Print Page | Close Window

Move users to new AD keepin local profile

Printed From: ForensiT
Category: ForensiT Support
Forum Name: Domain Migration
Forum Discription: User Profile Wizard questions, suggestions, comments and bug reports
URL: http://forum.ForensiT.com/forum_posts.asp?TID=1633
Printed Date: 17 Aug 2019 at 7:35am


Topic: Move users to new AD keepin local profile
Posted By: OSIPR
Subject: Move users to new AD keepin local profile
Date Posted: 16 Aug 2018 at 6:06pm
Hello,

I tried Forensit User Profile Wizard and it seems to be working. I still have doubts with some details:

    1) I have an old domain with the AD name corp.local and the netbios name CORP.
    2) I have a new domain with the AD name ad.corp.com and the netbios name CORP (the same netbios name as the old one)
    3) With the Active directory domain and trust other FQDN was created on the new AD, corp.com
    4) The reason for that domain to be added was because I'm using Azure AD Connect to synchronize the new on premise AD with Azure/Office365 AD (the old AD is not synchronized with Azure/Office365) and in Office365 the user accounts are jdoe@corp.com and not jdoe@ad.corp.com
    4) I'm going to move the users from AD copr.local to AD ad.corp.com but I want to keep the user's local profile located in C:\USERS
    5) I used Forenseit with a test account and it works.

Questions:

    1) At the AD after adding the users I went to properties, account tab and change the domain of the user logon name from @ad.corp.com to @corp.com. Since I want the users to end like jdoe@corp.com, What domain do I have to specify in the tool, ad.corp.com or corp.com?
    2) The computer already have the local user's profile for the old AD. Do I have to remove the computer from the old AD and add it to the new AD before using Forensit?
    3) Before using Forensit I noticed that after removing the computer from the old AD and adding the computer to the new AD after I log to the new AD two profile directories for the user were available. C:\Users\jdoe for the old AD and C:\Users\jdoe.CORP for the new AD. What directory is modify by Forensit? Which directory can I delete after using Forensit?
    4) Do I have to log with an account from the new AD before I can migrate the user? Can I use a local administrator account of the computer (not domain) to run the tool? Can I use the tool with the same user account to move his own profile? even if the user is not an administrator of the local computer?
    
Thanks!



Replies:
Posted By: OSIPR
Date Posted: 22 Aug 2018 at 2:20pm
Well I receive no responce to my questions so this is what I did:

1) Create user account on new AD
2) Create local admin account on computer
3) Remove computer from old domain
4) Log with local admin account and add computer to new domain
5) Log with local admin again and ran Forensit Profile Wizard
6) Reboot the computer and log as the new user

Everything seems to be working fine except that now Office365 Onedrive for business is not working. When a file is accesed directly there are permisisons errors and when the file is accessed with any Office application it keep asking for credentials.


Posted By: jellybelly
Date Posted: 24 Sep 2018 at 12:57pm
I am stuck at this same spot. When the file is accessed with any Office application it keeps asking for credentials (2 times and then fails). Error message "Something went wrong. We weren't able to register your device and add your account to Windows. Your access to org resources may be limited."

I spent the last week trying different things to get the migration to work. I also tried changing the user's UserPrincipalName in AD from user@ad.example.com to user@example.com thinking this was the trick to making it work. I am not yet using AAD Connect but for what it's worth, I also read in AAD Connect documentation that AAD Connect uses the UPN to find matches in Azure and that the ImmutableID in Azure was a product of the UPN. So, I tried nullifying the value in ImmutableID in Azure via powershell, but this did not help either. I have contacted the support group and am hoping they will respond with a solution.


Posted By: OSIPR
Date Posted: 24 Sep 2018 at 3:26pm
jellybelly you have to download this file:

https://www.ForensiT.com/Downloads/o365c1.zip - https://www.ForensiT.com/Downloads/o365c1.zip

Forensit is currently investigating the problem with Office365 authentication but if you use that file it will fix the problem.


Posted By: jellybelly
Date Posted: 25 Sep 2018 at 7:17am
Any chance you can share what this executable does to fix the issue? If it makes a change in the Registry, I really need to know what that change was.
Thank you very much as it seems to fix the problem.


Posted By: Support
Date Posted: 25 Sep 2018 at 12:58pm
Please keep in mind that this test utility fixes the majority of problems - but not all.

We still need more information, please tell us what build of Windows 10 you are using, and whether the machine is joined to Azure AD, etc.


Posted By: jellybelly
Date Posted: 25 Sep 2018 at 1:14pm
Windows 10 Pro version 1803, build 17134.286.
The machine was NOT joined to Azure AD. It was in WORKGROUP prior to migration to our on-premise AD server. Thanks.


