Re: Re-joining Windows XP pro to Domain

Thank you,
Very useful information

The profile migration caused the setting of the Encrypted Attributes on
Files and Folders (Office Documents, Notepad txt, Zipped Folders, etc… etc.)
I have to solve this problem, and I am curious if anyone know what caused
this.
It's got me stumped.

Any ideas would be appreciated


"Jorge Silva" wrote:

Hi
Inline
Windows NT4 Primary Domain Controller crash.
No Backup Domain Controller.
No Backup media to rebuild the PDC.
Next time make sure that you have BK in place.

Build new Windows 2003 Server with Active Directory.
Re-create all Domain Users with default settings.
I hope that were only a few users to add...

Re-joining computers (Windows XP pro) to the Domain by changing membership
to Workgroup and back to Domain. The new Domain has the same name.
Ok.

First time a User Logon to the Domain, creates new user profile on the
Windows XP client with default Domain Users Privileges and new Document
and
Settings folder with the name: user.DOMAIN.000.
Correct. Because you're using the same domain name the profile must be
created under a different profile name.

To give users full privileges to their own computers, I logon to each
computer as Local Administrator and from the Control Panel>User Accounts
select the nearly created user and change Group Membership to Other:
Administrator.
Next I reboot the computer in Safe Mode and copy all Folders from
C:\Documents and Settings\user.DOMAIN to C:\Documents and
Settings\user.DOMAIN.000
(except the files NTUSER.DAT, ntuser.ini, ntuser.dat.LOG)
Next time the User logon do the Domain he has back his old profile
settings.
And I thought that the nightmare is over.
But it had just begun.

DON'T give users local admin access. Even Admins shouldn't run their under
their Admin account. That's why MS has the Runas feature. Any way to add
local users to local admins security group you can use restricted groups GPO
Option.
To migrate profiles you don't need to add users to local admins at all.
check:
Planning for a User Profile Migration
http://technet2.microsoft.com/WindowsServer/en/library/0e45572c-671f-4d51-b59f-1fee6f03db3d1033.mspx?mfr=true
Windows User State Migration Tool (USMT) version 2.6
http://www.microsoft.com/downloads/details.aspx?FamilyID=4af2d2c9-f16c-4c52-a203-8daf944dd555&DisplayLang=en
PROFILE MIGRATION THE UNSUPPORTED WAY
http://msmvps.com/blogs/clustering/archive/2004/10/06/15096.aspx
--
I hope that the information above helps you.
Have a Nice day.
Jorge Silva
MCSE

"dfotiadis" <dfotiadis@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:12FBF0C1-97D1-4E5F-A7C9-CA9E872CC3D4@xxxxxxxxxxxxxxxx
Hey all. I have this problem.


Windows NT4 Primary Domain Controller crash.
No Backup Domain Controller.
No Backup media to rebuild the PDC.

Build new Windows 2003 Server with Active Directory.
Re-create all Domain Users with default settings.

Re-joining computers (Windows XP pro) to the Domain by changing membership
to Workgroup and back to Domain. The new Domain has the same name.

First time a User Logon to the Domain, creates new user profile on the
Windows XP client with default Domain Users Privileges and new Document
and
Settings folder with the name: user.DOMAIN.000.

To give users full privileges to their own computers, I logon to each
computer as Local Administrator and from the Control Panel>User Accounts
select the nearly created user and change Group Membership to Other:
Administrator.

Next I reboot the computer in Safe Mode and copy all Folders from
C:\Documents and Settings\user.DOMAIN to C:\Documents and
Settings\user.DOMAIN.000
(except the files NTUSER.DAT, ntuser.ini, ntuser.dat.LOG)

Next time the User logon do the Domain he has back his old profile
settings.

And I thought that the nightmare is over.
But it had just begun.

Afterwards, users begin to disclaimer that they can’t open some files and
gets Access Denied when the tries.
When I look closer to the problem I discovered that thousands of Files and
Folders have the Encrypt Attributes set and I can’t unselect it. The user
unsure me that he newer used encryption on his computer.

The Encryption Details of the File shows that the nearly created
user[user@DOMAIN] with his Certificate Thumbprint exist in the “User Who
Can
Transparently Access This File:” field and I can add both Local Users and
users from the Domain to the list, but non of them can decrypt the Files
or
unselect the Encrypt Attribute.
I notice that the “Data Recovery Agent For This File As Defined By
Recovery
Policy” field is empty.

Any help is greatly appreciated.


.

Relevant Pages

  • Re: DNS not working. Help!
    ... > install SBS ... > then migrate the data and as much settings as possible, ... > profile folder ... > When copying the User folders, I made each user the owner of their ...
    (microsoft.public.backoffice.smallbiz2000)
  • Re: User Login creating new account named [username].[computername]
    ... The folders you are ... seeing under Documents and Settings are profiles, not accounts. ... previously and already has a profile directory. ... Documents, settings, favorites, everything. ...
    (microsoft.public.win2000.general)
  • Re: User Login creating new account named [username].[computername
    ... The folders you are ... > previously and already has a profile directory. ... > following location in the registry. ... Documents, settings, favorites, everything. ...
    (microsoft.public.win2000.general)
  • Re: User Login creating new account named [username].[computername
    ... The folders you are ... > previously and already has a profile directory. ... > following location in the registry. ... Documents, settings, favorites, everything. ...
    (microsoft.public.win2000.general)
  • Re: Accessing encrypted folders
    ... > I have a XP Machine here that has encrypted documents and settings ... > folders ... ... Did you encrypt the files or did a different user encrypt them? ...
    (microsoft.public.windowsxp.help_and_support)