Print Page | Close Window

Using GPO to run logon script

Printed From: ForensiT
Category: ForensiT Support
Forum Name: Domain Migration
Forum Description: User Profile Wizard questions, suggestions, comments and bug reports
URL: https://forum.ForensiT.com/forum_posts.asp?TID=1027
Printed Date: 28 Mar 2024 at 6:35pm
Software Version: Web Wiz Forums 12.03 - http://www.webwizforums.com


Topic: Using GPO to run logon script
Posted By: hsofteng
Subject: Using GPO to run logon script
Date Posted: 26 Mar 2014 at 9:10am
Hi,
I'm trying to migrate all profiles on all pc's/laptop's to a new domain. I have followed the user guide and have created a vbs and config file - I've added all files to Group policy and told it to run the vbs file, but nothing seems to happen.

What am I doing wrong?



Replies:
Posted By: Support
Date Posted: 27 Mar 2014 at 3:18am
Hi,

The general guidelines are as follows:

1. Use a single deployment file rather than using separate migration files (Migrate.vbs, Profwiz.config, etc.)

2. Run the migration from a computer Group Policy not a user group policy. Because of this...

3. The migration will run under the SYSTEM account so make sure <LocalAdmin> and <LocalPwd> are blank in Profwiz.config


Posted By: hsofteng
Date Posted: 27 Mar 2014 at 5:39am
Thanks for this information - so apparently the script has now run but I'm still only seeing the original users - not users for the new domain. How can I tell if the script has run properly?


Posted By: hsofteng
Date Posted: 27 Mar 2014 at 6:57am
The log is showing the following..

Licensed to S***** Ltd (50 Seats) Serial No. 917F2A69
Copyright (c) 2002-2013 ForensiT Ltd
www.ForensiT.com

The migration service already exists.
Starting migration service... Done.
Machine is not joined to the OLDNAME domain.
Attempting to resolve user SID... Fails.
Attempting to resolve user SID... Fails.
Attempting to resolve user SID... Fails.
Attempting to resolve user SID... Fails.
Finding Domain Controller for domain NEW.domain... Done.
Using Domain Controller: \\server.NEW.domain.
Binding to Active Directory... Done.
Joining to domain "NEW.domain" ... Fails.
Error 1219. Multiple connections to a server or shared resource by the same user, using more than one user name, are not allowed. Disconnect all previous connections to the server or shared resource and try again.
No OLDNAME domain account profiles were found.
Migration Fails.


Posted By: Support
Date Posted: 27 Mar 2014 at 8:27am
The migration needs to be run from a Group Policy on the old domain.


Posted By: hsofteng
Date Posted: 27 Mar 2014 at 8:29am
I thought profwiz didn't need access to the old domain?!
I have the new server in a test environment with one laptop from the old domain - the old domain controller is not available.


Posted By: Support
Date Posted: 27 Mar 2014 at 9:26am
User Profile Wizard does not need access to the old domain to migrate the profile, but some deployment methods are more appropriate than others given different scenarios.

If you really want to use a Group Policy from the new domain, you will need to use a custom migration script. See the "EnumSIDs.vbs" script in the Sample Migration Scripts collection on the http://www.forensit.com/support-downloads.html - Support Downloads page. You will need to modify the script for your own environment - see the Readme file.


Posted By: hsofteng
Date Posted: 28 Mar 2014 at 7:18am
Ok, so I've edited the enumSIDs.vbs and put that in the startup script folder along with the .exe and the .config file.

This is what I now get from the log file

ForensiT User Profile Wizard v3.7.1190
Licensed to S***** Ltd (50 Seats) Serial No. 917F2A69
Copyright (c) 2002-2013 ForensiT Ltd
www.ForensiT.com

Creating migration service... Done.
Starting migration service... Done.
Machine is not joined to the oldname domain.
Finding Domain Controller for domain new.domain... Done.
Using Domain Controller: \\server.new.domain.
Binding to Active Directory... Done.
Joining to domain "new.domain" ... Fails.
Error 1219. Multiple connections to a server or shared resource by the same user, using more than one user name, are not allowed. Disconnect all previous connections to the server or shared resource and try again.
Migration Fails.


Posted By: Support
Date Posted: 31 Mar 2014 at 3:21am
The are two things that are immediately obvious from the log. Firstly, User Profile Wizard did not attempt to migrate any profiles, so you have either not configured your script correctly or not configured your Profwiz.config file correctly. (Is <All> set to true in Profwiz.config? It needs to be.)  Secondly, User Profile Wizard is trying to join the machine to the new domain. There is no need to do this - do you have <ForceJoin> set to 'True'? (It should not be.)


Posted By: hsofteng
Date Posted: 31 Mar 2014 at 3:54am
<all> is set to false in profwiz.config - as instructed by the readme.pdf about using EnumSIDs.vbs and yes I did have <ForceJoin> set to True but surely it would ignore that anyway if it was already joined to the domain?


Posted By: Support
Date Posted: 31 Mar 2014 at 4:58am
You are correct about the <All> setting - my apologies, I forgot about EnumSIDs.vbs. I suggest you try running your EnumSIDs.vbs directly (outside of a GPO) with some MsgBox commands to see what it is doing, because it didn't run correctly in the above log.

You are wrong about <ForceJoin> It means excatly that: force the machine to join the domain - even if it is joined.


Posted By: hsofteng
Date Posted: 31 Mar 2014 at 6:20am
OK, so I changed the <forcejoin> to false and changed the commands the vbs file was sending to the profwiz.config file which I hadn't realised it was sending..
and the log file now says this..

Creating migration service... Done.
Starting migration service... Done.
Machine is not joined to the KILCO domain.
Migration Complete!

Excellent I thought - job done, however I've still only got the old users - I must still be missing something. Do I need to allow it to copyprofiles?


Posted By: Support
Date Posted: 31 Mar 2014 at 6:55am
No profiles are being migrated. You need to debug the migration script to find out why it is not calling Profwiz.exe to migrate any profiles.


Posted By: hsofteng
Date Posted: 31 Mar 2014 at 6:58am
I didn't think it was calling the migration script at all anymore as it is calling the enumSIDs script instead which did run profwiz.exe but I'm not sure if profwiz calls the .config file?


Posted By: Support
Date Posted: 31 Mar 2014 at 10:38am
The enumSIDs script is the migration script. It is the script that calls Profwiz.exe to migrate the profiles.

I've checked and you have maintenance and support. You can email us directly at support@forensit.com. Please send your migration files (rename them with a .txt extension) and we can take a look.



Print Page | Close Window

Forum Software by Web Wiz Forums® version 12.03 - http://www.webwizforums.com
Copyright ©2001-2019 Web Wiz Ltd. - https://www.webwiz.net