Sunday, March 1, 2009

Move User's account into domain

After many years in the IT field, I have searched for a way to move a local account into a new domain. This is important for a company that has decided to move into the domain environment. And you know how each user is. First, off they don’t see why they need the change. And secondly why in the world would they have all their settings reset back to defaults. Desktop, icons, and the works. With this following registry trick, it will allow you to move a users profile from a local account to a domain or a domain account to another domain account without losing anything.
What you are your thoughts?
First off you need to make sure you know the new and old user’s profile path. Also, you must have logged in as the new user at least once.
If you already have the above information and have logged in as the new user, so it’s profile is setup then you can skip ahead to change the profile information around. If you still need the user paths then read below.
Get Profile Paths
Local -> Domain: You can join the new domain then log in as the new user then log off and log in as the old user to find out both old and new users profile paths.
Domain -> Domain: Before you join the new domain you need to find the users path then join the new domain and find the path for the new one. If you have already joined the new domain, then I recommend going to your Documents and settings folder and figure out on your own what the old profile path is.
To find the profile path of an account login to that account and do the following.
Click Start
Click Run
Type in “CMD”
Click OK
In the black box type in “SET”
Press [Enter]
Note: The next to last line that starts with “USERPROFILE” this is the profile path of the new user.
Make the move
1. Restart the Computer
2. Log in with the Administrator account (local or domain).
NOTE: If you are trying to move the administrator account you will first need to create a temp admin account to log in and perform the following steps. You can NOT be logged in as the old or new user to do the following.
5.Start regedit (start -> run -> Type in “regedit” -> OK)
6.Open up the following key
7.You will see a key (folder) for every user that has logged onto the system. Keep clicking on each one until you find the “ProfileImagePath” that is for the old user's account. Once you find it rename it! Example below is Bobby -> OldBobby
8.Now look for the “ProfileImagePath” of the new user's account. Change the path to the OLD user's path. Bobby.Domain -> Bobby
We have now moved the account over. Everything will work OK, as long as the new user always has admin rights. The reason this happens is that the Files and Registry will have permissions of the old user.
Change Registry permissions
1.Start Regedit again if not already running from above.
2.Click on “hkey_local_machine”
3.Select “Load Hive” from the file menu.
4.Select the file: “c:\documents and settings\(user profile path of old user)\ntuser.dat
Note: This file is hidden. If you can’t find the above file, you will need to enable showing of hidden files. To do this (do not need to exit regedit) click on “My Computer” in your start menu. Select “Folder Options” from the tools menu. Then select “View” tab. Select “Show hidden files and folders." Click OK and close out of “My Computer” Repeat step 3 and on.
5.Name the Hive TEMP
6.Open the Local Machine key
7.See TEMP at the end of the list.
8.Right-click TEMP and select permissions
9.You should see an item with a “?-(numbers)” or the old username delete this user.
(DO NOT REMOVE Administrator)
10.Click Add. Select the new user name (make sure the user is on the domain)
11.Enter in this users credentials
12.Once added give the user full control.
13.Click OK
NOTE: If you received a message just after clicking OK above. This could be because the new username did not get passed all the way through the registry. Try again.
15. Click on “hkey_local_machine”
16. Select “Unload hive” from the “File” menu.
17. Exit Regedit
Folder Permissions
Because the new user and old user are different people, we need to make sure that the new user has permission to the old user's folder.
1. Right-click on the Start menu.
2. Select “Open All Users”
3. Press the [Backspace] key to back to the previous folder.
4. Select the OLD user's folder and right click on it.
5. Select Properties
6. Select Security tab
7. Click Add
8. Type in or select the new user. Click OK
9. Select the new user and give them “Full Control”
10. Click “Advanced”
11. Place a check in the box “Replace permission entries on….”
12. Click OK
13. Click OK on the pop-up message.
This will take up to several minuets
14. Select the old user
15. Click Remove
16. Click OK
Finished and Test
If everything went OK, then we now need to restart the computer and log in as the new user.
Note: On the restart, you may receive messages that the system is looking for domains. If this message does not go away then just press Ctrl-Alt-Delete and attempt to log in. You should be able to get around it. Once you get logged in it won’t happen again.
Everything should look and feel exactly the same as before. All program and their settings should stay the same.
If for some reason you feel like you can log in as the old user it will now have a new profile.