Migrate a user profile in 7 easy steps

PROFILE MIGRATION THE UNSUPPORTED WAY


(though it really works well)


 


Have you ever had a profile problem? No, not you, never. You have a laptop or a regular computer the was in a domain, but now does not have access to the domain. Below are the steps to allow you to control that profile information.


 


1)      Logon in as WORKGROUP\USERID


a)      Check to see what directory gets created under C:\Documents and Settings. 
– most likely will be USERID.WORKGROUP or USERID.WORKGROUP.000
**** This is the path you will CHANGE in the registry in a later step


b)      Check old DOMAIN directory
– most likely will be C:\Documents and Settings\USERID
**** This is the path you will USE in the registry in a later step


 


2)      Logout & Login as Local Administrator or Domain Admin


 


3)      Add WORKGROUP\USERID to Local Administrators Group


                                 


4)      Check number of profiles under User Profiles tool
Windows 2000 – Right Mouse Click on My Computer – User Profiles
Windows XP – Right Mouse Click on My Computer – Advanced – User Profiles – Settings
Should see two profiles – DOMAIN\USERID and WORKGROUP\USERID


 


5)      Open Registry – REGEDIT


a)      Go to this key
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList


b)      Find DOMAIN SID – Look for the path in Step 1b to under ProfileImagePath key


c)      Find WORKGROUP SID – Look for the path in Step 1a to under ProfileImagePath key


d)      Highlight ProfileImagePath key in right-hand window for WORKGROUP SID
Double-click and change path to match old DOMAIN path noted about in Step 1b.
– will most likely be %SystemDrive%\Documents and Settings\USERID


         This path is case sensitive


 


e)      Find DOMAIN SID
Highlight SID in left-hand window and Delete


 


6)      Logout & Login as WORKGROUP\USERID


 


7)      Check number of profiles under User Profiles tool
 Should see only one profile now – WORKGROUP\USERID


 


This will also work if you are moving from one domain to another. Just substitute new domain for WORKGROUP.


 

64 thoughts on “Migrate a user profile in 7 easy steps”

  1. Thank you ever so much!

    Thought I would have to go through the set-of of everything all over again. I have had to do this before, but then again, why don’t one ever learn? Going from domain, to work group, and back to domain, there is no way for it. But now, YES. I don’t know if I did exactly as you said. I copied the key value as you mentioned and exchanged the old (real) account’s key value with the new account’s and, voila, it worked (as far as I can tell yet). Looks like the mail accounts’ passwords are lost but the mails are there and everything else looks as it should.

    Grazie mille, tusen tack!

    Stellan

  2. The profile changing worked to some degree.

    It seems that after these steps are completed. Exchange settings on the client side are not working. A user has to set up all Exchange settings over in the new domain.

    Desktop icons and IE favorites were preserved along with other profile information, but the Exchange settings were lost.

  3. Total catastrophe.I followed the description step by step and restarted the computer at the end. The computer didn’t respond to restart, I reset. When I logon to the profile, I found an empty profile and the previous profile, which I want to move, was deleted totally. All of my documents, settings, everything disappeared. I tried to recover with emergency recovery softwares, it was partially successful but all used mailbox files (pst) shows only 1024KB size.

    Make a full backup before try to move the profile.

  4. Had the same issue as Steve… But I understand what the issue is, and you may want to correct these instructions for people who might find this and not read ahead….

    The problem is that if you are using roaming profiles on your network, when you point the directory to the correct place in regedit, you are basically telling the server where to dump all of it’s files it has under the profile on the server… Thus erasing anything that you had in that folder.

    So everything is fine except, before you regedit and change the path, you should go into the profile you are working with and make it a Local Profile.

