No announcement yet.

New Domain - Old Local Profile Problem

  • Filter
  • Time
  • Show
Clear All
new posts

  • New Domain - Old Local Profile Problem

    I am having an extrememly bothersome issue and it is sucking my time away because I cannot figure this out for the life of me.

    I have several workstations running xp connected to a windows 2003 server. I had to move the workstations from an old domain to this new one and could not migrate anything as we did not have time. So after copying the AD to the new server, I logged into the workstation as a user (user_xyz for example) and it gave them a new profile user_xyz.domain

    I needed their old profile back so they could keep their xp and outlook settings so I used the instructions found here: to restore it.

    Now I have all their settings back but the weirdest thing is happening. When I go to certain web pages on their account, only on this computer, internet explorer says that the web page cannot be displayed. Also, symantec endpoint will not connect to the server.

    The only way to fix this that I have found is to give add the user locally as an administrator. This fixes everything. I then removed the user again locally and back to having the issue.

    Is there any way to resolve this issue without giving them administrative permissions???

    Thank you so much to anyone that is willing to help. I am at my wits end. Thank you.

    Here are the instructions I used to restore their profile:

    1. After successfully logging in as your new user, immediately log out and log back in as the local machine administrator.

    2. Go to Documents and Settings and youíll see two profile folders with similar names. One will probably have .DOMAIN appended to the end. This is the new profile.

    3. Move the new profile folder to another location. Remember where it is and what itís called.

    4. Add the new user account to the local administrators group on the computer.

    5. Go Start\Run and type regedit then click OK.

    6. Choose Edit\Find from the menu and type the name of the folder you just moved. Itíll be somewhere like: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\<SID number> and the key is called ProfileImagePath. The string will look like ď%SystemDrive%\Documents and Settings\Ē

    7. Change the value of this key to the path of your original profile folder.

    8. Then go into regedit, highlight HKEY_USERS, and go to File\load hive, then find the users NTUSER.DAT (ensure you have hidden files visible), and load this file. The NTUSER.DAT file will be found in the new profile folder - the one you moved. Regedit will prompt for a name. Type anything for the name as this is just the subkey that the userís registry hive will appear under.

    9. Then right-click on that subkey and choose Permissions. You will see the old SID which can no longer be resolved to a user account name because it belongs to the old domain, to which the machine is no longer joined. Delete that SID, and add the user again from the new domain with full permissions. Then unload the hive from the file menu (otherwise the file will be locked/in use and you wonít be able to use it).

    10. Also remove the old SID and add the new user (same user, but new SID, so a new user as far as Windows is concerned) as the owner or full-permissions for \documents and settings\username. Do all of this while logged in as a domain administrator of the new domain.

    11. Now reboot and log in as the user. All the settings will be there as before.

  • #2
    Re: New Domain - Old Local Profile Problem

    Try removing Symantec Endpoint and testing but first making sure you temporarily install AVG or other free AV before doing so. I have known Symantec Endpoint to cause strange issues.


    • #3
      Re: New Domain - Old Local Profile Problem

      I have determined that symantec is actually not at fault here because I tried this exact thing on computer that I have yet to put symantec on but that I brought over from the old domain.

      Something is changing when I set the user to be an admin on the computer. I'm not sure what it is yet and I can't figure it out. When I add the user as an admin via start->run->"control userpasswords2" on the computer I did the profile trick to, everything works fine. I log off and log back in as administrator to remove them as the admin, log back on as that user, and now certain websites don't work and symantec can't talk to the server. It is so weird. A specific example is I can go to google fine - but type in and IE says it can't display the page.


      • #4
        Re: New Domain - Old Local Profile Problem

        I see. You could try resetting permissions back to default level.

        Start, Run, MMC. File, Add/Remove Snap Ins.

        Security Configuration and Analysis

        I believe there is a template in there for default permissions.


        • #5
          Re: New Domain - Old Local Profile Problem

          That is something I've definitely never done before and it seems a little over my head. When I open MMC and load the Security Configuration and Analysis page it asks me to open a database. Which database should I load to see the permissions?


          • #6
            Re: New Domain - Old Local Profile Problem

            No probs.

            This should help. It is for Windows 2000 but the template to use for the desktop is the same.


            You just need to make sure you remove the Hidden files option so you can see the 'inf' folder.

            Path here: C:\WINDOWS\inf


            • #7
              Re: New Domain - Old Local Profile Problem

              Thanks Virtual for all your help so far. I will be back on tuesday and will be able to test it out then. Do you think this will work even though I tried to grant that user full permission to the entire c: drive already which did nothing?