samba - Jun 2004 - How to keep local profiles when joining domain?

Hi

I hope someone can help
  We currently have Windows 
XP Professional PCs that logon to an old Novell Netware 
3.12 server.  We?re just using the standard Windows 
Netware client, and each user has a Windows XP User 
account and password that matches their Novell one.  
When they logon to Windows, they are automatically 
authenticated to Novell.

However, we are now in the final stages of deploying a 
Samba server to replace the Novell one.  The Samba 
server is configured as a Primary Domain Controller, and 
seems to be working fine.  We do not wish to use roaming 
profiles, so the profiles will be held locally on each PC.

We wanted to test the migration of modifying the PC 
network clients to login to the new server, and have cloned 
a hard drive.  I haven?t played with this myself, but we?re 
unsure how to join the new domain, such that the existing 
profiles (eg desktop layout, applications, etc etc) are 
retained for each user.  When we simply change the PC 
properties to join the domain, we lose the users? settings.  
For example, if we have a user named Mike who is logging 
on to our new domain of scodomain, it creates a profile 
under ?My Documents & Settings? named mike.scodomain.  
There is already a profile named ?mike?.  Both users have 
administrative access on the PC.  We?ve tried creating and 
logging on as another administrative user then copying the 
contents of the profiles folder from mike to mike.scodomain 
(including hidden files), but we don?t get the settings that 
mike has.

I?d really appreciate some pointers on this.  It must be easy 
(there again, it?s Microsoft
) I think we?ve looked at right-
clicking on My Computer, Properties, User accounts, 
Profiles (or something like that) and copying profiles.  Also, 
the administrative tool in the Control Panel.

David

On Wed, 16 Jun 2004, Nash Computer Technology wrote:
> However, we are now in the final stages of deploying a
> Samba server to replace the Novell one.  The Samba
> server is configured as a Primary Domain Controller, and
> seems to be working fine.  We do not wish to use roaming
> profiles, so the profiles will be held locally on each PC.
> 
> unsure how to join the new domain, such that the existing
> profiles (eg desktop layout, applications, etc etc) are
> retained for each user.  When we simply change the PC
> properties to join the domain, we lose the users? settings.
This method is unreasonable for more than a few users, due to the time
involved, but it has worked for me.

1. Make a note of the user's profile directory. I'll assume it is in
C:\Documents and Settings\mike

2. Log in to the PC in question as a LOCAL Administrator, other than
Mike.

3. Make a copy of Mike's profile, just in case things get screwed up
royally. It's a good idea to use ntbackup for this (if you're dealing
with XP, it can be installed from the CD) so you don't lose the ACLs.

4. Rename Mike's profile to something like C:\Documents and
Settings\Mike.temp

5. Join the workstation to the domain and reboot as prompted.

6. Log into NEWDOMAIN as Mike. A new profile for Mike will be created,
hopefully it will be C:\Documents and Settings\Mike, but make a note of
whatever the path is.

7. Log out Mike and log in as the local or domain administrator again.

8. DELETE the new profile that was just created. (You did make a note
of it's exact name, didn't you? If you didn't, go back to step 6.)

9. RENAME Mike's old profile from Mike.temp to C:\Documents and
Settings\Mike (Or whatever the path created in step 6 was)

10. Change the ACLs (security descriptors) on this profile to allow
NEWDOMAIN\Mike full access to the folder and all child entries.

11. If the path of the profile that was created in step 6 DOES NOT
match the original path of the profile, your job just got a lot harder.
Skip to step 13.

12. You should now be able to log in as NEWDOMAIN\Mike and have all his
profile back. Thank your chosen diety you were able to make the new
profile use the same path as the old profile, and skip the rest of
these steps and go on to the next workstation.

13. While you're still logged in as an administrator, open up regedit.
Load the registry hive C:\Documents and Settings\(new path)\NTUSER.DAT

14. EDIT the registry, replacing all instances of the old path with the
new path. Make sure you also check for instances of 8.3 munged names.
There will be WAY TOO MANY of these; I've found that sections of the
registry can be exported to a text file with can then be
search-replaced. Maybe there's a registry tool out there that makes
this easy; I haven't found it.

