Moving Local Power Users from 1 Win2K Server to Another Win2K Serv

Discussion in 'Microsoft Windows 2000 Active Directory' started by Guest, Feb 17, 2005.

  1. Guest

    Guest Guest

    Hi,

    I am using a Win2K Server, Domain Controller with AD and i'm migrating users
    from that server to another Win2K Server, DC with AD. The issue i'm getting
    is that when the users are local Power Users only and not local
    Administrators, once I disjoin from Server 1 domain and join to the domain on
    Server 2, the profile (Local Profile) settings will not be kept on that local
    machine, ie. background, theme, icons, etc.

    * I have tried changing a user to a Local Administrator before and after
    disjoining and joining from the servers.

    * The account is duplicate in AD on both servers - just a domain user.

    * I believe it may be some sort of security setting that could be hindering
    this regarding local Power Users as it works fine when the users are local
    Administrators.

    Any suggestions would be greatly appreciated,

    Jesse O'Brien - bNC
    Systems Engineer - Tier II
    Pronet Technology
     
    Guest, Feb 17, 2005
    #1
    1. Advertisements

  2. Guest

    ptwilliams Guest

    You can't have local users on a DC. Nor can you a have non-local power
    users group.

    I assume that these machines are *not* domain controllers, and that you are
    logging onto a member server either as a local power user or as a domain
    user that is a member of the local power users group.

    If the former, the account on another machine is separate and will therefore
    have a different profile. If the latter, and you've disjoined this machine
    from the domain and added it to another domain, and are using a user account
    with the same name, then there are now two profiles in documents and
    settings - username and username.domain-name. If you want the old settings,
    you can copy the profile into the new profile. You can do this either using
    Windows explorer or the profiles tab of the system applet. Either way, you
    need to be logged on as a different user and need to change the permissions
    on the folder structure.

    If this isn't what you want, then I've misunderstood. Please elaborate on
    what the problem is.

    Just remember that all users on a DC are domain-wide -there are no local
    accounts. If you're having difficulty with these concepts, then try and
    explain how the environment is setup and we will help...


    --

    Paul Williams

    http://www.msresource.net/
    http://forums.msresource.net/

    "Jesse O'Brien bNC" <Jesse O'Brien > wrote in
    message news:...
    Hi,

    I am using a Win2K Server, Domain Controller with AD and i'm migrating users
    from that server to another Win2K Server, DC with AD. The issue i'm getting
    is that when the users are local Power Users only and not local
    Administrators, once I disjoin from Server 1 domain and join to the domain
    on
    Server 2, the profile (Local Profile) settings will not be kept on that
    local
    machine, ie. background, theme, icons, etc.

    * I have tried changing a user to a Local Administrator before and after
    disjoining and joining from the servers.

    * The account is duplicate in AD on both servers - just a domain user.

    * I believe it may be some sort of security setting that could be hindering
    this regarding local Power Users as it works fine when the users are local
    Administrators.

    Any suggestions would be greatly appreciated,

    Jesse O'Brien - bNC
    Systems Engineer - Tier II
    Pronet Technology
     
    ptwilliams, Feb 17, 2005
    #2
    1. Advertisements

  3. Guest

    Guest Guest

    Re: Moving Local Power Users from 1 Win2K Server to Another Win2K

    Hi Paul,

    Thanks for your help. I should have explained myself further. Basically I
    have a PC which is connected to the 1st server, which is a domain controller.
    The user which logs on to this machine is a member of the Domain Users group
    and is a LOCAL Power User on the local machine, ie. In the Power Users group
    in Computer Management - Local Users and Groups - Groups - Power Users, I
    have: DOMAIN\Power Users.

    Normally, I would have Domain Users in the local Administrators group, but
    due to needing users to be restricted in their rights on the local machine,
    we cannot allow that.

    I have 2 servers, both Domain Controllers, with different domain names, lets
    call them test1.com and test2.com. The NETBIOS name is 'DOMAIN' for both.
    They are basically identical in hardware and OS specifications.

    The problem that I'm getting is that when I'm migrating from the 1st Server
    to the 2nd Server and the PC has Domain Users as Local Power Users only and
    not Local Administrators, when I do the process of disjoining from the 1st
    Server and joining to the second server, the profile is not displayed
    properly after being migrated across.

