AD Local User Profiles

[Guest]

Hey All:

First of all, thanks for these forums. I have always found them to be a
great resource.

Ok... I have been tasked with migrating a 2000 user network from Novell to
2003 AD. All is going well so far and I am in the middle of scripting the
automation of computers joining the domain. I want to be able to have domain
user accounts use the existing local user account profile instead of a new
profile being created when a user first loggs in.

Example: Local user account 'Jane' has an existing user profile. Jane's
computer just joined the domain via an automated script. The computer reboots
and prompts Jane to login with her new AD account. When she loggs in, a new
Domain profile is created. I want it to be Jane loggs in to the Domain for
the first time and get her old profile as though no change has been made.

Thanks in advance for the help and advise.

 

[Kevin D. Goodknecht Sr. [MVP]]

In

Hey All:

First of all, thanks for these forums. I have always
found them to be a great resource.

Ok... I have been tasked with migrating a 2000 user
network from Novell to 2003 AD. All is going well so far
and I am in the middle of scripting the automation of
computers joining the domain. I want to be able to have
domain user accounts use the existing local user account
profile instead of a new profile being created when a
user first loggs in.

Example: Local user account 'Jane' has an existing user
profile. Jane's computer just joined the domain via an
automated script. The computer reboots and prompts Jane
to login with her new AD account. When she loggs in, a
new Domain profile is created. I want it to be Jane loggs
in to the Domain for the first time and get her old
profile as though no change has been made.

Thanks in advance for the help and advise.

Logon to the machine with a user that has local administrative rights, then
in the system control panel user profiles tab (Win2k) or Advanced tab (XP)
copy the good profile to the new domain profile directory giving domain user
"allow to use" permissions.

You can also copy these profiles to a Network share, to a directory that has
the username. In the Domain account properties, on the Profile tab, type
this into the
Profile path field \\server\share\%username% this creates a directory in
the share with the username. Then copy the profile into the directory
created.
Then the Profile will be a roaming profile and will be loaded on any machine
they logon to. The downside of this is, all machines should have the same
Programs and Windows directory locations. The profile will work fine for any
NT4, Win2k, or XP machine they logon to, but the Profile won't be used on a
Win9x and you shouldn't use a profile from a Win9x on the aforementioned
clients.
Win9x clients can also use roaming profiles, you have to create a config.pol
in the Netlogon share with the profile settings and locations.

 

[Guest]

Thanks for the reply but I need to automate this process. I was hoping to
figure out a way that when the user loggs in with the Domain account the old
profile is used instead of creating a new one. I may just need to script
something with the moveuser.exe utility or even the User State Migration
Tool. It just seems like this should be much easier for such a large rollout.
I wonder is there is something burried in Group Policy for this.?.

 

[Ryan Hanisco]

Brad,

Unfortunately there is not a GPO for this... think of it this way, there
would be an inherent risk allowing different security zones interact --
being the AD and the local computer.

The mapping of SID to profile is done in the ProfileList key in the HKLM.
You could script this to change the keys, but if you've got a small
environment, just change this manually. Otherwise, look at a longer
implementation cycle and deploy from there.

Incidentally, a move from NetWare to AD is a good time to implement good
desktop standards. Your end goal should be ubiquitous computing -- this can
be expressed two ways. 1. Your users can log in anywhere. 2. Replacing a
machine doesn't effect user experience. Use this opportunity to
standardize... Look to DFS, mandatory profiles, and roaming profiles to
help you.

In a truly large environment, take a look at the MOF (Microsoft Operations
Framework) to guide you. This is amazing and helps so so much.