PC Review


Reply
Thread Tools Rate Thread

Moving Local Power Users from 1 Win2K Server to Another Win2K Serv

 
 
=?Utf-8?B?SmVzc2UgTydCcmllbiBiTkM=?=
Guest
Posts: n/a
 
      17th Feb 2005
Hi,

I am using a Win2K Server, Domain Controller with AD and i'm migrating users
from that server to another Win2K Server, DC with AD. The issue i'm getting
is that when the users are local Power Users only and not local
Administrators, once I disjoin from Server 1 domain and join to the domain on
Server 2, the profile (Local Profile) settings will not be kept on that local
machine, ie. background, theme, icons, etc.

* I have tried changing a user to a Local Administrator before and after
disjoining and joining from the servers.

* The account is duplicate in AD on both servers - just a domain user.

* I believe it may be some sort of security setting that could be hindering
this regarding local Power Users as it works fine when the users are local
Administrators.

Any suggestions would be greatly appreciated,

Jesse O'Brien - bNC
Systems Engineer - Tier II
Pronet Technology
 
Reply With Quote
 
 
 
 
ptwilliams
Guest
Posts: n/a
 
      17th Feb 2005
You can't have local users on a DC. Nor can you a have non-local power
users group.

I assume that these machines are *not* domain controllers, and that you are
logging onto a member server either as a local power user or as a domain
user that is a member of the local power users group.

If the former, the account on another machine is separate and will therefore
have a different profile. If the latter, and you've disjoined this machine
from the domain and added it to another domain, and are using a user account
with the same name, then there are now two profiles in documents and
settings - username and username.domain-name. If you want the old settings,
you can copy the profile into the new profile. You can do this either using
Windows explorer or the profiles tab of the system applet. Either way, you
need to be logged on as a different user and need to change the permissions
on the folder structure.

If this isn't what you want, then I've misunderstood. Please elaborate on
what the problem is.

Just remember that all users on a DC are domain-wide -there are no local
accounts. If you're having difficulty with these concepts, then try and
explain how the environment is setup and we will help...


--

Paul Williams

http://www.msresource.net/
http://forums.msresource.net/

"Jesse O'Brien bNC" <Jesse O'Brien (E-Mail Removed)> wrote in
message news:(E-Mail Removed)...
Hi,

I am using a Win2K Server, Domain Controller with AD and i'm migrating users
from that server to another Win2K Server, DC with AD. The issue i'm getting
is that when the users are local Power Users only and not local
Administrators, once I disjoin from Server 1 domain and join to the domain
on
Server 2, the profile (Local Profile) settings will not be kept on that
local
machine, ie. background, theme, icons, etc.

* I have tried changing a user to a Local Administrator before and after
disjoining and joining from the servers.

* The account is duplicate in AD on both servers - just a domain user.

* I believe it may be some sort of security setting that could be hindering
this regarding local Power Users as it works fine when the users are local
Administrators.

Any suggestions would be greatly appreciated,

Jesse O'Brien - bNC
Systems Engineer - Tier II
Pronet Technology


 
Reply With Quote
 
 
 
 
=?Utf-8?B?SmVzc2UgTydCcmllbg==?=
Guest
Posts: n/a
 
      20th Feb 2005
Hi Paul,

Thanks for your help. I should have explained myself further. Basically I
have a PC which is connected to the 1st server, which is a domain controller.
The user which logs on to this machine is a member of the Domain Users group
and is a LOCAL Power User on the local machine, ie. In the Power Users group
in Computer Management - Local Users and Groups - Groups - Power Users, I
have: DOMAIN\Power Users.

Normally, I would have Domain Users in the local Administrators group, but
due to needing users to be restricted in their rights on the local machine,
we cannot allow that.

I have 2 servers, both Domain Controllers, with different domain names, lets
call them test1.com and test2.com. The NETBIOS name is 'DOMAIN' for both.
They are basically identical in hardware and OS specifications.

The problem that I'm getting is that when I'm migrating from the 1st Server
to the 2nd Server and the PC has Domain Users as Local Power Users only and
not Local Administrators, when I do the process of disjoining from the 1st
Server and joining to the second server, the profile is not displayed
properly after being migrated across.

