Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Westi on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Reattach computers after domain change 1

Status
Not open for further replies.
reporting

reporting

Instructor
Dec 30, 2001
154
CA
Our server started dying recently (see here for more info). When I tried to log on last night, all I saw was links: the only icons available were for My Computer, etc. I looked around trying to find info on doing a repair ... but there wasn't anything! I wanted to get it operational long enough to be able to copy everything onto a new server.

When I loaded the SBS 2003 Install CD's this morning, I discovered that there was no repair option. So I re-installed the OS. Got the server up and running. All the data is there ... I really didn't want to restore it from tape as that would take a long time ... so I now have to re-install the server apps.

When I tried to re-attach a workstation, it wouldn't do it. I finally ended up having to attach it to a Workgroup, reboot, attach it to the domain, and reboot again. When I finally got it attached to the domain, I had lost the local config of the workstation!

When I re-installed the OS, I used the same domain name as before. I had thought I would be able to re-attach without any problems. But that was not to be.

I had wanted to do this without a restore from tape. Is that possible? Or is there some other way to do this and still keep the original workstation config.

Thanks very much,

John Marrett
Crystal Reports Trainer & Consultant
 
Sort by date Sort by votes
What you're referring to are user profiles. Read this thread and look for the registry entry there, and it will make things easy for you:

thread1584-1421689

When you reinstall SBS or any Windows Server, the domain is represented (under the hood) by a SID or numeric code. The human name (mydomain.com) is less important than the SID, and when you reinstall you generate a new SID. So the clients don't see the new domain as the same as the old one, and you have to do the process you mentioned. Read that thread, since there are some great hints there for making this process simpler for you.

Dave Shackelford
Shackelford Consulting
 
Upvote 0 Downvote
Thanks very much Dave. I went through the 16 steps that lifegard2 described ... and it didn't work! I thought I may have botched it somehow so I did it again ... with the same result!

Any ideas on why it didn't work for me?



John Marrett
Crystal Reports Trainer & Consultant
 
Upvote 0 Downvote
My main "takeaway" from that thread was the first comment that Markdmac made, about the registry entry.

In the last few weeks in which I've used it, my process has usually just been to put the computer in a workgroup, then bring it into the new domain. Mark's comment about using ConnectComputer at that point is probably a good one. At that point, I log on as the user again, and it creates a second profile folder for them, like "user.domainname". Then I log off and log in as admin and change the registry path for that user. Then I set the permissions on the older profile folder to allow the new user account full control. Then I log in again as the user and the proper profile loads. To finish off, I delete the extra "user.domainname" folder that got created, and I'm done.

Occasionally the system will already have a profile folder for "user.domainname" and it may be the live profile, so be alert and notice which foldername pre-exists.

That's my walkthrough, and it works for me, although it's probably not as clever as Mark or lifegard2's.

Dave Shackelford
Shackelford Consulting
 
Upvote 0 Downvote
Hi there Dave. I tried your simplified instructions ... and they didn't work! So, in the hope that you (or someone else...) can figure out what is causing this problem, I re-did the procedure. Instead of the simple notes I took before, I wrote very complete notes this time. As I wrote those notes, I noticed several rather strange things along the way...

1. I removed the workstation REPORTING1 from domain E-REPORTING and added the WS to a workgroup, then rebooted

2. I logged in as admin

3. I made sure that the user 'john' was a member of the local admin group

4. I added the WS back to the domain, then rebooted

5. I logged in as admin. Note: I logged in as domain admin, is this right or should have I logged in as local admin?

6. I verfied HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\UserSID\ProfileImagePath:
SID: ProfileImagePath
S-1-5-18: %systemroot%\system32\config\systemprofile
S-1-5-19: %SystemDrive%\Documents and Settings\LocalService
S-1-5-20: %SystemDrive%\Documents and Settings\NetworkService
S-1-5-21-1855871531-71519790-4203213607-1137: %SystemDrive%\Documents and Settings\john.E-REPORTING.002
S-1-5-21-1855871531-71519790-4203213607-500: %SystemDrive%\Documents and Settings\administrator
S-1-5-21-2633852037-427691503-3039303941-1139: %SystemDrive%\Documents and Settings\john
S-1-5-21-955555292-3689834063-797670279-1005: %SystemDrive%\Documents and Settings\IBM
S-1-5-21-955555292-3689834063-797670279-500: %SystemDrive%\Documents and Settings\Administrator

