Sorry ma'am. I should have completed my sentence and said, "..unless Susan can post the step by step directions."
Silly me for not proof reading first.
I'd still opt for nuke and pave in that environment. Allows you to have a known state, and last I checked that's kind of important to the type of customer he has.
Now he has more options.
USMT would have been a thought except that there is no trust and no reason to move the sid that I can think of. Same reason that moveuser wouldn't really matter to me. I'd prefer the control of creating the users as new users. In effect, they are new users (secprin's) anyway - treat 'em that way.
Susan offers a way to get the settings and magical icons though. That's a nice touch an option if so taken.
On 6/1/06, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] <[EMAIL PROTECTED]> wrote:
Rip out a profile? Nuke and pave?
Bite your tongue sir... we want that icon to be exactly right THERE on
the desktop.
file/transfer wiz in XP (but don't get docs..just do settings)
Download details: Windows Server 2003 Resource Kit Tools:
http://www.microsoft.com/downloads/details.aspx?FamilyID=9d467a69-57ff-4ae7-96ee-b18c4790cffd&displaylang=en
Moveuser.exe
How to migrate user accounts:
http://www.microsoft.com/technet/windowsvista/library/6730111b-b111-4a64-8f00-af87a63fd157.mspx
Moveuser - Move between domains:
http://www.ss64.com/nt/moveuser.html
*The Old Fashioned Way*
Call it a lesson learned late on a Saturday night. This method was used
in late January during the heat of a conversion battle by yours truly!
For this procedure, I assume that you are using a Windows XP
Professional workstation.
1. While the XP Pro workstation is still attached to the legacy SBS
2000 network, copy the network profile down to the local hard
disk. So assuming you are logged on to said SBS 2000 network,
proceed to the next step.
2. Click Start>Control Panel>System>Advanced>User Profiles>Settings.
3. Highlight the network profile for the user. For example, NormH.
4. Select Copy To and direct the profile to copy to the local hard
disk. For example, C:\Temp. Click OK>OK.
5. From the Control Panel, launch Administrative Tools>Computer
Management.
6. Select System Tools>Local Users and Groups.
7. Select Users.
8. Right-click in the right-pane and select New User to add a user
named "Foo."
9. Double-click the user object and select the Profile tab to view
the properties for Foo.
10. In the Profile path field, point to the exact profile you copied
to C:\Temp in Step 4. Click OK.
11. Close all open applications, shut down the Windows XP Pro machine,
and move it physically to the new SBS 2003 network. Reboot and
relaunch the SBS Network Configuration Wizard.
12. Back on the screen to Assign users to this computer and migrate
their profiles, in the lower section, under the user name (for
example, NormH), click Current User Settings and select Foo.
Complete the steps for joining the workstation to the SBS 2003
domain. The profile WILL be migrated!
*User Profile Registry*
This method came in from M.J. Shoer ( [EMAIL PROTECTED]), who attended
the SMB Nation Summit in Boston in May. He writes:
This method has worked for us without fail. We can retain the
complete profile customizations for a PC that was logged into one
domain and must now be logged into a new one.
The method works for both Win2K and WinXP. It has also worked for
upgrading SBS 2000 to SBS 2003, where it is happening on the same
server, meaning that you have to reformat the SBS 2000 server and
load "freshie," as you would say, with SBS 2003. Here's how it works.
Once the SBS 2003 server is set up and the computers are set up on
the server side, log into the client PC and run the connectcomputer
URL. When that step is completed, log in as the user. Then
immediately log off and log on as the domain administrator.
Be sure the domain user account is in the local administrator's
group. Then open Registry Editor and navigate to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ProfileList.
You will see a listing for each SID. Within each SID key, you will
see an entry for ProfileImagePath with a path to the users profile
in the form of %SystemDrive%\Documents and Settings\UserName.
The trick is to find the new key that was set up at logon to the SBS
2003 server and edit the path to refer back to the original profile
path. So, for example, if you are migrating and changing domains,
you want to have a path like %SystemDrive%\Documents and
Settings\UserName.OldDomain. You then have a new SID key with a path
like %SystemDrive%\Documents and Settings\UserName.NewDomain. You
can edit this key and replace NewDomain with OldDomain to point to
the old profile.
In the case of a server migration within the same domain, you have a
path to the effect of %SystemDrive%\Documents and
Settings\UserName.Domain and %SystemDrive%\Documents and
Settings\UserName.Domain.000. In this instance, you delete the .000
to point back to the original profile.
*The MCSE Way*
Then there are the grizzled MCSEs amongst us who pointedly highlight
using the Active Directory Migration Tool (ADMT). Details at
http://www.microsoft.com/technet/prodtechnol/windows2000serv/downloads/admtool.mspx ).
Enough said!
Al Mulnick wrote:
> Suggestions? More like a shot in the dark. :)
>
> Have you seen the transfer your settings wizard in XP? Have you
> checked to see what that can do for you? I suspect there will be some
> scripting involved, because there will be no automated way to
> determine the source/target profiles programatically. You could
> migrate their settings etc, but there's no sid/sidhistory to
> reference. Not much point in getting that information either. There's
> also the permissions issues etc.
>
> Was it me, I'd suggest taking this opportunity to re-image the
> workstations in question. Cleaner, neater, more secure, and no
> lingering issues to deal with.
>
> Al
>
>
> On 6/1/06, *Condra, Jerry W Mr HP* <[EMAIL PROTECTED]
> <mailto: [EMAIL PROTECTED]>> wrote:
>
> Hi all
> The environment I'm in has multiple domains and I've been given a task
> to move about 40 users from one domain to another. There's no trust
> between the source domain and mine and no plans to have one. Too much
> red tape. My dilemma is trying to preserve the user's desktop profiles
> when they come over to my domain. In the past there's been a trust
> between any domain migrations I've performed which provides a host of
> avenues but with no trust I'm not sure of a way to do it other
> than some
> manual moves and permission/registry tweaks. However, doing that
> for 40
> users with a manual process is not my idea of fun. Saving their
> email is
> covered so it's not an issue. Any ideas or methods would be welcomed.
>
> Many thanks
>
> Jerry
>
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ml/threads.aspx
> <http://www.activedir.org/ml/threads.aspx >
>
>
--
Letting your vendors set your risk analysis these days?
http://www.threatcode.com
The SBS product team wants to hear from you:
http://msmvps.com/blogs/bradley/archive/2006/05/18/95865.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