    The process that is done when copying the user profiles across is:
    - Join to Server 1 domain
    - Set Domain Users as Local Power Users
    - Log on to Server 1 as the User
    - Change profile settings
    - Log off
    - Log into machine as Local Administrator
    - Disjoin from Server 1 domain
    - Log into machine as Local Administrator again
    - Join Server 2 domain
    - Log into Server 2 domain as Domain Administrator
    - Set all Domain Users as Local Power Users
    - Copy all profiles from C:\Documents and Settings to C:\Profiles.bak
    (Except All Users, Default Users, Administrator)
    - Delete all profiles from C:\Documents and Settings to C:\Profiles.bak
    (Except All Users, Default Users, Administrator)
    - Log off and Log into the domain as the User
    - Log off and Log into the domain as Administrator
    - Delete *new profile from C:\Documents and Settings
    - Copy User's old profile from C:\Profiles.bak to C:\Documents and Settings
    and rename to the deleted *new profile name
    - Re-apply appropriate permissions to the profile folders
    - Reset Security permission on all child objects
    - Log off and log back on as the User on to the domain
    * This is where the profile should look correct - however this seems to only
    be the case when Domain Users are set as Local Administrators and not Power
    Users.

    I believe if you are able to try to replicate this, you will get the same
    results. If you have any questions or suggestions, your reply would be much
    appreciated.

    Regards,
    Jesse


    "ptwilliams" wrote:

    > You can't have local users on a DC. Nor can you a have non-local power
    > users group.
    >
    > I assume that these machines are *not* domain controllers, and that you are
    > logging onto a member server either as a local power user or as a domain
    > user that is a member of the local power users group.
    >
    > If the former, the account on another machine is separate and will therefore
    > have a different profile. If the latter, and you've disjoined this machine
    > from the domain and added it to another domain, and are using a user account
    > with the same name, then there are now two profiles in documents and
    > settings - username and username.domain-name. If you want the old settings,
    > you can copy the profile into the new profile. You can do this either using
    > Windows explorer or the profiles tab of the system applet. Either way, you
    > need to be logged on as a different user and need to change the permissions
    > on the folder structure.
    >
    > If this isn't what you want, then I've misunderstood. Please elaborate on
    > what the problem is.
    >
    > Just remember that all users on a DC are domain-wide -there are no local
    > accounts. If you're having difficulty with these concepts, then try and
    > explain how the environment is setup and we will help...
    >
    >
    > --
    >
    > Paul Williams
    >
    > http://www.msresource.net/
    > http://forums.msresource.net/
    >
    > "Jesse O'Brien bNC" <Jesse O'Brien > wrote in
    > message news:...
    > Hi,
    >
    > I am using a Win2K Server, Domain Controller with AD and i'm migrating users
    > from that server to another Win2K Server, DC with AD. The issue i'm getting
    > is that when the users are local Power Users only and not local
    > Administrators, once I disjoin from Server 1 domain and join to the domain
    > on
    > Server 2, the profile (Local Profile) settings will not be kept on that
    > local
    > machine, ie. background, theme, icons, etc.
    >
    > * I have tried changing a user to a Local Administrator before and after
    > disjoining and joining from the servers.
    >
    > * The account is duplicate in AD on both servers - just a domain user.
    >
    > * I believe it may be some sort of security setting that could be hindering
    > this regarding local Power Users as it works fine when the users are local
    > Administrators.
    >
    > Any suggestions would be greatly appreciated,
    >
    > Jesse O'Brien - bNC
    > Systems Engineer - Tier II
    > Pronet Technology
    >
    >
    >
     
    Guest, Feb 20, 2005
    #3
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. CB

    Adding domain local group to machine local Power Users group

    CB, Nov 17, 2003, in forum: Microsoft Windows 2000 Active Directory
    Replies:
    3
    Views:
    922
    Matjaz Ladava [MVP]
    Nov 18, 2003
  2. HELP

    Display current logged on users(Win 2k Adv. Serv)

    HELP, Jan 8, 2004, in forum: Microsoft Windows 2000 Active Directory
    Replies:
    2
    Views:
    265
    Guest
    Jan 9, 2004
  3. JohnB

    Adding Domain Users group to local Power Users

    JohnB, Sep 1, 2004, in forum: Microsoft Windows 2000 Active Directory
    Replies:
    1
    Views:
    424
    Oli Restorick [MVP]
    Sep 1, 2004
  4. JohnB

    GPO - adding Domain Users to local Power Users group

    JohnB, Sep 14, 2004, in forum: Microsoft Windows 2000 Active Directory
    Replies:
    3
    Views:
    3,520
    JohnB
    Oct 14, 2004
  5. Stephen M

    alowing regular users (not power users) to change network settings and power options

    Stephen M, Aug 17, 2006, in forum: Microsoft Windows 2000 Active Directory
    Replies:
    2
    Views:
    645
    Herb Martin
    Sep 13, 2006
Loading...

Share This Page