Migration to another 2003 Domain

[melfineo]

Hello,

Our current domain is to be no more and we will be integrated into another completely separate domain. A 2003 domain to another 2003 domain. User accounts already exist in the other domain and are currently used to access resources in the other domain via a secondary prompt for credentials. There are no trusts etc.

What will be the best way/utility for getting all of the current accounts local profile data, app settings etc including groove (3.1) workspaces (no roaming profiles) and import into the other accounts?

 

[TNGPicard]

(1) Can you establish a temporary trust between the two domains and then move the machines from one domain to another then use moveuser.exe on the desktops to move user@oldDomain to user@newDomain?


(2) Create a local account on the machine for the user, use moveuser.exe to move userDomainAccount@oldDomain to userlocalAccount. Change the domain membership of the machine, then use moveuser.exe to move userLocalAccount to userDomainAccount@newDomain


TNGPicard / Mark L.

 

[melfineo]

The moveuser.exe works very well thank you but I am coming up against some red tape as it has not been used in the organisation before. Can you tell me how it works, I know it changes permissions on the profile. If I was to do the same manually how would this be achieved? Unfortunately the trust is not an option, again red tape. (we are a small domain managed by me moving into a very large one managed by lots of people.)

Thanks.

 

[TNGPicard]

melfineo,

I don't know the specifics about every step that moveuser does except it does its job great - a lot better than renaming the profile folder and changing its NTFS permissions - it changes all the SIDs throughout the profile and when the new user finally logs back in ALL of their preferences and links are still there. Its not a random application by some kid on the net, its a tool from MS so hopefully you can cross that red tape and be able to use it.

What I did at one place where I did a migration from an old NT 4 domain to a 2003 SBS AD where we couldn't use any type of trusts between systems. You have a similar situation, the course of action I used there was/is:
(1) Create a temporary local user (hopefully your security policy allows this)
(2) Use moveuser.exe oldDomain\UserName machineName\tempUser (you need to do this from another account on the machine with administrative priviliges)
(3) Change domain membership of the machine to the new domain
(4) Add new domain user account to machine or ensure that users domain account has access to the machine.
(5) moveuser.exe machineName\tempUser newDomain\UserAccount

Moveuser.exe takes care of everything else. Something right now is making me think of something called admt.exe but I don't think its going to work in your environment - not in a spot to check it out more


Good Luck
Mark L. / TNGPicard

 

[melfineo]

Mark,

I tested it out within my domain and it worked perfect. I have a machine which I am goint to put in a test domain and try it that way too. Hope fully it will be approved and as you say it is a proper MS tool.

I also tried renaming the profile and setting permissions but it does not work properly as some applications refuse to work and windows appearance changes are not retained I dont know why this is, this also happens using the copy to option under the profile section in system properties.

The best alternative seems to be logging in as the new user to create the new profile and then as an admin and manually copying the old profile folders excluding ntuser.dat. This is very long winded compared to moveuser