I am performing a migration from one Windows 2003 Forest containing one
domain to another Windows 2003 Forest containing one domain. (This is due to
business restructuring). I am testing the migration using VMWare ESX server
with both Forests on the same virtual switch. All the DCs are running Server
2003 R2 SP2. The Domains and Forests are both running in Windows Server 2003
operating mode.
I am using ADMT 3 and the first few parts of the migration were successful,
but I have had problems migrating the local user profiles. The current domain
does not use roaming profiles, they are all local to the machine.
Steps performed so far:
1) Installed the DCs, File and Print server, Exchange and SQL server to
mimic the existing domain.
2) Installed the DCs for the new domain (I want to test the basic migration
before I look at Exchange etc).
3) Configured the OU structure, group policies, login scripts etc in both
domains to mimic the old one.
4) Created a two-way trust between the domains and turned off SID filtering
in both directions with netdom.
5) I have successfully migrated several groups.
6) I have successfully migrated several user accounts, including their
passwords.
7) I have successfully migrated several workstation machines.
However, I am having problems with the user profiles.
The scenario is that I have a workstation that is a member of olddomain. I
have logged into that computer as user1 who is a member of olddomain. When I
look at the permissions on that profile in c:\documents and settings,
user1@olddomain.com has permissions.
I then restart the machine so the user profile is not in use.
I migrate the user account to newdomain.
I migrate the computer account to newdomain. On the ‘translate objects’
screen I chose to translate all options including user profiles.
After the machine restarts, I log in as the local administrator (not the
domain user) and check the permissions on the user profile in c:\documents
and settings. It has changed from user1@olddomain.com to user1@newdomain.com
Up until here, everything looks okay. Unfortunately, when I log into the PC
as the domain user, and select the domain as newdomain, I receive a new user
profile. i.e. I do not receive the settings from the old user profile, I
receive a brand new profile. When I look in c:\documents and settings, I see
2 relevant profiles - user1 and user1.newdomain (there is no user1.olddomain
folder - before the migration, I would log in and receive the profile just
called user1).
I tried the process for a different workstation and user, thinking that I
did something wrong. I migrated this second workstation this time choosing
none of the options on the ‘translate objects’ screen. I did not log in as
the second domain user, but tried security translation wizard before
attempting login again.
In ADMT, I ran the Security Translation Wizard for the second workstation. I
chose to translate all options, including the user profile. Unfortunately
when I logged in as user2 into newdomain, I again received a new profile.
Again when I look in c:\documents and settings I see 2 relevant entries -
user2 and user2.newdomain. The permissions on both are set to
user2@newdomain.com (the permissions do not mention user2@olddomain.com).
Thank you for any help you can offer.
Bookmarks