If anyone is interested I finally got to the bottom of this.
The problem? ntuser.dat. Why? The domain SID was different to the one
listed in the ntuser.dat files.
Solved using the profiles command and a -c (change) and -n (new) switch.
For example, the ntuser.dat files inside each person profiles contained
a reference to the a domain SID, but not the correct one, must be the
old one I thought.
Running the command profiles -c {old domain ID} -n {new domain ID}
ntuser.dat changes the ntuser.dat file to what it should be. However, if
you just do this on the roaming profile and leave one locally on the
clients machine then when you login it will just use the local one
rather then the roaming one.
I know I could change the domain SID that is currently set to the old
one (how it should have been done after the upgrade) but a) I don't
quite know how and b) I'm sure it will break the new ntuser.dat files
that have been created (new users) and will break some other things as I
noticed that some people had the correct references in their .dat files.
Although this appears to work, there is one Windows XP machine and user
account which has given me a headache.Even though I removed all traces
of the users profiles and account from the machine and updated the
ntuser.dat file on the server it still changed back once the user had
logged in. Weird.
Only NT based OS's use the SIDs in this, which is why the Windows 98
clients didn't have a problem as they are dumb when it comes to
security. I guess adding local administrator rights allows any user on a
domain to alter the HKey Local User registry settings.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