  5. This method IS in fact supported by microsoft just not for the same reason…. Although the link below is for win2k, it works the same way in winXP. MS’s instructions include steps to ensure that it works. The permissions on the ‘old’ profile, must be set to allow the ‘new’ user access to it, otherwise, it will not work; windows would just create a new profile, since it could not read the one that it was directed to read by the registry. I’ve been using this method to migrate users onto a domain from a workgroup and it works well, so long as you take care of the security issues.

    http://support.microsoft.com/default.aspx?scid=kb;en-us;314045&sd=tech

  6. If you are using this method in a domain environment under Win 2003 server/XP client you will probably need to re-add the machine to the domain at the end of the process to pick up some settings like drive mappings.

  7. i moved a couple hundred profiles from an old domain to a new domain, but now we’re having strange problems with select computers, we haven’t a clue whats going on. when a user logs in it creates a new profile ( user.000 ) and when you look in the registry it shows in the profile list that the old user account now has the exact SID but .bak added to the end of it, and the new user.000 account is the active one. we knocked the .000 off the end of the active profile, and added the .000 to the .bak one so the user will get back their settings, and it works… BUT it happens again randomly, and this isn’t all users.. so far we only had about a dozen people have this problem.

  8. We had a Windows 2000 SBS Server and a Windws 2003 Terminal Server. Both servers were DCs (the 2000 SBS Server was root/forrest).

    All clients are Thin Clients and were accessing the 2003 TS.

    The 2000 SBS Server crashed and was rebuilt from scratch.

    The same server and domain name were used.

    When TS users log on now they receive the following error messages:

    1- Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

    2- Windows cannot load the locally stored profile. Possible causes of this error include insufficient security rights or a corrupt local profile. If this problem persists, contact your network administrator.

    Restarting the Windows 2003 TS corrects these problems but if left for 24-hours the errors return when users log back on.

    I have been through the registry and ensured that the profile locations are correct and that the appropriate NTFS permissions are assigned but TEMP profiles are still being created.

    Somewhere I read that user SIDs are still corresponding to the prvious server’s SID before it crashed. Is this the case? If it is how can I re-create the SIDs for users that reflect the rebuilt DC?

    Note: The 2003 TS has been demoted back to a member server to reduce complexities whilst this problem is being solved.

    Thanx in advance (being optimistic here)…

  9. Good post, Rod. It’s a common problem!

    I did it last year implementing a domain, and I’m going to do it again this year moving everyone to a new domain!

    I think that the problems experienced by most people in following these steps relate to permissions. For example, sometimes the user has customized the permissions so that ‘Everyone’ or ‘Administrators’ don’t have access. What I would recommend would be to go to the root of the profile directory and give the ‘new’ user account Full Control to everything in the profile and reset permissions on all child objects – you may need to use Administrator to re-grab ownership of everything first, and also make sure you’re showing hidden files, or they’ll get missed. Once this is done, you can remove the user from the local Administrators group, and they should be good to go.

    Another method I’ve used is just to use the ‘copy’ button in the User Profiles tab of System Properties, and paste the old profile into the directory that is the profile for the ‘new’ user account. Once it all works, the original profile can be deleted from the same tab.

  10. Hey guys,

    We were doing the same thing with a Windows XP machine. We had a guy go in and copy over a user profile instead of first backing up the 5 .pst files the user had when migrating them over the new domain. Well anyways we lost the .pst files. We used the Virtual Lab recovery and got 3 of the 5 .pst files out of hte machine. Do you guys know how or where there has to be how windows puts those .pst files somewhere before they get migrated over to the new user profile? We have scanned every sector of the computer for a .pst file, can anybody please help me with this situation please?

    Thanks alot! RIch

  11. for simple moving accounts, not the corrupted SID problem these instructions cover, try the MOVEUSER tool in the MS W2k resource kit.

    real easy.

  12. Try to use Microsoft’s Active Directory Migration Tool (ADMT) for moving accounts,computers,resources between domains. It works fine and can save noticeable amount of time.

  13. In w2k server and logon as administrator, in the users and group,double click on the administrator, it would promopt ‘could not prepare the property page because: The system cannot fine the file specified.’. IT seemed like the user profile is having the problem.

    Could I use the above method to resolve my problem?

