Windows Server : Rejoining new domain with same name, keeping profiles

Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.

zecas

New Member
Dec 6, 2019
27
0
1
Hi,

Quick Intentions: Re-join a new domain in a new DC server, which has same domain name and at the same time keeping existing user profiles/settings on desktops.

I need some opinions on how to re-join some desktop machines to the same domain name on a different server.

The story goes like this:

In a small network there was a server which was acting like a domain controller. There are some desktop machines (windows 10) that were part of that domain.

Meanwhile the server crashed, and was replaced by a brand new machine. The new server was given the same IP, same hostname and same domain name.

Now I want to re-join the desktop machines to that domain, but keeping all existing user's local profile settings. There are no roaming profiles involved here.

So for each desktop, I would then:
1- Login with local admin account;
2- Join desktop to workgroup;
3- Restart machine;
4- Login with local admin account;
5- Join desktop to domain (which was the same name as in the old server).

This would allow me to achieve (at least partially) what I want. I also have to think about user profiles and in that respect, I need some opinions before moving forward.

The user profile is stored and named something like DOMAIN\user, and it is already present on the desktop machine.

If I re-join the same domain name DOMAIN, when the "user" logs into the system, the desktop will already have a DOMAIN\user profile stored on the machine.

Will it use the existing one, thus keeping all user settings, docs, desktop, etc? This is exactly what I was looking for.

Will it create a new one side by side, without messing with the other one?

Will it overwrite the existing one and reset all user settings?

Even though the server name and ip is the same, the domain name is the same, the user names are the same, their SIDs will differ, so I'm afraid it may pose some problems on achieving what I want.


Thank you for your attention.
 

marv

Active Member
Apr 2, 2015
155
34
28
38
as you mention, SID will differ, so new clean profile will be created, old one will remain intact.
Then you can manually set new user's file permission on old profile folder + registry entries in ntuser.dat file. Then change profile path in registry (this worked fine in Windows 7 when I was transferring local profiles to domain accounts, but there might be some issues with Windows 10 because of modern apps)
 

manfri

Member
Nov 19, 2015
45
7
8
56
ForensiT Free Downloads

Use Profile Wizard

I've used few time (not recently) doing exactly what you need.

It basically do afix the sid & permission of the profile (not copying it) and this can be confusing (and someone lost the profile not following exactly the instructions..
 

zecas

New Member
Dec 6, 2019
27
0
1
ForensiT Free Downloads

Use Profile Wizard

I've used few time (not recently) doing exactly what you need.

It basically do afix the sid & permission of the profile (not copying it) and this can be confusing (and someone lost the profile not following exactly the instructions..
That software seems pretty nice, I'll have to give it a try, thanks for pointing it.

It's a pity that windows doesn't have any solution in place for this :/.
 

Roelf Zomerman

Active Member
Jan 10, 2019
147
27
28
blog.azureinfra.com
That software seems pretty nice, I'll have to give it a try, thanks for pointing it.

It's a pity that windows doesn't have any solution in place for this :/.
It actually does.. but it requires you to re-ACL the profile and encryption on some folders (as it's win10). But it requires some PowerShelling.. so you might also just want to take a look at setACL:
Free Script: User Profile Domain Migration with SetACL • Helge Klein

for the record, the fact that the servername and domain name are the same, doesn't mean they are the same.. as you said you have a new domain GUID and thus SID for most of those users. Always make a backup of your domain controller... so that if you do have to rebuild, at least you have the security identifiers..
 
  • Like
Reactions: gb00s