For the value %SystemDrive%\Documents and Settings\john.E-REPORTING.002 in S-1-5-21-1855871531-71519790-4203213607-1137, I changed that value to %SystemDrive%\Documents and Settings\john

7. I verified the subdirs in C:\Documents and Settings. There are the following subdirectories:
Subdir Name / Date Created
Administrator / Wednesday, February 19, 2003, 3:34:39 PM
administrator.E-REPORTING / December 03, 2007, 4:52:13 PM
All Users / Wednesday, February 19, 2003, 3:18:55 PM
Default User / Wednesday, February 19, 2003, 3:18:55 PM
IBM / Thursday, August 04, 2005, 12:01:56 PM
john / Sunday, October 09, 2005, 11:48:33 AM (this is the one with all the data and profile info in it!)
john.E-REPORTING / December 03, 2007, 1:15:33 PM
john.E-REPORTING.000 / December 03, 2007, 3:05:24 PM
john.E-REPORTING.001 / December 03, 2007, 5:21:45 PM
john.E-REPORTING.002 / December 04, 2007, 6:07:30 AM

8. I verified permissions on the C:\Documents and Settings\john subdir. From a previous attempt, REPORTING1\john has Full Control on that subdirectory. Even though I was logged in as E-REPORTING\Administrator, I was unable to add E-REPORTING\john to the user list: only REPORTING1 is listed when I click the locations button!

9. I noticed that, on the Security tab, the john.E-REPORTING* subdirs have the SID "S-1-5-21-1855871531-71519790-4203213607-1137" that, after a couple of seconds, changes to E-REPORTING\john. In the Security tab for C:\Documents and Settings\john, I also noticed that "S-1-5-21-2633852037-427691503-3039303941-1139" has Full Control and a "?" next to the User Name on the Security tab. Is this the source of my problems?

10. I logged in as E-REPORTING\john. The workstation did not load the correct profile: it created john.E-REPORTING.003 in C:\Documents and Settings\, with the same properties as the other john.E-REPORTING* subdirs...

I hope that the above can help someone figure why I can't load the correct profile!

Thanks very much,

John Marrett
Crystal Reports Trainer & Consultant
 
Upvote 0 Downvote
Looks like maybe in Step 8, the permissions didn't cascade down over the subdirectories. Also, I usually remove the legacy SID that you mention in step 9 and add the domain\user account there with the same permissions the SID had: full control.

The fact that you are only getting the "reporting1" context for adding users is troubling. You should be getting the domain context if the system is really joined to the domain and you are logged in with the domain admin account... It seems to me that if that issue were resolved, the proper profile would probably load, assuming you could put the proper user into the permissions list.

Dave Shackelford
Shackelford Consulting
 
Upvote 0 Downvote
Thanks again Dave. I skipped the gym this morning to see if I could get my machine up and running. Copious notes again...

1. I deleted the john.E-REPORTING* subdirs from previous attempts to join the domain. I then removed the workstation REPORTING1 from the domain E-REPORTING and added the WS to a workgroup, then rebooted.

2. I logged in as admin

3. I made sure that the user 'john' was a member of the local admin group

4. I added the WS back to the domain using the Network ID Wizard. On the "User Account and Domain Information" form, I put "Administrator", the domain admin PW, and "E-REPORTING" as the domain. I was very surprised to see that, on the "Computer Domain" form, it said "Windows cannot find an account for your computer on the E-REPORTING domain. Most bizarre! I added in "REPORTING1" as the WS name and "E-REPORTING" as domain. I went through the succeding forms and created new user called 'john', member of the Administrators group. I then rebooted.

5. Whoops, a mistake! I was supposed to log in as domain admin. However, 'john' was there in the login form and I logged in to the domain as 'john'. Logged off and logged back on as domain admin.