    Thanks

  14. Shane,

    I currently have the same problem with 1 specific machine……it’s happened a couple of times where the machine creates another profile of the guy with .000 on the tail end of it and I don’t know why !!!

    When it happens, I have change the store locations and everything else from colin.000 back to colin

    Have you found any reasons as to why ?

    I was searching the web for answers and came across Rod’s site and saw your comments

  15. better yet:

    10 steps –

    1- verify location of current user profile my documents c:\doc…\workgroupuser\my documents

    2- Add pc to domain

    3- Log on as domain administrator account ( don’t forget )

    4- Add domain\user or Domain Users to local admin group

    5- log off

    6- log on as domain\user, verify location of my documents c:\doc…\username\my documents

    7- log off

    8- log on as domain admin

    9- swap the profile folder names:

    new profile: c:\document and settings\domainuser, rename to .delete

    old profile c:\document and setting\workgroupuser, rename EXACTLY as new domain user folder ( with out the .delete )

    10 – log on user – ta da

    I have used this over 500 times on; nt, w2000, xp

    NEVER FAILED

    – of course your milage may be different !

  16. Thanks a bunch folks. Works like a charm.

    Moved myself from local group to a domain in less than a couple of hours. Worst case was moving from my local administrator to local admin/domain user account…

    Would recommend to anybody anytime.

    – Ram.

  17. HI Guys,

    seemed to be an interesting discussion and usefull uRL to me. I have a problem with profile and user folder migration or moving hope someone can answer. It is little different than the above ones. I have a windows 2003 domain running with 3 DCs. One has all the PDC emulator stuff like FSMO roles, DNS etc. So i had to replace the that main dc wiht a new server.

    SO my first step was to add the new server to the Domain as a DC. I got thru that and i also made the new server DNS till that point everything is fine.

    Next step was to move file shares. I have three shares (Profiles, Users, Shared). My plan was to first back the three shares using NTBACKUP to the new server and then restored them there. So next step was to change the server name in everybody profile as i had roaming profiles for everyone. So i used Active Directory Feature to do that. Just select all the users right click properties change the profile stuff like roaming profiles and also the mapped user drive to the new server. And i use a login script to map the third share.

    Everything is woring fine but when users login they still get a reminder balloon of saying that they are disconnected to the old server and is currently offline. I am not sure what else i missed or if my procedure was wrong. When i click on the balloon and try to see what files it want to synchronize i dont see anything.

    I am not sure what exactly is the problem if anybody went thru this or have any idea to help me solve this issue that will be great.

    Although everything is working fine i still want get rid of the reminder balloon.

    thanks a lot,

    Naveen

  18. A simple question here for user profile. One of user is using Workgroup Profile. Now he is member of domain and want to use his Workgroup profile. Is that possible using above steps?

    Thanks

  19. Ok. Here i did the following to move or change a profile.

    In regitry (ImagePath) i changed the Path (This is the main thing you are doing) and then give the full control permission to user on profile directory and then reset the permission on child objects. This step is necessary because if you don’t have atleast Read only permission on Desktop folder the profile will not be loaded. That’s it.

    Thanks

  20. Hey guys good day!

    I have a user which is a power user in the workgroup side and want to save his profiles upon enrolling him to the domain. I followed your 7 steps however i found out that the local user must be an administrator to access the same profile while in the domain. I noticed that when i change the user back to power user group ( the way it was before migration ) it crashed! all i can see is a black desktop with the icons and some can’t-run programs such as microsoft outlook for email. I appreciate the way it was presented but it doesn’t fit to my needs. Is there another way you can save profiles by using a power user identity! help ?????

  21. Hi all,

    I am looking for an answer for the reverse problem.

    Connecting computers running Win XP sp2 to a domain on Win Server 2003.

    I’m able to create all accounts on the server, as well as copy their local profiles to the roaming profiles.

    The problem is some of the local settings do not show up in the roaming profile when the accounts are set as "Restricted" or "Standard – Power user" and Microsoft Outlook does not work unless the user is an "Administrator". I thought it might be due to priviledges, so I tried giving the users full access to the folders on the server but doesn’t fix the problem. Anyone know what I’m doing wrong?

