Moving users to a new domain

[Greg Smith]

We will be moving some of our users to a new domain we are creating. The
users will be keeping their original user name. How do we make sure the
user can keep the same profile on their workstation? I have looked at the
"Copy profile" option but that seems to be for copying to a different
directory, not a new user profile.

We would like to learn the basic steps to taking "fred" in domain ABC and
have him log into his workstation as "fred" using a new account in domain
XYZ and have his workstation profile (cookies, favorites, presences, etc)
come up the same for him.

Any help is greatly appreciated.

 

[NIC Student]

Hi Greg,

We do this task all the time in our environment. You can either move the
computer account to the new domain or leave it in the old domain. If you do
not move the computer account, you will want to restart it after the user is
moved so it becomes aware of the user's new "identity". If you do not
restart, the user may get a "can't access profile" warning.

Use the ADMT (Active Directory Migration Tool), make sure to use the current
version (v2). It was designed to migrate users from NT==>2000/2003, but it
works great to move users from one 2000/2003 domain to another.

If the two domains are not in the same forest you will need to set up trusts
before you begin.

 

[Greg Smith]

Hi Greg,

Thank you for your response.

I don't think thing fixes that problem I am facing. I am only concerned
with the users profile on their own machine. After the move "fred" would
not be ABC\Fred anymore, he would be XYZ\Fred on his machine. I want to
give him the same wallpaper, printer mappings IE setting etc.

 

[NIC Student]

Hi Greg,

Fear not. The user has a new name (ie XYZ\Fred) but his GUID is idential so
when the user logs back in, he uses exactly the same profile on the local
computer. He will have the same Outlook/Exchange setup, same wallpaper,
same internet favorites, etc. He will inherit the GPOs from the new domain
and get new policies so his environment may change in that regard, but other
than that, the user will not notice a change at all.

It's really cool.

 

[Greg Smith]

Really, I will have to give it a try.

One more question, will the fact that I am moving from a Windows NT domain
to a Windows AD domain cause any problems?

Thanks again.

 

[NIC Student]

re: NT Domain

You'll just need to establish the correct trusts. Have a look at the docs
that come with ADMT to learn more about that. Micro$oft has made this
process fairly painless.

 

[Greg Smith]

Attack-o-the-dumz!

I must be doing something wrong. I am doing the following:

1. Create a new user in domain1, admt_test.
2. Log into one of our workstations (running NT4sp6) as the new user.
3. Change the wallpaper and add new folder to the users START menu.
4. logout. Migrate the account from domain1 to domain2.
5. Log in to the same workstation as admt_test of domain2.

I get a new login, the "hello" message, default wallpaper, no user folder,
in other words a brand new profile.

Are there params I should be changing when I use the ADMT?

 

[NIC Student]

Hi Greg,

Hmm, ok. I don't work with NT4 workstations anymore

Are you using ADMT v2?

Domain1 and Domain2 are AD domains? In same forest?

Did you restart the NT4 box before step 5?

--
Scott Baldridge
Windows Server MVP, MCSE


"Greg Smith"

 

[Greg Smith]

Hmm, ok. I don't work with NT4 workstations anymore

Are you using ADMT v2?
Yes.


Domain1 and Domain2 are AD domains? In same forest?

Domain 1 is a NT domain, Domain 2 is AD. I created a trust between them.

 

[NIC Student]

So is the NT4 box also migrated to the new domain?

Why are you migrating this domain instead of upgrading it?

Can you try ADMT's "Security Translation Wizard" on the NT4 box (even though
it hasn't been migrated).

My experience has been that 2000 and XP boxes don't have this problem you
describe but the machines were already in a 2000 domain to start with.

 

[Greg Smith]

So is the NT4 box also migrated to the new domain?

Yes.

Why are you migrating this domain instead of upgrading it?

There is a person in another department that had Server2003 training and he
said it was best to start form scratch.

Can you try ADMT's "Security Translation Wizard" on the NT4 box (even
though it hasn't been migrated).

I'll try that.

 

[NIC Student]

Hi Greg,

Hmm, I would choose to upgrade your existing domain from NT>2003. Make sure
you use a fully qualified new domain name (upgrade NT domain DOMAIN to
DOMAIN.com). I usually recommend in-place upgrades instead of migrations
unless you have loads of NT domains to consolidate. BTW, the ADMT rocks for
moving users between the domains in your new forest.

Since I don't know the specifics on your current and desired domain
structure and such, I am not qualified to recommend one way or another.
Support WebCast: Windows Server 2003: Upgrading, Migrating, and
Restructuring Windows Domains
http://support.microsoft.com/default.aspx?scid=kb;en-us;329471