If you are joining to Active Directory computers that are already in use by users you need to migrate their profiles from local to a domain. The same thing happens when you migrate such a computer from one domain to another. Of course, the user may still their local accounts but this is quite pointless.

Step 1:

Join computer to new domain and restart it

Step 2:

Login in on old local account

Step 3:

Grant full permissions on your home folder, such as C:\USERS\testuser, keep in mind to check the option to replicate permissions to all child objects. Don’t worry about not setting the permissions on few folders like Documents/My music/Pictures etc. These are not real folders, they are just links, so no permissions can be set. Just ignore them.

Step 4:

After this open Regedit

Step 5:

Right-click on HKEY_CURRENT_USER and select permissions

Step 6:

In new window click Advanced, then Add, and then type in DOMAIN ACCOUNT NAME. You may need to provide domain admin credentials to query AD.

Step 7:

Select the user, then checks the following options: 
A- Apply to: This Key and subkeys 
B- Full Control 
C- DO NOT SELECT THE LAST CHECKBOX – apply these permissions to objects and/or containers within this container only

Step 8:

Click OK, then OK, then OK

Step 9:

Wait till finish and restart computer

Step 10:

Login into the domain account, this will local profile, store SID information in registry etc.

Step 11:

Logout from domain profile, restart and login to local admin account

Step 12:

Open registry, navigate to HKLM\Software\Microsoft\Windows_NT\CurrentVersion\Profile List

Step 13:

Find the one, with local path to profile in key: ProfileImagePath, copy value of this key, eg. C:\Users\test.local

Step 14:

Find the other one with newly created profile path, eg. C:\Users\test.user.domain

Step 15:

Replace value of ProfileImagePath from old profile, eg. C:\Users\test.user.domain with C:\Users\test.local

Step 16:

Double check permissions for folders, check value of the keys.

Step 17:

If everything is ok, reboot computer and try to login to new domain profile. You should be welcomed with old desktop and settings.

Step 18:

One thing to remember, all outlook passwords need to be re-entered since credentials storage is wiped.

Gorovodsky

Leave a Reply

Your email address will not be published. Required fields are marked *