  22. Hello all,

    a commercial tool for all this would be:

    "Profile Wizard" from ForensIT

    I haven’t tried it yet, but it looks like it’s a little script-like thing that does the same registry-path changing as described in most " x steps" descriptions 🙂

    However, I haven’t tried this tool yet, and when I tried copying user profiles or changing the key in the registry to point to the old profile, I can not start Outlook or the "Mail" tool in the Control panel. Outlook says "can not start" and the "Mail" tool syas "not enough memory" (I know this means there is a problem with access rights somewhere, but not how to fix it 🙂

    So I will first try using the Microsoft ADMT tool:

    http://www.microsoft.com/technet/prodtechnol/windows2000serv/downloads/admtool.mspx

    since I am migrating from a Windows2000server, which is the current Domain Controller, to Windows2003sbs (and will then add the 2000 server as a simple file server… woudln’t it be nice if 2003SBS would just allow Active Directory trusts? That’s M$ for you… 🙂

    I’ll let you know how the mileage went 🙂

  23. I am trying to move from a workgroup to a domain using the followin steps.

    1) Logon as admin and create new domain user and domain admin ids

    2) logon and logoff new domain user

    3) logn domain admin, Copy workgroup user profile to domain user profile.

    4) logon domain user

    I have no problem as long as the domain user is local admin.

    When I try moving restricted users, Outlook says "can not start" and the "Mail" tool says "not enough memory"

    Any ideas would be appreciated.

  24. Same problem with a slightly different background. We have a machine running our domain on Samba 3.0. We want to migrate back to windows accounts. We have tried repeatedly and unsuccesfully to copy over the information to an Active Directory domain but not working. My next plan of attack is to create all the accounts in AD, move the computers to the new domain, then write an app that will attach all the new profiles to the old profile security information. Hopefully it will work. I will let you know. Or i wont have a network soon 😛

    PEACE!

  25. This article is total bullshit. Any such profile copying activities which do not deal with repermissioning the users HKCU (i.e. the contents of the ntuser.dat file) are doomed to failure, as the HKCU of the new profile will be permissioned only to allow access from the old user.

    This is almost certainly the cause of complaints with outlook profiles, nonworking applications, other wierd problems, etc.

    To solve, you have to open the ntuser.day file in regedt32 (reg/load hive), add the permissions for the new user, and then unload it.

    And if you want to keep persistent drive and printer mappings you had better hunt those down in the registry and modify the assigned usernames as well.

  26. Quote from Mike:

    "We had a Windows 2000 SBS Server and a Windws 2003 Terminal Server. Both servers were DCs (the 2000 SBS Server was root/forrest).

    All clients are Thin Clients and were accessing the 2003 TS.

    The 2000 SBS Server crashed and was rebuilt from scratch.

    The same server and domain name were used.

    When TS users log on now they receive the following error messages:

    1- Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

    2- Windows cannot load the locally stored profile. Possible causes of this error include insufficient security rights or a corrupt local profile. If this problem persists, contact your network administrator.

    Restarting the Windows 2003 TS corrects these problems but if left for 24-hours the errors return when users log back on.

    I have been through the registry and ensured that the profile locations are correct and that the appropriate NTFS permissions are assigned but TEMP profiles are still being created.

    Somewhere I read that user SIDs are still corresponding to the prvious server’s SID before it crashed. Is this the case? If it is how can I re-create the SIDs for users that reflect the rebuilt DC?

    Note: The 2003 TS has been demoted back to a member server to reduce complexities whilst this problem is being solved."

    I am having this exact issue running 2003 Terminal Server authenticating on SBS2003 domain controller. Did you find a resolution for this, Mike?

    Thanks.

  27. Good article & comments.

    Quick question: I had a co-worker that left the company and we gave him his computer. Before he left, I changed his network settings to be part of a local workgroup, instead of the domain. I also set up a local user account and gave it Admin access.

