Move users to new AD keepin local profile

Message Topic Search Topic Options Post Reply Create New Topic Printable Version

   Hello,

I tried Forensit User Profile Wizard and it seems to be working. I still have doubts with some details:

    1) I have an old domain with the AD name corp.local and the netbios name CORP.
    2) I have a new domain with the AD name ad.corp.com and the netbios name CORP (the same netbios name as the old one)
    3) With the Active directory domain and trust other FQDN was created on the new AD, corp.com
    4) The reason for that domain to be added was because I'm using Azure AD Connect to synchronize the new on premise AD with Azure/Office365 AD (the old AD is not synchronized with Azure/Office365) and in Office365 the user accounts are jdoe@corp.com and not jdoe@ad.corp.com
    4) I'm going to move the users from AD copr.local to AD ad.corp.com but I want to keep the user's local profile located in C:\USERS 
    5) I used Forenseit with a test account and it works.

Questions:

    1) At the AD after adding the users I went to properties, account tab and 
change the domain of the user logon name from @ad.corp.com to @corp.com. Since I want the users to end like jdoe@corp.com, What domain do I have to specify in the tool, ad.corp.com or corp.com? 
    2) The computer already have the local user's profile for the old AD. Do I have to remove the computer from the old AD and add it to the new AD before using Forensit?
    3) Before using Forensit I noticed that after removing the computer from the old AD and adding the computer to the new AD after I log to the new AD two profile directories for the user were available. C:\Users\jdoe for the old AD and C:\Users\jdoe.CORP for the new AD. What directory is modify by Forensit? Which directory can I delete after using Forensit?
    4) Do I have to log with an account from the new AD before I can migrate the user? Can I use a local administrator account of the computer (not domain) to run the tool? Can I use the tool with the same user account to move his own profile? even if the user is not an administrator of the local computer?

Thanks! 

Author	Message Topic Search Topic Options Post Reply Create New Topic Printable Version
OSIPR Members Profile Send Private Message Find Members Posts Add to Buddy List Newbie Joined: 16 Aug 2018 Location: PR Online Status: Offline Posts: 4	Quote Reply Topic: Move users to new AD keepin local profile Posted: 16 Aug 2018 at 6:06pm
	Hello, I tried Forensit User Profile Wizard and it seems to be working. I still have doubts with some details: 1) I have an old domain with the AD name corp.local and the netbios name CORP. 2) I have a new domain with the AD name ad.corp.com and the netbios name CORP (the same netbios name as the old one) 3) With the Active directory domain and trust other FQDN was created on the new AD, corp.com 4) The reason for that domain to be added was because I'm using Azure AD Connect to synchronize the new on premise AD with Azure/Office365 AD (the old AD is not synchronized with Azure/Office365) and in Office365 the user accounts are jdoe@corp.com and not jdoe@ad.corp.com 4) I'm going to move the users from AD copr.local to AD ad.corp.com but I want to keep the user's local profile located in C:\USERS 5) I used Forenseit with a test account and it works. Questions: 1) At the AD after adding the users I went to properties, account tab and change the domain of the user logon name from @ad.corp.com to @corp.com. Since I want the users to end like jdoe@corp.com, What domain do I have to specify in the tool, ad.corp.com or corp.com? 2) The computer already have the local user's profile for the old AD. Do I have to remove the computer from the old AD and add it to the new AD before using Forensit? 3) Before using Forensit I noticed that after removing the computer from the old AD and adding the computer to the new AD after I log to the new AD two profile directories for the user were available. C:\Users\jdoe for the old AD and C:\Users\jdoe.CORP for the new AD. What directory is modify by Forensit? Which directory can I delete after using Forensit? 4) Do I have to log with an account from the new AD before I can migrate the user? Can I use a local administrator account of the computer (not domain) to run the tool? Can I use the tool with the same user account to move his own profile? even if the user is not an administrator of the local computer? Thanks!

OSIPR Members Profile Send Private Message Find Members Posts Add to Buddy List Newbie Joined: 16 Aug 2018 Location: PR Online Status: Offline Posts: 4	Quote Reply Posted: 22 Aug 2018 at 2:20pm
	Well I receive no responce to my questions so this is what I did: 1) Create user account on new AD 2) Create local admin account on computer 3) Remove computer from old domain 4) Log with local admin account and add computer to new domain 5) Log with local admin again and ran Forensit Profile Wizard 6) Reboot the computer and log as the new user Everything seems to be working fine except that now Office365 Onedrive for business is not working. When a file is accesed directly there are permisisons errors and when the file is accessed with any Office application it keep asking for credentials.

jellybelly Members Profile Send Private Message Find Members Posts Add to Buddy List Newbie Joined: 24 Sep 2018 Online Status: Offline Posts: 6	Quote Reply Posted: 24 Sep 2018 at 12:57pm
	I am stuck at this same spot. When the file is accessed with any Office application it keeps asking for credentials (2 times and then fails). Error message "Something went wrong. We weren't able to register your device and add your account to Windows. Your access to org resources may be limited." I spent the last week trying different things to get the migration to work. I also tried changing the user's UserPrincipalName in AD from user@ad.example.com to user@example.com thinking this was the trick to making it work. I am not yet using AAD Connect but for what it's worth, I also read in AAD Connect documentation that AAD Connect uses the UPN to find matches in Azure and that the ImmutableID in Azure was a product of the UPN. So, I tried nullifying the value in ImmutableID in Azure via powershell, but this did not help either. I have contacted the support group and am hoping they will respond with a solution.