6. I verfied HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\UserSID\ProfileImagePath:
SID: ProfileImagePath
S-1-5-18: %systemroot%\system32\config\systemprofile
S-1-5-19: %SystemDrive%\Documents and Settings\LocalService
S-1-5-20: %SystemDrive%\Documents and Settings\NetworkService
S-1-5-21-1855871531-71519790-4203213607-1137: %SystemDrive%\Documents and Settings\john.E-REPORTING
S-1-5-21-1855871531-71519790-4203213607-500: %SystemDrive%\Documents and Settings\administrator
S-1-5-21-2633852037-427691503-3039303941-1139: %SystemDrive%\Documents and Settings\john
S-1-5-21-955555292-3689834063-797670279-1005: %SystemDrive%\Documents and Settings\IBM
S-1-5-21-955555292-3689834063-797670279-500: %SystemDrive%\Documents and Settings\Administrator

For the value %SystemDrive%\Documents and Settings\john.E-REPORTING in S-1-5-21-1855871531-71519790-4203213607-1137, I changed that value to %SystemDrive%\Documents and Settings\john

7. I verified the subdirs in C:\Documents and Settings. There are the following subdirectories:
Subdir Name / Date Created
Administrator / Wednesday, February 19, 2003, 3:34:39 PM
administrator.E-REPORTING / December 03, 2007, 4:52:13 PM
All Users / Wednesday, February 19, 2003, 3:18:55 PM
Default User / Wednesday, February 19, 2003, 3:18:55 PM
IBM / Thursday, August 04, 2005, 12:01:56 PM
john / Sunday, October 09, 2005, 11:48:33 AM (this is the one with all the data and profile info in it!)
john.E-REPORTING / December 05, 2007, 5:53:38 AM

8. I verified permissions on the C:\Documents and Settings\john subdir. I removed the legacy SID "S-1-5-21-2633852037-427691503-3039303941-1139" from the list of users on the "Security" tab and did an "Apply". When I opened it up again, the legacy SID was no longer there. From a previous attempt, REPORTING1\john has Full Control on that subdirectory. Again, even though I was logged in as E-REPORTING\Administrator, I was unable to add E-REPORTING\john to the user list: only REPORTING1 is listed when I click the locations button! Attempting to add E-REPORTING\john manually gave me the "Name Not Found" form, which said that "The object named E-REPORTING\john is not from a domain listed in the Select Location dialog box, and is therefore not valid".

9. I rebooted and logged back in as E-REPORTING\john. I was still unable to add E-REPORTING\john to the 'john' subdirectory.

10. I gave up and figured that, if I couldn't do it this way, I would try something else. So I copied all of the files from the C:\Documents and Settings\john subdir to the C:\Documents and Settings\john.E-REPORTING subdir. When I checked the contents afterwards, C:\Documents and Settings\john.E-REPORTING had 18,976 files in 1,324 folders (7,866,579,315 bytes) while C:\Documents and Settings\john.E-REPORTING had 20,632 files in 1,320 folders (7,867, 129,221 bytes).

11. I rebooted and logged in as E-REPORTING\john. The machine looks to be identical to what it used to be (Windows Explorer comes up the same as always, all my mapped drives are there, several apps that are based on Current User instead of Local Machine work fine. Some minor issues (I am getting a Windows Installer "The feature you are trying to use is on a network resource that is no longer available" pointing to a trial app that I installed 2 years ago!) ... but nothing compared to reformatting!

12. I searched the registry for the Windows Installer path mentioned in (11) and prefixed the value name with "zzz". The Windows installer now flashes on screen 4 or 5 times.

I'll do the 2 other machines here later today. My notebook isn't a problem as I log on locally.

A question & a comment:
a. Should I delete the keys for the 5 locations I found that path to the install location?

b. It seems as thoough my machine loads apps faster now... Bizarre!

Thanks again for all your help Dave ... very much appreciated!

John Marrett
Crystal Reports Trainer & Consultant
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

goombawaho
  • Locked
  • Question
Domain join from wifi connected laptop
Replies
4
Views
790
goombawaho
goombawaho
MattM1975
  • Locked
  • Question
Domain Admin Logon 1
Replies
2
Views
229
ADB100
ADB100
StevenFromSouth
  • Locked
  • Question
VPN Connects but cannot access remote network computers or folders
Replies
1
Views
213
StevenFromSouth
StevenFromSouth
fredmartinmaine
  • Locked
  • Question
Domain Controller without DNS Server
Replies
4
Views
595
fredmartinmaine
fredmartinmaine
DrB0b
  • Locked
  • Question
Terminal Server issues doing anything network related after RDPing into
Replies
3
Views
196
DrB0b
DrB0b

Part and Inventory Search

Sponsor

Back
Top