RE: [ActiveDir] copy or migrating local to domain accounts

[Grillenmeier, Guido]

there is an easier way, although you might not be able to leverage it, depending on your situation. 1.  you could promote the server to be the DC of a new temp-forest (will take the local SAM and make "normal" AD accounts and groups out of it) 2.  then create a trust to your target forest and use ADMT to migrate the groups and users incl. PW over to your target forest + reacl the server's resources to allow access from those target users/groups (pretty easy task as you don't have to chase any user profiles on other boxes and can just concentrate on that one machine for reacling...) 3.  cut the trust and demote your temp-forest DC back to a standalone box and then join it as a server to your target domain   done   /Guido From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael B. Smith Sent: Dienstag, 2. August 2005 22:08 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] copy or migrating local to domain accounts How good are your scripting skills?   1) Dump the passwords from the local server using pwdump3e 2) Crack all the passwords using rainbow crack or l0phtcrack or whatever 3) Script the creation of the users in the domain setting those passwords you cracked   Pretty easy. (And if you already know all the passwords, you can skip items 1 and 2 -- "net users" will list your local users and you can use "dsadd" to add them to the domain!)   For extra credit: 4) Scan the filesystem finding all files with ACLs including the above users, write the filenames and ACLs to a file and after you've promoted the users and joined the domain, go back and re-ACL the files.   That's a little harder.   :-)   I've "promoted" web servers to a domain this way several times.   The real question is why does a local user no longer meet the needs on the local server?   M From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve Shaff Sent: Tuesday, August 02, 2005 2:34 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] copy or migrating local to domain accounts I think that I already know the answer to the question, but I will ask anyways.  I have a test box (server) that is a stand-alone.  I need to add it to a domain, but I have a lot of local users on this box.  Is there any way to move, copy, or migrate the user accounts to the domain level? Thanks Lazy.. J