Re-joining Windows XP pro to Domain

Hey all. I have this problem.


Windows NT4 Primary Domain Controller crash.
No Backup Domain Controller.
No Backup media to rebuild the PDC.

Build new Windows 2003 Server with Active Directory.
Re-create all Domain Users with default settings.

Re-joining computers (Windows XP pro) to the Domain by changing membership
to Workgroup and back to Domain. The new Domain has the same name.

First time a User Logon to the Domain, creates new user profile on the
Windows XP client with default Domain Users Privileges and new Document and
Settings folder with the name: user.DOMAIN.000.

To give users full privileges to their own computers, I logon to each
computer as Local Administrator and from the Control Panel>User Accounts
select the nearly created user and change Group Membership to Other:
Administrator.

Next I reboot the computer in Safe Mode and copy all Folders from
C:\Documents and Settings\user.DOMAIN to C:\Documents and
Settings\user.DOMAIN.000
(except the files NTUSER.DAT, ntuser.ini, ntuser.dat.LOG)

Next time the User logon do the Domain he has back his old profile settings.

And I thought that the nightmare is over.
But it had just begun.

Afterwards, users begin to disclaimer that they can’t open some files and
gets Access Denied when the tries.
When I look closer to the problem I discovered that thousands of Files and
Folders have the Encrypt Attributes set and I can’t unselect it. The user
unsure me that he newer used encryption on his computer.

The Encryption Details of the File shows that the nearly created
user[user@DOMAIN] with his Certificate Thumbprint exist in the “User Who Can
Transparently Access This File:” field and I can add both Local Users and
users from the Domain to the list, but non of them can decrypt the Files or
unselect the Encrypt Attribute.
I notice that the “Data Recovery Agent For This File As Defined By Recovery
Policy” field is empty.

Any help is greatly appreciated.

.

Relevant Pages

  • Re: Re-joining Windows XP pro to Domain
    ... No Backup Domain Controller. ... Because you're using the same domain name the profile must be created under a different profile name. ... Windows User State Migration Tool version 2.6 ... Windows NT4 Primary Domain Controller crash. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Mixed mode vs. native mode for a windows 2000 SBS machine...
    ... However, in an SBS environment, you cannot actually have more than just one DC so I guess technically the win2K3 server I have is really a "backup" dc as it could never be a full blown domain controllerresiding with the SBS machine... ... We do not have any NT servers in our environment any longer - however, we DO have a Windows 2003 backup domain controller and a Windows 2003 Terminal Server. ...
    (microsoft.public.exchange.admin)
  • Re: Backup domain controllers machine account is bad?
    ... That term "Backup Domain Controller" does not exist anymore in Win2k/2k3. ... Windows 2003 box) in a windows 2003 domain. ... Dcpromo is available for 2003. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Mixed mode vs. native mode for a windows 2000 SBS machine...
    ... and the WIn2K3 dc would remian in "mixed" mode? ... You have a Windows 2003 domain controller. ... we DO have a Windows 2003 backup domain controller and a Windows ...
    (microsoft.public.exchange.admin)
  • Re: AD sites and services
    ... A search for "Active Directory Sites" yeilds the following: ... After an Unsuccessful Domain Controller Demotion" ... http://support.microsoft.com?kbid=220140 "FRS Replication Protocol and Topology ... Windows 2000 Domain Controllers" ...
    (microsoft.public.win2000.active_directory)
Loading