OSIPR Members Profile Send Private Message Find Members Posts Add to Buddy List Newbie Joined: 16 Aug 2018 Location: PR Online Status: Offline Posts: 4	Quote Reply Posted: 24 Sep 2018 at 3:26pm
	jellybelly you have to download this file: https://www.ForensiT.com/Downloads/o365c1.zip Forensit is currently investigating the problem with Office365 authentication but if you use that file it will fix the problem.

jellybelly Members Profile Send Private Message Find Members Posts Add to Buddy List Newbie Joined: 24 Sep 2018 Online Status: Offline Posts: 6	Quote Reply Posted: 25 Sep 2018 at 7:17am
	Any chance you can share what this executable does to fix the issue? If it makes a change in the Registry, I really need to know what that change was. Thank you very much as it seems to fix the problem.

Support Members Profile Send Private Message Find Members Posts Visit Members Homepage Add to Buddy List Moderator Group Joined: 09 Nov 2006 Location: United Kingdom Online Status: Online Posts: 1318	Quote Reply Posted: 25 Sep 2018 at 12:58pm
	Please keep in mind that this test utility fixes the majority of problems - but not all. We still need more information, please tell us what build of Windows 10 you are using, and whether the machine is joined to Azure AD, etc.

jellybelly Members Profile Send Private Message Find Members Posts Add to Buddy List Newbie Joined: 24 Sep 2018 Online Status: Offline Posts: 6	Quote Reply Posted: 25 Sep 2018 at 1:14pm
	Windows 10 Pro version 1803, build 17134.286. The machine was NOT joined to Azure AD. It was in WORKGROUP prior to migration to our on-premise AD server. Thanks.

jellybelly Members Profile Send Private Message Find Members Posts Add to Buddy List Newbie Joined: 24 Sep 2018 Online Status: Offline Posts: 6	Quote Reply Posted: 26 Sep 2018 at 2:51pm
	Well, unfortunately, I tried the fix with the very next user that was having the same exact problem and the problem persists. Is there anything else we can try so that the user is not prompted to login twice and then get the "Something went wrong..." error message? I have uninstalled/reinstalled Office, removed all office credentials from Credential Manager, removed the user's device from Azure with no luck in solving. thanks Edited by jellybelly - 26 Sep 2018 at 2:54pm

pimpfish Members Profile Send Private Message Find Members Posts Add to Buddy List Newbie Joined: 25 Oct 2018 Online Status: Offline Posts: 1	Quote Reply Posted: 25 Oct 2018 at 3:31pm
	I'm bumping this post as I am having the same issue as Jellybelly. I had a domain account and a local profile using O365 and the account was added as a "work school" account under the local profile. Windows 10 obviously. I migrated the profile to the domain account, and got the hang that others have described at the first reboot (Preparing to set up apps). I killed that, and rebooted again. The login under the domain account showed the profile as normal. I then experienced the annoying Outlook login loops. I did both the suggested fixes here (running the file provided by Forensit and making the registry change proposed by another user). That seems to have resolved. However, I am completely unable to add or store the credentials for the O365 account. I cannot "connect as work or school account" and get the "Something went wrong" error. I've forced all logouts from the O365 side, and tried adding the account when and when not connected to my work/domain VPN. Only think I haven't done is removed the machine from AD (we're using ADSync with a hosted domain server), as other posters said that didn't work. The issue seems to be buried in the profile and something needs to be nuked to be able to reconnect to "work school".

jellybelly Members Profile Send Private Message Find Members Posts Add to Buddy List Newbie Joined: 24 Sep 2018 Online Status: Offline Posts: 6	Quote Reply Posted: 26 Oct 2018 at 7:09am
	Hi Pimpfish, I found a way to make this work. Here is my situation and the steps we take for a successful migration... We were 'cloud first' using AzureAD and are now standing up an on-premise AD server so that we can use GPOs. All of our users have been connected to O365 with their work account for some time but their workstations are all in WORKGROUP. The key to success is rebooting the user's workstation to get a 'fresh' session. Then navigate to Windows Settings > Account > Access work or school. Select account and disconnect. Now migrate the user - I am using migrate.exe generated from forensit tool rather than the gui. If you do it this way, you must run as Administrator. Let me know if you want more detail. I have documented all the steps... I never found a way to fix the workstation login loop. The utility supplied by Forensit was hit-or-miss. I wound up rebuilding the user's profile manually. We have successfully migrated about 40 users so far.