15. BEFORE YOU CLOSE REGEDIT, be sure to UNLOAD the hive you loaded in
step 13. Otherwise, Mike will not be able to log on.

16. You should now be able to log in as Mike. If things are totally
screwed up, well, that's why you made a backup, right?

Yes, I've actually done this. Several times. It's only fairly easy if
you can make the "new" profile use the same path as the old profile.
That's why we renamed the old profile first. There may be a way to
temporarily use roaming profiles and the User Profiles tool in the
system properties, along with Samba tools on the UNIX end to accomplish
the same thing in a quicker, easier manner, but I haven't investigated
that.

~~Jonathan Johnson
Sutinen Consulting, Inc.
jon@sutinen.com

You may also want to read these Microsoft Knowledge Base articles:

How to Migrate User Profiles to Windows 2000
http://support.microsoft.com/default.aspx?scid=kb;en-us;234548

How to Create and Copy Roaming User Profiles in Windows
http://support.microsoft.com/default.aspx?scid=kb;en-us;142682

HOW TO: Create a Roaming User Profile in Windows 2000
http://support.microsoft.com/default.aspx?scid=kb;en-us;302082

What you may want to do is temporarily migrate the user profile from a
local to a roaming profile using the information in these articles,
then change the profile mode back to local in the System Properties /
User Profiles module.

--Jon Johnson
Sutinen Consulting, Inc.
jon@sutinen.com
(360) 270-9317 cell

I am using Samba 3.0.4-1 and am seeing some odd behavior using Windows User
Manager.

I have Domain Users mapped to users using net groupmap.  And have my
add user to group command mapped correctly.

I can add users just fine to the Linux users group using User Manager.  But
when I go back to look at membership in User Manager it says the first 31
users are members and the rest of the users are not members.

In /etc/group all the users are members of the users group.  User Manager is
just reporting it wrong.

Any ideas, anyone seen this before?

-- 
Paul Espinosa
pespinosa@sunflowerbroadband.com
IT Supervisor
The World Company
785/312-6912

I haven't looked properly but there are lots of registry files in

/usr/share/doc/samba-<VERSION>/docs/registry/

One of which is called Win-2Kx-XPP-ForceLocalProfile.reg

Could be helpful

Alex

On Wed, 16 Jun 2004 23:28:25 +0100, Nash Computer Technology  
<nashcom@btinternet.com> wrote:
> Hi
>
> I hope someone can help?  We currently have Windows
> XP Professional PCs that logon to an old Novell Netware
> 3.12 server.  We?re just using the standard Windows
> Netware client, and each user has a Windows XP User
> account and password that matches their Novell one.
> When they logon to Windows, they are automatically
> authenticated to Novell.
>
> However, we are now in the final stages of deploying a
> Samba server to replace the Novell one.  The Samba
> server is configured as a Primary Domain Controller, and
> seems to be working fine.  We do not wish to use roaming
> profiles, so the profiles will be held locally on each PC.
>
> We wanted to test the migration of modifying the PC
> network clients to login to the new server, and have cloned
> a hard drive.  I haven?t played with this myself, but we?re
> unsure how to join the new domain, such that the existing
> profiles (eg desktop layout, applications, etc etc) are
> retained for each user.  When we simply change the PC
> properties to join the domain, we lose the users? settings.
> For example, if we have a user named Mike who is logging
> on to our new domain of scodomain, it creates a profile
> under ?My Documents & Settings? named mike.scodomain.
> There is already a profile named ?mike?.  Both users have
> administrative access on the PC.  We?ve tried creating and
> logging on as another administrative user then copying the
> contents of the profiles folder from mike to mike.scodomain
> (including hidden files), but we don?t get the settings that
> mike has.
>
> I?d really appreciate some pointers on this.  It must be easy
> (there again, it?s Microsoft?) I think we?ve looked at right-
> clicking on My Computer, Properties, User accounts,
> Profiles (or something like that) and copying profiles.  Also,
> the administrative tool in the Control Panel.
>
> David
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba


-- 
Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/