Print Page | Close Window

AD User to Local User newbie questions

Printed From: ForensiT
Category: ForensiT Support
Forum Name: Domain Migration
Forum Description: User Profile Wizard questions, suggestions, comments and bug reports
URL: https://forum.ForensiT.com/forum_posts.asp?TID=2035
Printed Date: 30 Jul 2021 at 8:29am
Software Version: Web Wiz Forums 12.03 - http://www.webwizforums.com


Topic: AD User to Local User newbie questions
Posted By: zoogz
Subject: AD User to Local User newbie questions
Date Posted: 12 Apr 2021 at 2:20am
I am tasked with replacing an old Windows Server (SBS 2008) with a Synology NAS for file sharing and a new router for DHCP etc. We have several computers that are tied to the domain and log in as domain users.

I need to convert the 3-4 domain users on each computer into local users so they can be freed from the server. I will sync the user folders to the NAS using Synology's sync software.

I am not experienced with servers and domain users and I am a bit trepidatious about this process. Someone pointed me to ForensIT software, gave it rave reviews.

My Questions:

1) What happens to the domain user account/data when you run this software - is it "converted" to a local account, or is a COPY made of it as a local user?

2) Should the computer be removed from the domain before running the software, or does it not matter?

3) What else do I need to know about this process? Is there any danger that user data, applications, passwords/settings, etc will be lost or damaged?

Thank you, my apologies for being such a bonehead about this. 



Replies:
Posted By: Support
Date Posted: 12 Apr 2021 at 9:31am
1. By default, User Profile Wizard does not move, copy or delete any data. Instead it configures the existing profile (the data under C:\Users\username) “in place” so that it can be used by the user’s new local account. The new local user account must already exist on the machine.

2. It doesn’t really matter, but we advise that you should not remove the machine from the old domain first. User Profile Wizard can do this for you.

3. Because no data is moved, the process is very safe and you are not in danger of losing any data. However, you need to be aware that User Profile Wizard cannot migrate encrypted data. This includes encrypted files, but also Internet and Outlook passwords which will need to be re-entered after the migration.



Posted By: zoogz
Date Posted: 13 Apr 2021 at 2:08am
So for each domain user I first need to create a local user profile in Windows 10 settings with username & password and let windows set it up with default folders (desktop, documents, pictures, etc)?

Then I run User Profile Wizard, which I understand can configure all accounts at once, but I think I read in another topic here that it is better/safer to run them one at a time?

Lastly - while I am very happy to support ForensIT by purchasing the full premium product, for my stated purpose do I need more than the free version? If that is all I need, I would gratefully make a freeware donation if possible.

Thanks for your quick and concise responses!


Posted By: Support
Date Posted: 13 Apr 2021 at 1:12pm
You need to create a new local user account, but do not sign-in with that account and let Windows set up a new profile. Just run User Profile Wizard to assign the original profile to the new user account.

If you only have a small number of computers to migrate, the free Personal Edition of User Profile Wizard could well meet your needs. The only downside of using the Personal Edition when migrating a small number of users, is that it does not rename the profile folder. However, if your new local user names will be the same as your current account names, this is not an issue. 


Posted By: zoogz
Date Posted: 13 Apr 2021 at 4:02pm
I just re-read your original response that User Profile Wizard configures the new local user profile to use the data in the AD user profile, and that no data is actually copied, moved, or deleted.

Does this mean that the local user account is going to be "linked" to the data in the AD user profile? So both the AD and Local user accounts are sharing the same data, and any changes made to one (e.g. add new files to desktop folder, or edit a spreadsheet in documents folder, download new files) will also appear in the other?

Does this mean that even if you are "converting" a number of AD profiles to Local profiles on a single device, you dont really need much free disk space because you are not doubling up the data?

Finally - once you detach the device from the domain (which you say UPW can actually perform) then can the domain profiles be deleted or do they remain invisible? What would user see when at the log-in screen?



Posted By: Support
Date Posted: 14 Apr 2021 at 10:20am
No. Nothing is "linked" and nothing is shared. The original profile is migrated to the new user account. If you sign-in with the original (domain) user account, Windows will create a new/blank profile for that user account.


Posted By: zoogz
Date Posted: 14 Apr 2021 at 2:42pm
OK - I get it. It is like the data is "re-assigned" to the new user account.

So everything gets transferred - data, settings, passwords, shortcuts, etc?

Thanks so much for patiently answering all my newbie questions. Especially since I only have three computers each with the same 4-5 profiles so I will probably use the free version. So glad I found ForensIT!


Posted By: Support
Date Posted: 14 Apr 2021 at 3:38pm
The data is re-assigned, as you say. 

Unfortunately, User Profile Wizard cannot migrate encrypted data. This includes encrypted files, but also Internet and Outlook passwords which will need to be re-entered after the migration.


Posted By: zoogz
Date Posted: 19 Apr 2021 at 7:11pm
Sorry to ask yet another question...

The user profiles on the computers we need to migrate to local users... they use REDIRECTED FOLDERS not roaming profiles. Desktop, Documents, Pictures, Video, and Music folders.

Does that make a difference when using your software? 

I am still a little confused about what happens to the data. It stays in place on the hard drive in the AD Domain User's profile... but the new local account now has access to it? Once the migration is complete, do I just disconnect from the Domain by changing computer name, and then the domain accounts just disappear and all I am left with are the local user accounts, with all their data, programs, shortcuts, settings etc still intact?

I will be using OneDrive to redirect the user folders from the local accounts. Shared Folders on the Server will be moved to a NAS.

Just trying to troubleshoot any potential pitfalls before I take on this job this Saturday.

Thanks again for your patience and explanations.


Posted By: Support
Date Posted: 20 Apr 2021 at 9:41am
Redirected folders make a huge difference!

User Profile Wizard migrates redirected folder settings unchanged. This means that the user will most likely lose access to all their redirected data after the migration.

You should disable Folder Redirection before migrating the profile. If redirected folders are set using a Group Policy, you have the option to redirect back to the local profile and move the contents.


Posted By: zoogz
Date Posted: 24 Apr 2021 at 12:35am
I think I understand. I am going to migrate profiles tomorrow (Saturday).

I figured out where to disable Folder Redirection in Group Policy. In User Configuration, Policy Removal is set to "Redirect Folders back to Local User Profile location when policy is removed."

I assume this is the correct setting to use, and then turn off Redirection by changing "Setting" in the "Target" tab to "Not Configured". Then I should log into each user account on each computer so the new policy can be applied. (I have synced all offline folders, not sure if that will help in this scenario?)

Then I should run User Profile Wizard on each computer? 



Print Page | Close Window

Forum Software by Web Wiz Forums® version 12.03 - http://www.webwizforums.com
Copyright ©2001-2019 Web Wiz Ltd. - https://www.webwiz.net