Transfer Profile to new User?

[DbHd]

Please excuse my not knowing this, but I'm in the first stages of writing procedures for exiting and incoming users. Some knowledgeable people will refine it later, but I need to know this part up front.

My concept is up for replacement employees to assume the former one's PC setup, with all email & contacts, applications and templates, desktop with icons, etc in tact. We will disable the former user account upon leaving and either transfer it to the new user, or merge it with an existing user account.

Is this possible?

 

[jkupski]

What you want to do, you will find in the system control panel on the workstation. For XP it will be under the advanced tab, for 2k, it will be under the user profiles tab.

Have the new user log into the workstation, then log out, and log back in with a different account that has local admin privs (important that you use an account other than the from and to accounts!)


Select the old user's profile, then the "copy to" button. Select the path containing the new user's profile. Make sure you give the new user full rights to the entire directory.

That should accomplish what you want.

 

[monsterjta]

I think this is along the lines of what you are attempting to do...

Copy the contents of the user profile that you want to keep into "C:\Documents and Settings\Default User", replacing all contents. (You may want to copy the current content of the default user into a different location to copy back when you are finished).

Create a new user and login. You will take on the profile of the Default User, which WILL BE the user profile of which you previously copied from.

Your golden!

Hope This Helps,

Good Luck!

(I do what I can with what I know)

 

[markdmac]

Bad idea to copy the data to default user. With each user that logs onto that box tehy would get that same information. This could represent a security risk, or just be a big pain in the neck.

I have to agree with JKUPSKI, using a copy procedure is a valid method. Another is of course to simply disable the accoutn of the exiting employee and when their replacement arrives, simply rename the account. Leave the current SMTP adresses associated with the account and add as primary the new users SMTP address. That way any new correspondence will go out as the new user and they will be able to receive mail destined for the former user. If you do the rename on the domain, the local PC profile will convert without issue though the folder name will remain as it was. If your users are bothered by this, you can rename the folder, just be sure to edit it in the registry too. You will find the settings under HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList.

Important to note that the path is Windows NT and not Windows, even on Windows XP machines.


I hope you find this post helpful.

Regards,

Mark

 

[monsterjta]

Apparently MARKDMAC isn't familiar with the wonderful world of scripting...

I cannot go into much detail here except for the MAIN point:

OBVIOUSLY, one would copy the contents of the Default User BACK to it't original location.

THINK OUT OF THE BOX.

By the way, re-enabling a user account multiple times for various users...not very good. Down the road you WILL eventually have big problems trying to diagnose issues related to AD. The GUID doesn't change, hence the underlying user doesn't change. Go think about that one a bit.

What was previously suggested by Mark is only a cover-up. It will not be true to what you want in your environment. This isn't a home network where one would like to implement hacks and cracks! Start doing that NOW and you'll be out of a job within a YEAR.

Hope This Helps,

Good Luck!

(I do what I can with what I know)

 

[DbHd]

Thanks to all of you for your quick help. I don't know what exact procedure we will eventually take, but the concept sounds valid.

jkupski's method reads like it is the "MS official" method as everything is done through dialogues. I tried it and it worked quite nicely. Am I correct that this will work across the entire domain? Are there any negatives associated with it?

<aside> When I've changed out PC's in the past, I copied selected profile folders (desktop, favorites, etc.) to the new. are there any negative issues doing that? </aside>

I'm at home so I didn't test the Exchange settings. Is there something else to do there? I want the new user to have the entire exchange account intact with all existing email, calendar appointments, etc.

Again, thanks to all for the advice.

 

[markdmac]

Well, thanks for the laugh monsterjta.

As for my not knowing scripting, you might want to take a look at the vbscript forum. I'm the #3 MVP and my login script is currently in use by hundreds of enterprise level organizations. Refer to faq329-5798 for a good example. And for what it is worth, I am a former Microsoft employee and currently working as a contractor for Microsoft writing prescriptive architecture. If you can support your statements regarding problems with renaming accounts with actual documentation, I would love to see it.
There is a distinct advantage to renaming the user account. All file and share permissions on the network (often undocumented in may organizations) will still be applied to the account since those are managed by SID. The same can not be said for a new account and therefore there is additional overhead. If permissions have been properly applied to groups rather than specific accounts then this will not be as big of a problem. Permissions that were given by others to calendars and such would not need to be redone if the account is renamed.

I'm sorry if you took my disagreeing with your suggestion as a personal attack, it was not intended to be so. If you take a look above you will note that nowhere in your original post do you reference copying the contents of the folder back. The question is not if I know scripting the question and bad assumption here would be to assume that DbHd does.

