ForensiT Homepage
Forum Home Forum Home > ForensiT Support > Domain Migration
  Active Topics Active Topics RSS Feed: Move users to new AD keepin local profile
  FAQ FAQ  Forum Search   Calendar   Register Register  Login Login

Move users to new AD keepin local profile

 Post Reply Post Reply Page  12>
Author
Message
  Topic Search Topic Search  Topic Options Topic Options
OSIPR View Drop Down
Newbie
Newbie


Joined: 16 Aug 2018
Location: PR
Online Status: Offline
Posts: 4
  Quote OSIPR Quote  Post ReplyReply Direct Link To This Post Topic: Move users to new AD keepin local profile
    Posted: 16 Aug 2018 at 6:06pm
Hello,

I tried Forensit User Profile Wizard and it seems to be working. I still have doubts with some details:

    1) I have an old domain with the AD name corp.local and the netbios name CORP.
    2) I have a new domain with the AD name ad.corp.com and the netbios name CORP (the same netbios name as the old one)
    3) With the Active directory domain and trust other FQDN was created on the new AD, corp.com
    4) The reason for that domain to be added was because I'm using Azure AD Connect to synchronize the new on premise AD with Azure/Office365 AD (the old AD is not synchronized with Azure/Office365) and in Office365 the user accounts are jdoe@corp.com and not jdoe@ad.corp.com
    4) I'm going to move the users from AD copr.local to AD ad.corp.com but I want to keep the user's local profile located in C:\USERS
    5) I used Forenseit with a test account and it works.

Questions:

    1) At the AD after adding the users I went to properties, account tab and change the domain of the user logon name from @ad.corp.com to @corp.com. Since I want the users to end like jdoe@corp.com, What domain do I have to specify in the tool, ad.corp.com or corp.com?
    2) The computer already have the local user's profile for the old AD. Do I have to remove the computer from the old AD and add it to the new AD before using Forensit?
    3) Before using Forensit I noticed that after removing the computer from the old AD and adding the computer to the new AD after I log to the new AD two profile directories for the user were available. C:\Users\jdoe for the old AD and C:\Users\jdoe.CORP for the new AD. What directory is modify by Forensit? Which directory can I delete after using Forensit?
    4) Do I have to log with an account from the new AD before I can migrate the user? Can I use a local administrator account of the computer (not domain) to run the tool? Can I use the tool with the same user account to move his own profile? even if the user is not an administrator of the local computer?
    
Thanks!
Back to Top
OSIPR View Drop Down
Newbie
Newbie


Joined: 16 Aug 2018
Location: PR
Online Status: Offline
Posts: 4
  Quote OSIPR Quote  Post ReplyReply Direct Link To This Post Posted: 22 Aug 2018 at 2:20pm
Well I receive no responce to my questions so this is what I did:

1) Create user account on new AD
2) Create local admin account on computer
3) Remove computer from old domain
4) Log with local admin account and add computer to new domain
5) Log with local admin again and ran Forensit Profile Wizard
6) Reboot the computer and log as the new user

Everything seems to be working fine except that now Office365 Onedrive for business is not working. When a file is accesed directly there are permisisons errors and when the file is accessed with any Office application it keep asking for credentials.
Back to Top
jellybelly View Drop Down
Newbie
Newbie


Joined: 24 Sep 2018
Online Status: Offline
Posts: 6
  Quote jellybelly Quote  Post ReplyReply Direct Link To This Post Posted: 24 Sep 2018 at 12:57pm
I am stuck at this same spot. When the file is accessed with any Office application it keeps asking for credentials (2 times and then fails). Error message "Something went wrong. We weren't able to register your device and add your account to Windows. Your access to org resources may be limited."

I spent the last week trying different things to get the migration to work. I also tried changing the user's UserPrincipalName in AD from user@ad.example.com to user@example.com thinking this was the trick to making it work. I am not yet using AAD Connect but for what it's worth, I also read in AAD Connect documentation that AAD Connect uses the UPN to find matches in Azure and that the ImmutableID in Azure was a product of the UPN. So, I tried nullifying the value in ImmutableID in Azure via powershell, but this did not help either. I have contacted the support group and am hoping they will respond with a solution.
Back to Top
OSIPR View Drop Down
Newbie
Newbie


Joined: 16 Aug 2018
Location: PR
Online Status: Offline
Posts: 4
  Quote OSIPR Quote  Post ReplyReply Direct Link To This Post Posted: 24 Sep 2018 at 3:26pm
jellybelly you have to download this file:


