Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

[Samba] Move local profile to domain profile.

5 views
Skip to first unread message

Dennis McLeod

unread,
Mar 14, 2007, 7:10:08 PM3/14/07
to
Ok, I got the W2K3 resource kit tool to move my local profile to my domain
profile (moveuser.exe). Didn't really work that cleanly.
Even though I used the /k (keep the local account), it didn't really. It
seemed to change the permissions on MOST of the files.
It didn't really move the files either. It's just pointed my profile (or
parts of it) to the existing folder. Can't really go back now.
It didn't do My Documents and lower.
I had to log out, log is as domain administrator, and take ownership of
those files.
Even then, it lost some of my passwords (which is ok with me).
Does anyone have a nice CLEAN way to migrate the local profile to a domain
profile?
(something automated, perhaps...)
How about using the right click on My computer on the desktop, advanced tab,
User Profiles button, and copy to.
Has anyone tried that?
I supposed I'll need to re-image my machine and try it...
Dennis

Gary Dale

unread,
Mar 14, 2007, 8:10:09 PM3/14/07
to
When you log into a domain that allows roaming profiles, your profile
gets copied to the server. There isn't really a need for much more than
patience because it can take a long while, depending on the size of your
"My Documents". If you have the profiles on another server, I've been
able to copy them without anything strange happening.

Just make sure that "profile acls = yes" is set in your smb.conf and all
the other smb.conf settings for roaming profiles are correct.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba

Jason Baker

unread,
Mar 20, 2007, 9:20:07 AM3/20/07
to
So far I haven't found an automated way. I just log in to the domain as
the user, which creates the roaming profile on the network. Then log
out, log in to the local machine as admin and copy the contents of My
Documents, Desktop and Application Data (all from Documents and
Settings/<username>) from the local profile to the roaming profile. Then
log back in to the domain as the user and all the desktop icons and user
settings should be there. Just remember to delete the local profile to
avoid confusion.

*Jason Baker
*/IT Coordinator/


*Glastender Inc.*
5400 North Michigan Road
Saginaw, Michigan 48604 USA
800.748.0423
Phone: 989.752.4275 ext. 228
Fax: 989.752.4444
www.glastender.com <http://www.glastender.com>

-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GIT$ d- s: a C++$ LU+++$ P+ L++>L++++ !E--- W+++ N o? K?
w !O M !V PS PE- Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h---
r+++ y+++
------END GEEK CODE BLOCK------

Jonathan Johnson

unread,
Mar 26, 2007, 8:10:08 PM3/26/07
to
OK, I haven't done this with ROAMING profiles, but I've done it so many
times with locally-stored profiles I think I can do it in my sleep. (The
following is not written for the novice user.)

Consider the following scenario: user Fred Flintstone has a local
account FRED on the Windows XP Professional worstation FREDSCOMPUTER.
You have already joined FREDSCOMPUTER to the BEDROCK domain, and Fred
has been given an account in the BEDROCK domain called FFLINTSTONE
(note, I'm using caps so it's easy to read in my example).

1. Log into FREDSCOMPUTER with admin rights, but not as FRED. Use
NTBACKUP (the built-in backup utility), make a backup of
"Documents and Settings\Fred" (or wherever his local-account
profile happens to be stored). This is for bone-headed admins like
me who will probably screw something up. NTBACKUP is suggested
because it's fairly easy to used (read: quick) and will preserve
permissions.
2. Assign permissions (recursively) to "Documents and Settings\Fred"
that allow BEDROCK\FFLINTSTONE full access.
3. Load the registry hive "Documents and Settings\Fred\NTUSER.DAT"
and assign permissions similarly. (I typically use REGEDIT, or
REGEDT32 on Windows 2000 and earlier.)
4. Unload the reigstry hive or reboot the computer.
5. Log in as BEDROCK\FFLINTSTONE. This will create a new profile for
Fred; make a note of the path where the profile is stored. This
profile folder will be deleted shortly, but this step is necessary
to create a registry key. Log out, and log back in as a local admin.
6. Open the registry key HKLM\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\ProfileList. Under here you will see numerous
keys named by the SIDs of users who have logged in. One of these
will correspond with the BEDROCK\FFLINTSTONE account. Since you
are using Samba, you can (rather conveniently, I might add) use
pdbedit -L -v fflintstone to find out the SID. Otherwise, you can
look thru until you find the one for which the ProfileImagePath
value corresponds with the path noted in step 5, above. Modify the
value for ProfileImagePath to correspond to the path to FRED's
profile that you backed up in step 1.
7. Delete the profile folder noted in step 5. You won't be needing it
anymore.
8. Log in as BEDROCK\FFLINTSTONE and you should be logged into the
domain, but still using FRED's old profile.

Now here's how I would handle it if the domain profile was a roaming
profile: temporarily disable the roaming profile configuration for
BEDROCK\FFLINTSTONE before doing the above. After doing the above steps,
convert the "domain local" profile to a "domain roaming" profile.

-Jonathan Johnson
Sutinen Consulting, Inc.
www.sutinen.com

Charles Marcus

unread,
Mar 27, 2007, 6:10:14 AM3/27/07
to
> How about using the right click on My computer on the desktop,
> advanced tab, User Profiles button, and copy to.
> Has anyone tried that?

I've done exactly that many times...

The critical step is to make sure that you assign the correct user
permission to use the profile under 'Permitted to use'.

Works like a charm, but not a good option for migrating a lot of users,
obviously.

--

Best regards,

Charles

Charles Marcus

unread,
Mar 27, 2007, 6:50:13 AM3/27/07
to
Hi Jonathan,

Just fyi - there is a simpler way, much less error prone...

Jonathan Johnson wrote:
> OK, I haven't done this with ROAMING profiles, but I've done it so many
> times with locally-stored profiles I think I can do it in my sleep. (The
> following is not written for the novice user.)
>
> Consider the following scenario: user Fred Flintstone has a local
> account FRED on the Windows XP Professional worstation FREDSCOMPUTER.
> You have already joined FREDSCOMPUTER to the BEDROCK domain, and Fred
> has been given an account in the BEDROCK domain called FFLINTSTONE
> (note, I'm using caps so it's easy to read in my example).
>
> 1. Log into FREDSCOMPUTER with admin rights, but not as FRED.

2. Right-click on 'My Computer' - click the 'Advanced' Tab.

3. Click the 'Settings' button under 'User Profiles'.

4. Select the profile you want to move, click on 'Copy To'.

5. Click the 'Browse' button, navigate to the profile directory where
the profile is to be stored.

6. Click the 'Change' button under 'Permitted to use' - assign the
domain user the rights to this profile.

7. Click 'OK'.

8. Log off the local computer.

9. Done.

Assuming the domain user is already defined as a roaming profile, and
the directory where you just copied the profile is the correct
directory, then the next time FFLINTSTONE logs in, he will automatically
use the new profile.

Caveat: If the profile will only be a local profile, then you will need
to log in once as FFLINTSTONE first, to create the profile directory
that the old profile will be copied to. You can create it manually, but
to make sure the perms get set correctly, it is best to let the system
do it for you.

--

Best regards,

Charles

0 new messages