Hi,
I am trying to plan a migration of approximately 160 PC's from a
workgroup environment to using Samba (3.0.14a) as a PDC (on AIX 4.3, to
be 5.3 in near future).
They will NOT be using roaming profiles, as this is not appropriate for
the client.
Joining the machine to the domain, logging in works, everything's cool.
These computers were all in a workgroup previously and had a local user
set up for them to use. After joining the domain and logging into the
domain, they get a "default" desktop. Appropriately so, as they are a
different user than the "local" one that they used to use on the
computer.
Browsing the local hard disk, I can see that there is a "keith" user
that is a local user. There is also a "keith.<domain>" user,
which is
obviously the user for the domain.
I have a couple of questions.
1. When the user on a PC (eg: XP SP2) logs on into the domain the first
time, how does Windows know what kind of "Default Profile" to create
for
the user? I assume that it comes from the Samba server.
On the Samba Server, I have done a
net rpc group addmem Administrators "DOM\Keith"
When Keith logs into a PC, is that what is giving him Domain
Administrator rights? What if he belongs to multiple groups? What
"group wins" for his default group? The one with the highest rights?
His default Unix group?
2. We want to copy the enviroment (Desktop, Bookmarks, My Documents,
etc) of the local user to the new Domain User. Remember, we are not
using roaming profiles. We can do that using "System Properties->User
Profiles->Copy To". Is this the "BEST" way to accommplish
this? Is it
going to affect the rights assigned from the Primary Domain
Controller? (because it's being done as the local administrator, in
theory it might have "permission" to do this.
3. Just a "shot in the dark", is there any way to share the profile
between a local user and the domain user? I can't imagine so, given
permission problems and everything.
Everything needs to be done "RIGHT", as someone has to walk around to
every PC to do this, and we only want to have to do that once! :-)
(and yes, they are turning on Remote Desktop at the same time ;-) ).
In the Samba3-HOWTO.pdf, I found:
> 26.2.5.3 moveuser.exe
> The Windows 200x professional resource kit has moveuser.exe. moveuser.exe
> changes the security of a profile from one user to another. This
> allows the
> account domain to change and/or the username to change.
> This command is like the Samba profiles tool.
I'm a bit confused... would this sequence of events work?
1. Log in as the local administrator
2. Join PC to the domain
3. Use the "moveuser.exe" to change the local profile for
"keith" to be
the profile for the domain user "keith"
4. Delete the local user "keith"
Could it be that simple?
Unfortunately I'm about 4000 km away from the server & any PC's
right
now, and have to walk "unskilled" people through any testing, so I
can't
really test & experiment too much on my own.
Also, I'm trying to find the "RIGHT" way to do this, rather than
just a
way that "WORKS".
Thanks for any assistance!
Cheers,
Steve Williams