Join an Active Directory domain and keep your local profile intact

Recently, I had to join a number of computers in a small office to a domain, but the users all had local profiles that they wanted to keep. Things were a mess – some people’s usernames were the Last name, first initial (the username format I’d chosen for the domain), some were using their full names, and some were using the local administrator account. When I added these computers to the domain, their “domain user” would log in, and would create a new, empty profile. To avoid this took a few extra domain-joining steps, so I wanted to detail them here.

A note: On the computers that were using the local Administrator account as their main login, I had to create a new user and make them a local admin. I just called this user “Transition”, and deleted it once the process was over.

And now for the steps:

  1. Join the computer to your domain, and grant the new domain user local administrator rights before rebooting. Reboot, and log in using the new domain user. This will create a new, empty profile with that user’s domain login.
  2. While still logged in as the new domain user, take ownership of the old, local profile folder. To do this, right-click on the folder, select “Properties”, go to the “Security” tab, click “Advanced”, and then the “Owner” tab. You can set the owner to either the local admins group or the current user – set it to the current user. You must be a local administrator to take ownership (from step 1).
  3. Log out, and log in using either the local administrator account or the transition account you created.
  4. At this point, you can revoke local admin rights from the domain user if they won’t need them. They were only needed to take ownership in step 2.
  5. Open REGEDIT, select the “HKEY_Users” branch, and select “Load Hive…” from the file menu. In the user’s profile folder, there’s a hidden file called “NTUSER.DAT” – that’s the one you want to load. Make sure you’re loading the file from the old profile, not the one that was created in step 1. You can call it whatever you want when you load it – it doesn’t matter. Also, make sure you’ve made a backup of this file before you edit it.
  6. Right-click the user branch you just loaded, and click “Export…”. Export it as a REG file on your desktop.
  7. Open the registry file you just created in either Notepad or Wordpad (I find Wordpad faster for the this step, but it doesn’t really matter). Search for occurrences of “\OLDPROFILEFOLDERNAME\” and replace them with “\NEWPROFILEFOLDERNAME\”. I’ve generally found about 100 references, but it depends on the size of your registry. Also, make sure you convert 8.3 folder names as well – “\OLDPRO~1\” should become “\NEWPRO~1\”!
  8. Save the file after your found/replaced all the occurrences. Double-click the REG file to load it back into your registry (into the user’s hive). You’ll get a warning that not all data was loaded because some keys were in use – that’s fine.
  9. Since not all keys were imported, we’ll need to fix a few folders by hand. Select the user’s hive, and “Find” any occurrences of the old profile path, replacing them with the new path.
  10. With the main user hive folder selected, go to the “File” menu and select “Unload Hive”. The changes are saved automatically, which is why it’s important that you made a backup in step 5. Close REGEDIT.
  11. Rename the domain user’s profile folder to “Username.Empty” (since it’s essentially a blank profile), and rename the user’s local profile to “Username”, which matches the folder name of the profile that was created in step 1.
  12. Log out, and log in as your domain user, enjoying your old profile just as you left it!

This process can be repeated for as many users as you’d like to transition to the new profiles, and you should maintain every one of the settings for your programs. In fact, I’ve never had a program even realize something is afoot, though I’ve only done this on a half-dozen computers.

Please let me know if you have any feedback, and I’d be interested to know of any experiences you have trying this out!

4 thoughts on “Join an Active Directory domain and keep your local profile intact”

  1. I’ve tried this and it didn’t work.
    I did the steps one by one, the system created a “domainuser” folder for the new user (the login name was different for the local machine and the domain), and I changed the folder path as in the tutorial.
    But in the end when I logged back in with the domain user, the system created a new, “domainuser.domain” folder instead of using the “patched” folder.
    Strangely enough, when I renamed the folder back to the original (local) name and deleted the “domainuser.domain” folder, the system created “domainuser” folder again, without the “.domain” extension.

    But I shouldn’t be surprized… this is windows and it’s a piece of $h17 when it comes to easy administration and sane config system.

  2. Yeah, I don’t understand why MS has not make this migration process a snap, after all, we are not the only onces that wants to do this. Surely they has to be millions of people need to migrate their setup to a “new OS’ and Active directory. I just installed a AD machine and with an unused machine I had it join the domain, and wanted to see how to restore the profile because for real user machines they are going to want that. Oh well, I thought this find was great until I read you post Moha. I’m going to get the steps a try to see if I get successful results.

  3. It’s almost easier just to join the domain and move the files from the old profile to the new, import favorites for IE and re-configure outlook. The biggest concern for 90% of users seems to be that the stuff on their desktop is migrated 🙂

  4. Ben, that’s usually the biggest concern when I migrate profiles as well, but while I don’t mind setting up applications again, people seem to get concerned when their layouts, background, application settings, and things like that get lost in the move. In particular, I wanted to be able to join the computer to the domain and then have the user sit down and log in again without even noticing, and this let me do that. If the concern is just data backup, then you’re right that it easier to just do the file copying yourself after creating the new profile.

    I’ve used this process a couple of times to do a smooth migration from a regular profile to a domain profile, but I’ve only tried it on Windows XP and not on Vista or 7, so I’m not sure what the results would be on a newer version of the OS.

Leave a Reply

Your email address will not be published. Required fields are marked *

Why ask?