Forensit is currently investigating the problem with Office365 authentication but if you use that file it will fix the problem.
Back to Top
jellybelly View Drop Down
Newbie
Newbie


Joined: 24 Sep 2018
Online Status: Offline
Posts: 6
  Quote jellybelly Quote  Post ReplyReply Direct Link To This Post Posted: 25 Sep 2018 at 7:17am
Any chance you can share what this executable does to fix the issue? If it makes a change in the Registry, I really need to know what that change was.
Thank you very much as it seems to fix the problem.
Back to Top
Support View Drop Down
Moderator Group
Moderator Group


Joined: 09 Nov 2006
Location: United Kingdom
Online Status: Offline
Posts: 1296
  Quote Support Quote  Post ReplyReply Direct Link To This Post Posted: 25 Sep 2018 at 12:58pm
Please keep in mind that this test utility fixes the majority of problems - but not all.

We still need more information, please tell us what build of Windows 10 you are using, and whether the machine is joined to Azure AD, etc.
Back to Top
jellybelly View Drop Down
Newbie
Newbie


Joined: 24 Sep 2018
Online Status: Offline
Posts: 6
  Quote jellybelly Quote  Post ReplyReply Direct Link To This Post Posted: 25 Sep 2018 at 1:14pm
Windows 10 Pro version 1803, build 17134.286.
The machine was NOT joined to Azure AD. It was in WORKGROUP prior to migration to our on-premise AD server. Thanks.
Back to Top
jellybelly View Drop Down
Newbie
Newbie


Joined: 24 Sep 2018
Online Status: Offline
Posts: 6
  Quote jellybelly Quote  Post ReplyReply Direct Link To This Post Posted: 26 Sep 2018 at 2:51pm
Well, unfortunately, I tried the fix with the very next user that was having the same exact problem and the problem persists. Is there anything else we can try so that the user is not prompted to login twice and then get the "Something went wrong..." error message? I have uninstalled/reinstalled Office, removed all office credentials from Credential Manager, removed the user's device from Azure with no luck in solving.

thanks

Edited by jellybelly - 26 Sep 2018 at 2:54pm
Back to Top
pimpfish View Drop Down
Newbie
Newbie


Joined: 25 Oct 2018
Online Status: Offline
Posts: 1
  Quote pimpfish Quote  Post ReplyReply Direct Link To This Post Posted: 25 Oct 2018 at 3:31pm
I'm bumping this post as I am having the same issue as Jellybelly.  I had a domain account and a local profile using O365 and the account was added as a "work school" account under the local profile.  Windows 10 obviously. 

I migrated the profile to the domain account, and got the hang that others have described at the first reboot (Preparing to set up apps).  I killed that, and rebooted again.  The login under the domain account showed the profile as normal.  I then experienced the annoying Outlook login loops.  I did both the suggested fixes here (running the file provided by Forensit and making the registry change proposed by another user).  That seems to have resolved.  However, I am completely unable to add or store the credentials for the O365 account.  I cannot "connect as work or school account" and get the "Something went wrong" error.

I've forced all logouts from the O365 side, and tried adding the account when and when not connected to my work/domain VPN.  Only think I haven't done is removed the machine from AD (we're using ADSync with a hosted domain server), as other posters said that didn't work.  The issue seems to be buried in the profile and something needs to be nuked to be able to reconnect to "work school". 
Back to Top
jellybelly View Drop Down
Newbie
Newbie


Joined: 24 Sep 2018
Online Status: Offline
Posts: 6
  Quote jellybelly Quote  Post ReplyReply Direct Link To This Post Posted: 26 Oct 2018 at 7:09am
Hi Pimpfish,
I found a way to make this work. Here is my situation and the steps we take for a successful migration... We were 'cloud first' using AzureAD and are now standing up an on-premise AD server so that we can use GPOs. All of our users have been connected to O365 with their work account for some time but their workstations are all in WORKGROUP.

The key to success is rebooting the user's workstation to get a 'fresh' session. Then navigate to Windows Settings > Account > Access work or school. Select account and disconnect.

Now migrate the user - I am using migrate.exe generated from forensit tool rather than the gui. If you do it this way, you must run as Administrator.

Let me know if you want more detail. I have documented all the steps... I never found a way to fix the workstation login loop. The utility supplied by Forensit was hit-or-miss. I wound up rebuilding the user's profile manually.

We have successfully migrated about 40 users so far.
Back to Top
 Post Reply Post Reply Page  12>

Forum Jump Forum Permissions View Drop Down



This page was generated in 0.031 seconds.