wizards), open each and add \\server\profiles$\%username%

 

Make sure to heed the group policy setting for "add administrators group"

*before* you log in the new users to the SBS domain the first time. On the

old server, you don't really need to care, as you can just take ownership &

reset the NTFS permissions all the way down the tree if you like, before

copying the data over.

 

I personally like roaming profiles, even if users don't roam much. Makes

workstation replacement much easier. If you set them up right, they can work

well.

>

> "Lanwench [MVP - Exchange]" wrote:

>

>> Mike <Mike@discussions.microsoft.com> wrote:

>>> I am creating a new domain on a new server. Not doing a migration.

>>> Going from WK2003 Server to SBS 2003 R2. The users will all be the

>>> same. When I remove from old domain and add to new domain, all

>>> settings are lost on client like Outlook, Desktop, etc.

>>>

>>> I realize all the shortcuts and navs will be broke but is there a

>>> way to rename the user under Doc and Sets to look at the new domain

>>> and retain some of these settings?

>>>

>>> Thanks

>>

>> It can be a huge PITA. What I recently found is that a roaming

>> profile on the old domain server, if copied to the new server, works

>> for the new domain user account. It surprised the hell out of me -

>> *everything* worked, with the exception of some orhpaned

>> desktop/QuickLaunch shortcuts. Now, I nearly always use roaming

>> profiles, but many don't. If you don't have them in your current

>> domain, it's really quite simple to set them up, and I think it's

>> worthwhile ....even if it's only for this migtation project. I'm

>> including my boilerplate on roaming profiles below, but first -

>>

>> * If you want to do this, make sure you've got the roaming profile

>> setup properly & working on DomainA - then when you copy all your

>> data from your DomainA server to your new SBS box, make sure you set

>> up the shares, the permissions are right, and also make sure you

>> populate the profile path as \\server\sharename\%username% in your

>> new domain user account properties.

>>

>> * If you don't want to use this method, you could try ADMT (yuck),

>> File & Settings Transfer Wizard, http://www.forensit.com, etc.

>>

>> * You could also choose to merely copy the existing domain user's

>> profile to a local account profile. Then when you run the

>> /connectcomputer wizard on the PC to join the SBS domain, it will

>> allow you to migrate the local profile to the new domain user.

>> Unfortunately, it won't work with an existing cached domain profile.

>>

>> * Post future SBS questions in m.p.windows.server.sbs - and

>> remember, you must use all the setup wizards in SBS or you'll live

>> to regret it, even if you've been supporting Windows/domains/whatnot

>> for years.

>>

>> * Regardless of how you choose to do this, *very* little should be

>> in the profiles at all. No data files/MyDocs, etc -

>>

>> ------------------------------------------

>> To copy a domain user profile to a local user account profile

>> ------------------------------------------

>>

>> 1. While the computer is still in domain A, create a local user

>> account (name it something obvious).

>> 2. Log in as the local user account and then log out.

>> 3. Log back in as an account with admin rights (but *not* the real

>> domain user)

>> 4. Go to control panel, system, advanced....in User Profiles, click

>> the Settings button

>> 5. Select the domain user's profile, click on Copy To, and browse to

>> the new local user's c:\documents and settings\username folder.

>> 6. Click OK.

>> 7. Click the Change button in "Permitted to use" and select the

>> domain\username account you just copied, and then close out.

>> 8. Log in as the local user and make sure the settings look right.

>>

>> If so, you should be good to go...disjoin the computer from the

>> domain, making sure you know the local admin credentials....and then

>> run the /connectcomputer script. When asked which local account

>> settings you want to assign to the 'new' domain user on domain B,

>> select the local user you just created.

>>

>> -----------------------------------------

>> Roaming Profile tips:

>> -----------------------------------------

>>

>> 1. Set up a share on the server. For example - d:\profiles, shared as

>> profiles$ to make it hidden from browsing. Make sure this share is

>> *not* set to allow offline files/caching! (that's on by default -

>> disable it)

>>

>> 2. Make sure the share permissions on profiles$ indicate

>> everyone=full control. Set the NTFS security to administrators,

>> system, and users=full control.

>>

>> 3. In the users' ADUC properties, specify

>> \\server\profiles$\%username% in the profiles field

>>

>> 4. Have each user log into the domain once from their usual

>> workstation (where their existing profile lives) and log out. The

>> profile is now roaming.

>>

>> 5. If you want the administrators group to automatically have

>> permissions to the profiles folders, you'll need to make the

>> appropriate change in group policy. Look in computer

>> configuration/administrative templates/system/user profiles -

>> there's an option to add administrators group to the roaming

>> profiles permissions.