    Now when he logs on, he uses Outlook and his settings aren’t there. I’ve looked throughout the computer for a .pst file, but cannot find it. I reset the ownership of the old domain account to the new local user account, just in case that was blocking him from seeing it, and still nothing.

    Thanks!

  28. I used this method with a 2003 DC and a dozen or so w2k workstations. Worked like a charm, except that when I demote the users back to "users", the first time they log in (as domain/local users, not local admins) it creates a new profile. Anyone know what to do about this?

  29. Hi,

    I just had the same problem that Shane wrote about way back on January 18, 2005. I solved it exactly like he did, but am curious if anyone know what caused this. It’s got me stummped.

    Thanks,

    Randy.

  30. Well, I’ve read that somebody mentioned ADMT to migrate profiles. In my experience, ADMT does not manage user profiles, am I wrong?

  31. All procedures above include adding the user to the administrators group. Is this to avoid problems in the ACL of the redirected profile? What if I don’t want tyhe new DOMAIN user being administrator of the machine?
    Will just granting the new DOMAIN user full control on the old profile folder work fine?

  32. I was migrating users profile on a PC in workgroup.when I mapped new user name with older user existing profile…all the setting I have got,but lost outlook.pst.I dont have backup for pst files.Can anyone help me out to get those pst back….its very urgent and have critical data.

    Thanks in advance buddies.

  33. Hi all,

    Similar problem… I recently had a Windows 2000 Server die a very nasty death. New server is being installed next week with Windows 2003 Server.

    Now the users on the W2K server were logged onto it as a domain environment. Can I use the Domain Migration Tool to transfer the user accounts and domain settings onto the 2003 Server. I have images in my head of having to go round recreating every single user profile otherwise. If I were to disconnect the workstations from the old domain and then reconnect them to the new domain would the profile not then be created as C:\Docs+Settings\.000?

    Thanks

  34. Hi;

    I need to migrate the Win2k3 terminal Server user Profiles (Not Roaming Profile) to another new Win2k3 Terminal Server, will this 7-steps works for me? If it is not applicable, how can i do that?

    Anyone please advice…Thank you.

  35. Hi;

    I am planning to migrate an existing WIn2k3 Terminal Server to a new Server Machine.

    My Problem here is how to migrate the Terminal Server User Profiles (not roaming) to the new Win2K3 Terminal Server?

    Is the 7-steps described here application to my situation?

    Can someone advice me please.

    Thank you.

    Regards;
    Ader

  36. All of these procedures are great, especially the profqiz one, but isn´t there a procedure that lets you perform these steps without giving the user local administrator permissions? Specifically I want to be able to migrate a local workgroup profile to a domain profile, and the stuff that interests me, like Environment Variables, will only transfer with local administrator permissions.

  37. Based on the intstructions provided here, I came up with my own variation that works and doesn’t require admin rights for the user.

    1. Join the new domain.

    2. Log in as user. Log out.

    3. Log in as admin.

    4. Change the ProfileList registry entry as above.

    5. Give user local admin rights (this is only temporary!). Log out.

    6. Log in as user.

    This is where it gets different from OP’s process.

    7. Add user to the permissions for the profile folder, full control. Take ownership after changing rights. Remove old user account if you desire (it’ll be the account name with lots of numbers and letters in it).

    8. Open regedit and right click “permissions” on HKCU. Add user with full control. Remove old user account if you desire (it’ll be the account name with lots of numbers and letters in it).

    9. Open the users control panel app, remove local account for user. Log out.

    Saved passwords will have to be retyped, but everything else transfers afaik.

  38. I could never figure this out, a matter of fact I went on an interview and was asked how to do this. I never felt so unprepared now I will never forget. Thanks –

  39. Some time ago, I really needed to buy a house for my organization but I did not earn enough money and could not buy something. Thank God my mother adviced to take the credit loans from banks. Hence, I acted that and was satisfied with my student loan.

Leave a Reply

Your email address will not be published. Required fields are marked *


*