ForensiT Homepage
Forum Home Forum Home > ForensiT Support > Domain Migration
  New Posts New Posts RSS Feed - Transfer back to dormant/deleted domain account
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

Transfer back to dormant/deleted domain account

 Post Reply Post Reply
Author
Message
polarcat View Drop Down
Newbie
Newbie


Joined: 16 Feb 2023
Status: Offline
Points: 4
Post Options Post Options   Thanks (0) Thanks(0)   Quote polarcat Quote  Post ReplyReply Direct Link To This Post Topic: Transfer back to dormant/deleted domain account
    Posted: 16 Feb 2023 at 4:17pm
I have used ProfWiz to migrate a dormant domain account (domainname\username) to a local account (WORKSTATION\newusername). Unfortunately, all the data of the former account (85 GB) are sitting in the Windows CSC folder, which contains the offline files all in encrypted format (EFS). When trying to open them as the new local user, I get "Access denied" errors. As far as I understand, the only way to access the CSC folder is to login as the former user. How can I login into the old domain account?

I tried selecting the old profile (using its SID, i.e., not the new local account) in ProfWiz and recreate the account, but the computer is not on the domain and cannot access the old domain controller, hence this did not work.
Back to Top
Support View Drop Down
Moderator Group
Moderator Group


Joined: 09 Nov 2006
Location: United Kingdom
Status: Offline
Points: 1844
Post Options Post Options   Thanks (0) Thanks(0)   Quote Support Quote  Post ReplyReply Direct Link To This Post Posted: 17 Feb 2023 at 9:39am
Hi, 

If this is a Redirected folder, the original content will still be on the server, but obviously if it has not sync'd recently, there will be a delta. 

You could sign in as Admin and give youself access to the CSC folder, but if the files are encrypted this won't help unfortunately. As we say in the User Guide, “User Profile Wizard cannot migrate encrypted data. This includes encrypted files, but also Internet and Outlook passwords which will need to be re-entered after the migration.” (What isn’t migrated? Page 105.)

If the computer could access the old DC, you would be able to migrate the profile back to the old account, join the computer to the old domain, log on with the old account and copy the data.

Support
Back to Top
polarcat View Drop Down
Newbie
Newbie


Joined: 16 Feb 2023
Status: Offline
Points: 4
Post Options Post Options   Thanks (0) Thanks(0)   Quote polarcat Quote  Post ReplyReply Direct Link To This Post Posted: 17 Feb 2023 at 9:56am
It is a redirected folder, but the old (network) user account has been deleted and the computer has been off the domain for years. The account only existed on the local computer, and the files only exist in the (encrypted) CSC folder (unsynced).
I read that the profile wizard cannot migrate encrypted data. The rest of the hard drive is not encrypted. Unfortunately, I did not realise that the files in the CSC folder were encrypted until after the migration. The migration was an attempt to "normalise" the situation.
Like I wrote, the computer cannot access the old domain and the user account does not exist on the domain anymore anyway.
Since the login worked before the migration as a local account (with domainname/username as login details), I was hoping that there would be way to revert back to this previous situation. Is there some way of doing this (even if it involved changing settings "manually")?

Back to Top
Support View Drop Down
Moderator Group
Moderator Group


Joined: 09 Nov 2006
Location: United Kingdom
Status: Offline
Points: 1844
Post Options Post Options   Thanks (0) Thanks(0)   Quote Support Quote  Post ReplyReply Direct Link To This Post Posted: 17 Feb 2023 at 10:43am
Is the computer still joined to the old domain?

Edited by Support - 17 Feb 2023 at 10:45am
Back to Top
polarcat View Drop Down
Newbie
Newbie


Joined: 16 Feb 2023
Status: Offline
Points: 4
Post Options Post Options   Thanks (0) Thanks(0)   Quote polarcat Quote  Post ReplyReply Direct Link To This Post Posted: 17 Feb 2023 at 11:50am
No, it cannot access the old domain. Before the migration, it just used the cached logon details (domainname\username) without connection to the domain.

Like I wrote, trying to use ProfWiz to revert back to the cached logon details fails because ProfWiz is unable to find the domain.

My question was how I can revert back to the previous situation, i.e., logging in with the old (pre-migration) details (with domainname\username as login details). I'd be happy if this could be done manually (i.e., without ProfWiz), presumably by changing the registry?

Many thanks.
Back to Top
Support View Drop Down
Moderator Group
Moderator Group


Joined: 09 Nov 2006
Location: United Kingdom
Status: Offline
Points: 1844
Post Options Post Options   Thanks (0) Thanks(0)   Quote Support Quote  Post ReplyReply Direct Link To This Post Posted: 14 Mar 2023 at 2:38pm
Hi, 

I know you have been discussing this with support via a ticket, just to respond to this here, in order to migrate a profile to a domain account, User Profile Wizard will need to communicate with a domain controller in the target domain where the account is located. There is no way around this. 

Many thanks.

Support
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down

Forum Software by Web Wiz Forums® version 12.03
Copyright ©2001-2019 Web Wiz Ltd.

This page was generated in 0.074 seconds.