Step-By-Step: Adding Domain User Access to a Local User’s Profile

DomainUserAccess

Sometimes the best laid migration plans go awry. Why? Time after time the answer is the same: “Joe User” has a 50 gig (or larger) profile, which of course they claim it is work related. There are a plethora of methods to deal with large user profiles such as moving the data to another location and re-place post migration, utilizing hard-links that can be used to keep the data while moving the OS, restoring it from tape media post migration, etc.

One method I came across is pure genius. Here is the scenario: The company is moving to a domain from a workgroup. The users all have local accounts. The domain name for the user accounts will not be the same as the old local name. How can we easily manage to move their data off their current profile and back into the new domain profile? All we really need to do is change a few permissions and voila – all that old local user data now belongs to new domain user

For the purpose of this example I will use local user “Garth” and domain user “ggorling”. The steps are as follows:

1) Join the local machine to the domain using domain admin (or equivalent) credentials

2) Either logon as the domain user or do a “run as” with the user account. Basically: let windows create a domain user profile folder. In the screen shot below you will see the local user “Garth” and the domain user “ggorling”
clip_image002

3) Navigate to the user profiles (C:\user\”Garth”) and right click

4) Go to the Security tab in the properties and select advanced. This step is important as if you do it from the normal security tab you will get all kinds of errors. Once the advanced tab opens you will need to click “Change Permissions” then add the domain user “ggorling”. Also, it is very important to make sure you tell Windows to replace permissions on child objects.
clip_image004
clip_image006

5) Here you give the domain user (“ggorling”)access to the local user (“Garth”) profile (“Full Control”)

6) Click Ok and close out the file explorer window

7) Now we will open the registry

8) Navigate to HKCU (since you are logged in as the local user HKCU is pointing to the correct user account), right click, select permissions and give the domain user (“ggorling”) access (“Full Control”)
clip_image008

9) Last step: browse through the Registry: HKLM – Software – Microsoft – Windows NT – Current Version – Profile list.

10) Here you will see all the user profiles listed. Each one has a key called “ProfileImagePath”: look through the list until you locate the one with the local username. Copy the value.
clip_image010

11) Look through the list until you locate the domain username. Paste the copied value here.
clip_image012

12) Save and exit

13) Reboot

After completing these steps, you need to give the domain user permissions to the local users profile from the file explorer and also in the registry. If you open the registry as the local user you can change the HKCU hive and also tell the domain user where to look for the files that will be in its new profile location (the old local user’s profile)