ForensiT Homepage
Forum Home Forum Home > ForensiT Support > Domain Migration
  Active Topics Active Topics
  FAQ FAQ  Forum Search   Calendar   Register Register  Login Login

Using GPO to run logon script

 Post Reply Post Reply Page  12>
Author
Message Reverse Sort Order
  Topic Search Topic Search  Topic Options Topic Options
Support View Drop Down
Moderator Group
Moderator Group


Joined: 09 Nov 2006
Location: United Kingdom
Online Status: Offline
Posts: 1341
  Quote Support Quote  Post ReplyReply Direct Link To This Post Topic: Using GPO to run logon script
    Posted: 31 Mar 2014 at 10:38am
The enumSIDs script is the migration script. It is the script that calls Profwiz.exe to migrate the profiles.

I've checked and you have maintenance and support. You can email us directly at support@forensit.com. Please send your migration files (rename them with a .txt extension) and we can take a look.
Back to Top
hsofteng View Drop Down
Newbie
Newbie


Joined: 26 Mar 2014
Online Status: Offline
Posts: 8
  Quote hsofteng Quote  Post ReplyReply Direct Link To This Post Posted: 31 Mar 2014 at 6:58am
I didn't think it was calling the migration script at all anymore as it is calling the enumSIDs script instead which did run profwiz.exe but I'm not sure if profwiz calls the .config file?
Back to Top
Support View Drop Down
Moderator Group
Moderator Group


Joined: 09 Nov 2006
Location: United Kingdom
Online Status: Offline
Posts: 1341
  Quote Support Quote  Post ReplyReply Direct Link To This Post Posted: 31 Mar 2014 at 6:55am
No profiles are being migrated. You need to debug the migration script to find out why it is not calling Profwiz.exe to migrate any profiles.
Back to Top
hsofteng View Drop Down
Newbie
Newbie


Joined: 26 Mar 2014
Online Status: Offline
Posts: 8
  Quote hsofteng Quote  Post ReplyReply Direct Link To This Post Posted: 31 Mar 2014 at 6:20am
OK, so I changed the <forcejoin> to false and changed the commands the vbs file was sending to the profwiz.config file which I hadn't realised it was sending..
and the log file now says this..

Creating migration service... Done.
Starting migration service... Done.
Machine is not joined to the KILCO domain.
Migration Complete!

Excellent I thought - job done, however I've still only got the old users - I must still be missing something. Do I need to allow it to copyprofiles?
Back to Top
Support View Drop Down
Moderator Group
Moderator Group


Joined: 09 Nov 2006
Location: United Kingdom
Online Status: Offline
Posts: 1341
  Quote Support Quote  Post ReplyReply Direct Link To This Post Posted: 31 Mar 2014 at 4:58am
You are correct about the <All> setting - my apologies, I forgot about EnumSIDs.vbs. I suggest you try running your EnumSIDs.vbs directly (outside of a GPO) with some MsgBox commands to see what it is doing, because it didn't run correctly in the above log.

You are wrong about <ForceJoin> It means excatly that: force the machine to join the domain - even if it is joined.
Back to Top
hsofteng View Drop Down
Newbie
Newbie


Joined: 26 Mar 2014
Online Status: Offline
Posts: 8
  Quote hsofteng Quote  Post ReplyReply Direct Link To This Post Posted: 31 Mar 2014 at 3:54am
<all> is set to false in profwiz.config - as instructed by the readme.pdf about using EnumSIDs.vbs and yes I did have <ForceJoin> set to True but surely it would ignore that anyway if it was already joined to the domain?
Back to Top
Support View Drop Down
Moderator Group
Moderator Group


Joined: 09 Nov 2006
Location: United Kingdom
Online Status: Offline
Posts: 1341
  Quote Support Quote  Post ReplyReply Direct Link To This Post Posted: 31 Mar 2014 at 3:21am
The are two things that are immediately obvious from the log. Firstly, User Profile Wizard did not attempt to migrate any profiles, so you have either not configured your script correctly or not configured your Profwiz.config file correctly. (Is <All> set to true in Profwiz.config? It needs to be.)  Secondly, User Profile Wizard is trying to join the machine to the new domain. There is no need to do this - do you have <ForceJoin> set to 'True'? (It should not be.)
Back to Top
hsofteng View Drop Down
Newbie
Newbie


Joined: 26 Mar 2014
Online Status: Offline
Posts: 8
  Quote hsofteng Quote  Post ReplyReply Direct Link To This Post Posted: 28 Mar 2014 at 7:18am
Ok, so I've edited the enumSIDs.vbs and put that in the startup script folder along with the .exe and the .config file.

This is what I now get from the log file

ForensiT User Profile Wizard v3.7.1190
Licensed to S***** Ltd (50 Seats) Serial No. 917F2A69
Copyright (c) 2002-2013 ForensiT Ltd
www.ForensiT.com

Creating migration service... Done.
Starting migration service... Done.
Machine is not joined to the oldname domain.
Finding Domain Controller for domain new.domain... Done.
Using Domain Controller: \\server.new.domain.
Binding to Active Directory... Done.
Joining to domain "new.domain" ... Fails.
Error 1219. Multiple connections to a server or shared resource by the same user, using more than one user name, are not allowed. Disconnect all previous connections to the server or shared resource and try again.
Migration Fails.
Back to Top
Support View Drop Down
Moderator Group
Moderator Group


Joined: 09 Nov 2006
Location: United Kingdom
Online Status: Offline
Posts: 1341
  Quote Support Quote  Post ReplyReply Direct Link To This Post Posted: 27 Mar 2014 at 9:26am
User Profile Wizard does not need access to the old domain to migrate the profile, but some deployment methods are more appropriate than others given different scenarios.

If you really want to use a Group Policy from the new domain, you will need to use a custom migration script. See the "EnumSIDs.vbs" script in the Sample Migration Scripts collection on the Support Downloads page. You will need to modify the script for your own environment - see the Readme file.
Back to Top
hsofteng View Drop Down
Newbie
Newbie


Joined: 26 Mar 2014
Online Status: Offline
Posts: 8
  Quote hsofteng Quote  Post ReplyReply Direct Link To This Post Posted: 27 Mar 2014 at 8:29am
I thought profwiz didn't need access to the old domain?!
I have the new server in a test environment with one laptop from the old domain - the old domain controller is not available.
Back to Top
 Post Reply Post Reply Page  12>

Forum Jump Forum Permissions View Drop Down



This page was generated in 0.031 seconds.