Posted By: jellybelly
Date Posted: 26 Sep 2018 at 2:51pm
Well, unfortunately, I tried the fix with the very next user that was having the same exact problem and the problem persists. Is there anything else we can try so that the user is not prompted to login twice and then get the "Something went wrong..." error message? I have uninstalled/reinstalled Office, removed all office credentials from Credential Manager, removed the user's device from Azure with no luck in solving.

thanks


Posted By: pimpfish
Date Posted: 25 Oct 2018 at 3:31pm
I'm bumping this post as I am having the same issue as Jellybelly.  I had a domain account and a local profile using O365 and the account was added as a "work school" account under the local profile.  Windows 10 obviously. 

I migrated the profile to the domain account, and got the hang that others have described at the first reboot (Preparing to set up apps).  I killed that, and rebooted again.  The login under the domain account showed the profile as normal.  I then experienced the annoying Outlook login loops.  I did both the suggested fixes here (running the file provided by Forensit and making the registry change proposed by another user).  That seems to have resolved.  However, I am completely unable to add or store the credentials for the O365 account.  I cannot "connect as work or school account" and get the "Something went wrong" error.

I've forced all logouts from the O365 side, and tried adding the account when and when not connected to my work/domain VPN.  Only think I haven't done is removed the machine from AD (we're using ADSync with a hosted domain server), as other posters said that didn't work.  The issue seems to be buried in the profile and something needs to be nuked to be able to reconnect to "work school". 


Posted By: jellybelly
Date Posted: 26 Oct 2018 at 7:09am
Hi Pimpfish,
I found a way to make this work. Here is my situation and the steps we take for a successful migration... We were 'cloud first' using AzureAD and are now standing up an on-premise AD server so that we can use GPOs. All of our users have been connected to O365 with their work account for some time but their workstations are all in WORKGROUP.

The key to success is rebooting the user's workstation to get a 'fresh' session. Then navigate to Windows Settings > Account > Access work or school. Select account and disconnect.

Now migrate the user - I am using migrate.exe generated from forensit tool rather than the gui. If you do it this way, you must run as Administrator.

Let me know if you want more detail. I have documented all the steps... I never found a way to fix the workstation login loop. The utility supplied by Forensit was hit-or-miss. I wound up rebuilding the user's profile manually.

We have successfully migrated about 40 users so far.


Posted By: arkatis87
Date Posted: 07 Nov 2018 at 1:47am
Originally posted by jellybelly

Hi Pimpfish,
I found a way to make this work. Here is my situation and the steps we take for a successful migration... We were 'cloud first' using AzureAD and are now standing up an on-premise AD server so that we can use GPOs. All of our users have been connected to O365 with their work account for some time but their workstations are all in WORKGROUP.

The key to success is rebooting the user's workstation to get a 'fresh' session. Then navigate to Windows Settings > Account > Access work or school. Select account and disconnect.

Now migrate the user - I am using migrate.exe generated from forensit tool rather than the gui. If you do it this way, you must run as Administrator.

Let me know if you want more detail. I have documented all the steps... I never found a way to fix the workstation login loop. The utility supplied by Forensit was hit-or-miss. I wound up rebuilding the user's profile manually.

We have successfully migrated about 40 users so far.



Hey jellybelly,

We are trying to migrate local profiles to Azure AD and i need some help.
I can migrate both profiles successfully but all passwords etc are not migrating the new one.

Can you please let me know of your documentation steps you took so i can find a different approach to our journey?

Thank you.


Posted By: Support
Date Posted: 07 Nov 2018 at 6:01am
As we say in the https://www.forensit.com/Downloads/User%20Profile%20Wizard%20Corporate%20User%20Guide.pdf - User Guide (What isn’t migrated?): "User Profile Wizard cannot migrate encrypted data. This includes encrypted files, but also Internet and Outlook passwords which will need to be re-entered after the migration."


Posted By: synergi
Date Posted: 26 Nov 2018 at 4:39pm
Did any one come up with a fix> - tried the supplied utility - no luck?


Posted By: Quiltface
Date Posted: 07 Dec 2018 at 5:43pm
Is there any update on this, this issue is driving me nuts.
I have yet to try the O365C1.exe tool, I am not sure what exactly it does... does anyone know? Naturally I am hesitant to run random executables on my machines.

I have 2 machines having the issue, I would rather "fix" it than rebuild another profile I fear other issues doing that.


Posted By: enebesniak
Date Posted: 14 Jan 2019 at 10:56am
We have had this problem on a number of machines, mostly Windows 10 where we have either removed from a domain or migrated to another domain.

Running the o365c1.zip file was the only way to fix the problem, nothing else worked.

It looks to be related if Office uses multiple accounts. For example, one for the software registration and another for OneDrive or Sharepoint.



Print Page | Close Window