>>

>> Notes:

>>

>> * Make sure users understand that they should not log into multiple

>> computers at the same time when they have roaming profiles (unless

>> you make the profiles mandatory by renaming ntuser.dat to ntuser.man

>> so they can't change them). Explain that the last one out wins,

>> when it comes to uploading the final, changed copy of the profile.

>>

>> * Keep your profiles TINY. Create a custom GPO and link it at the

>> appropriate level (in SBS, I'd do this at the MyBusiness OU level).

>> In it you can do various things to control your user/computer

>> environment, including Folder Redirection. I'd redirect My Documents

>> at the very least. Also consider redirecting Desktop & Application

>> Data similarly. All these should be in to a subfolder of the user's

>> home directory or user folder..... so the user will have:

>>

>> \\server\home$\%username%\My Documents

>> \\server\home$\%username%\Desktop

>> \\server\home$\%username%\Application Data

>>

>> If you aren't going to redirect the desktop, tell users that

>> they are not to store any files on the desktop or you will beat them

>> with a stick. Big profile=slow login/logout, and possible profile

>> corruption.

>>

>> * Note that user profiles are not compatible between different OS

>> versions, even between W2k/XP. Keep all your computers. Keep your

>> workstations as identical as possible - meaning, OS version is the

>> same, SP level is the same, app load is (as much as possible) the

>> same.

>>

>> * Do not let people store any data locally - all data belongs on the

>> server.

>>

>> * The User Profile Hive Cleanup Utility should be running on all your

>> computers. You can download it here:

>> http://www.microsoft.com/downloads/details.aspx?familyid=1B286E6D-8912-4E18-B570-42470E2F3582&displaylang=en

>>

>>

>> Roaming profile & folder redirection article -

>> http://www.windowsnetworking.com/articles_tutorials/Profile-Folder-Redirection-Windows-Server-2003.html

[Guest Mike]

Re: Switching Client to New Domain - How to retain settings?

 

When I try this and get to step 5, the COPY TO is not available for the

Profile I need to copy. Assuming this is because it is a Domain Profile. Is

there a setting on the domain profile I can change to allow it to be copied?

 

 

 

"Lanwench [MVP - Exchange]" wrote:

> ------------------------------------------

> To copy a domain user profile to a local user account profile

> ------------------------------------------

>

> 1. While the computer is still in domain A, create a local user account

> (name it something obvious).

> 2. Log in as the local user account and then log out.

> 3. Log back in as an account with admin rights (but *not* the real domain

> user)

> 4. Go to control panel, system, advanced....in User Profiles, click the

> Settings button

> 5. Select the domain user's profile, click on Copy To, and browse to the new

> local user's c:\documents and settings\username folder.

> 6. Click OK.

> 7. Click the Change button in "Permitted to use" and select the

> domain\username account you just copied, and then close out.

> 8. Log in as the local user and make sure the settings look right.

>

> If so, you should be good to go...disjoin the computer from the domain,

> making sure you know the local admin credentials....and then run the

> /connectcomputer script. When asked which local account settings you want to

> assign to the 'new' domain user on domain B, select the local user you just

> created.

>

[Guest Lanwench [MVP - Exchange]]

Re: Switching Client to New Domain - How to retain settings?

 

Mike <Mike@discussions.microsoft.com> wrote:

> When I try this and get to step 5, the COPY TO is not available for

> the Profile I need to copy. Assuming this is because it is a Domain

> Profile.

 

Nope.

> Is there a setting on the domain profile I can change to

> allow it to be copied?

 

I'd check permissions on the folder.

 

You might try posting in m.p.windowsxp.security_admin for more help w/that

one....I've seen this happen before but can't remember why (or the fix).

>

>

>

> "Lanwench [MVP - Exchange]" wrote:

>

>> ------------------------------------------

>> To copy a domain user profile to a local user account profile

>> ------------------------------------------

>>

>> 1. While the computer is still in domain A, create a local user

>> account (name it something obvious).

>> 2. Log in as the local user account and then log out.

>> 3. Log back in as an account with admin rights (but *not* the real

>> domain user)

>> 4. Go to control panel, system, advanced....in User Profiles, click

>> the Settings button

>> 5. Select the domain user's profile, click on Copy To, and browse to

>> the new local user's c:\documents and settings\username folder.

>> 6. Click OK.

>> 7. Click the Change button in "Permitted to use" and select the

>> domain\username account you just copied, and then close out.

>> 8. Log in as the local user and make sure the settings look right.

>>

>> If so, you should be good to go...disjoin the computer from the

>> domain, making sure you know the local admin credentials....and then

>> run the /connectcomputer script. When asked which local account

>> settings you want to assign to the 'new' domain user on domain B,

>> select the local user you just created.