I see that you are new to Tek-Tips monstrjta, so welcome. This is a great site, let's keep it that way by not resorting to personal attacks and keep any arguments based on technical merit.

DBHD,

In the event that you do wish to create a new account, one suggestion that none of us brought up that might be easier on you is to use the File and Settings Transfer Wizard from Windows XP. Start by logging on as the old user. Export their settings. Set up a new user in the domain. Log in as that user and just use the Wizard to import what you choose (docs or docs and settings) into the new users profile. Note that a PST will not be moved so you will need to copy that manually. DbHd if you choose to give this a try, don't forget to add the SMTP address for the existing user to the new users account so any mail intended for the position will still be received. You may not want that to happen in case the exiting person was getting a lot of junk delivered from any lists they signed up for, but it is a consideration.

I hope you find this post helpful.

Regards,

Mark

 

[DbHd]

Mark, you hit on a big one with specific folder settings. This is one of our time wasters as the tech doesn't know what shares the user had and it's only when something doesn't work that it gets tracked down and fixed. Also, we do want the old email address to forward to the new.

Monsterjta's comment about the GUID not changing being a problem is confusing to me (probably because I'm not expert in these matters). I "think I know" that the GUID is the "real" identifier for a user account. Further, changing the name attached to it will cause the server to think the new user has been there since the start and all history would point to the wrong person.

But I still don't see that as an issue in my situation as we don't do anything with history and are small enough that we know for a couple years anyway that originally Cindy had it, then Bob, and now William. I can't imagine what history we would need or use. Besides, does anybody change the user name if the users changes it (like get married, etc.)? There must be more to this so please help me get it. If it will cause me to get fired within a year I need the understand everything.

Mark, back to you regarding group permissions. I am struggling with this a bit as we are pretty small with less than 150 users. Many have unique jobs and they would be a group of 1. Would this be a good thing? My hunch is a group of 1 isn't so important, but positions evolve and when someone leaves their work is picked up by existing workers and may or may not be re-divided when someone new is added.

We have the built-in groups, plus a few for users restricted to a given database for some specialized workers. We adjust workload and unique database access with it so some permissions are constantly evolving.

However uncertain, we have decided to do something with this by writing procedures for HR to initiate user access by job category & location. A counselor at ABC Center will have email and access to the 2 databases they need. The catch is we have to be able to say give them the standard plus xxx database, or minus yyy application. Is there any hope for us?

 

[jkupski]

<aside> When I've changed out PC's in the past, I copied selected profile folders (desktop, favorites, etc.) to the new. are there any negative issues doing that? </aside>

Way back when, I tried this, and Windows ignored the user profile on login and created a new one. The reason is, IIRC, that %USERPROFILE%\NTUSER.DAT is tied to the user's GUID. If you're renaming accounts as markdmac suggests, this obviously will not be an issue as the GUID will be the same.

BTW, mark, I have one REALLY good reason not to do what you suggest: you lose your audit trail. Having to go into HR records and figure out when every employee to use that account since it was created was hired and quit/terminated just so you can figure out who performed some action seems to be a high price to pay.

 

[markdmac]

DbHd, you hit it right on the head. People get married and change their name all the time. As stated above I would love to see any documentation to back up that this will caiuse problems in AD. If that were the case I doubt very highly that Microsoft would keep the ability to rename objects so easily accessible from the GUI.

jkupski's concern regarding audit trails over extended periods of time could be valid, but unlikely in your environment of 150 people.

Mark, you hit on a big one with specific folder settings. This is one of our time wasters as the tech doesn't know what shares the user had and it's only when something doesn't work that it gets tracked down and fixed. Also, we do want the old email address to forward to the new

I feel strongly that I have presented you with the best solution, but you will ulitmately need to evaluate all of the advice given and decide for yourself.

I hope you find this post helpful.

Regards,

Mark

 

[DbHd]

Thanks again Mark & jkupski, I think I have my answer. Unless overruled I will go the rename route.

 

[monsterjta]

DbHd, I was answering to your initial inquiry. You wanted to transfer a users profile, along with all app access, files, setting, favorites, etc. The solution I proposed WILL work, however, there are obviously many solutions for like scenarios. As far as the email account, an alias can easily be setup for that, allowing the current user to use the historically "well known" address as well as their specified user account.

Quickly, I want to dually note Mark's concerns. While reading advice, it is not good practice to start your post stating that others have "bad" advice. It's inconsiderate to say this simply because it is not the same solution as yours. Allow the thread holder to choose their own path.

Hope This Helps,

Good Luck!

(I do what I can with what I know)