The process that is done when copying the user profiles across is:
- Join to Server 1 domain
- Set Domain Users as Local Power Users
- Log on to Server 1 as the User
- Change profile settings
- Log off
- Log into machine as Local Administrator
- Disjoin from Server 1 domain
- Log into machine as Local Administrator again
- Join Server 2 domain
- Log into Server 2 domain as Domain Administrator
- Set all Domain Users as Local Power Users
- Copy all profiles from C:\Documents and Settings to C:\Profiles.bak
(Except All Users, Default Users, Administrator)
- Delete all profiles from C:\Documents and Settings to C:\Profiles.bak
(Except All Users, Default Users, Administrator)
- Log off and Log into the domain as the User
- Log off and Log into the domain as Administrator
- Delete *new profile from C:\Documents and Settings
- Copy User's old profile from C:\Profiles.bak to C:\Documents and Settings
and rename to the deleted *new profile name
- Re-apply appropriate permissions to the profile folders
- Reset Security permission on all child objects
- Log off and log back on as the User on to the domain
* This is where the profile should look correct - however this seems to only
be the case when Domain Users are set as Local Administrators and not Power
Users.

I believe if you are able to try to replicate this, you will get the same
results. If you have any questions or suggestions, your reply would be much
appreciated.

Regards,
Jesse


"ptwilliams" wrote:

> You can't have local users on a DC. Nor can you a have non-local power
> users group.
>
> I assume that these machines are *not* domain controllers, and that you are
> logging onto a member server either as a local power user or as a domain
> user that is a member of the local power users group.
>
> If the former, the account on another machine is separate and will therefore
> have a different profile. If the latter, and you've disjoined this machine
> from the domain and added it to another domain, and are using a user account
> with the same name, then there are now two profiles in documents and
> settings - username and username.domain-name. If you want the old settings,
> you can copy the profile into the new profile. You can do this either using
> Windows explorer or the profiles tab of the system applet. Either way, you
> need to be logged on as a different user and need to change the permissions
> on the folder structure.
>
> If this isn't what you want, then I've misunderstood. Please elaborate on
> what the problem is.
>
> Just remember that all users on a DC are domain-wide -there are no local
> accounts. If you're having difficulty with these concepts, then try and
> explain how the environment is setup and we will help...
>
>
> --
>
> Paul Williams
>
> http://www.msresource.net/
> http://forums.msresource.net/
>
> "Jesse O'Brien bNC" <Jesse O'Brien (E-Mail Removed)> wrote in
> message news:(E-Mail Removed)...
> Hi,
>
> I am using a Win2K Server, Domain Controller with AD and i'm migrating users
> from that server to another Win2K Server, DC with AD. The issue i'm getting
> is that when the users are local Power Users only and not local
> Administrators, once I disjoin from Server 1 domain and join to the domain
> on
> Server 2, the profile (Local Profile) settings will not be kept on that
> local
> machine, ie. background, theme, icons, etc.
>
> * I have tried changing a user to a Local Administrator before and after
> disjoining and joining from the servers.
>
> * The account is duplicate in AD on both servers - just a domain user.
>
> * I believe it may be some sort of security setting that could be hindering
> this regarding local Power Users as it works fine when the users are local
> Administrators.
>
> Any suggestions would be greatly appreciated,
>
> Jesse O'Brien - bNC
> Systems Engineer - Tier II
> Pronet Technology
>
>
>

 
Reply With Quote
 
 
 
Reply

Thread Tools
Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Free Moving Estimate, Local Movers, Long Distance Moving, PackingSupplies, Storage Rental, Home Moving, Apartment Moving, Office Moving,Commercial Moving linkswanted Microsoft ASP .NET 0 6th Jan 2008 05:45 AM
Local PC network and local printers not showing in Term Serv.... printers... Zeno Microsoft Windows 2000 Terminal Server Applications 1 13th Jan 2005 04:31 PM
How to get Terminal Serv client to automatically logon to the serv =?Utf-8?B?TWlrZQ==?= Microsoft Windows 2000 Terminal Server Clients 0 5th Jan 2005 10:43 AM
Re: Will a 2000 terminal Serv license support 2003 Serv if I point to Vera Noest [MVP] Microsoft Windows 2000 Terminal Server Clients 0 17th Sep 2004 08:45 PM
Will a 2000 terminal Serv license support 2003 Serv if I point to =?Utf-8?B?V2lsbGlhbQ==?= Microsoft Windows 2000 Terminal Server Clients 0 17th Sep 2004 03:49 PM


Features
 

Advertising
 

Newsgroups
 


All times are GMT +1. The time now is 06:47 AM.