I just got done setting up my new Windows 2003 server at home. I had another
server before which was running as my domain controller. This was causing DNS
issues because I stupidly named my local domain the same as my
web domain name. I couldn't visit my website using the base domain name because
that IP resolved to my local DNS server and when I tried to delete that entry on
my DNS server and point it to the correct IP it somehow magically reappears
after sometime. At any rate I decided to setup a new Windows 2003 server as my
new domain controller for a different domain.
The problem I had is I needed to rejoin the new domain and I didn't want to
lose all my local profile settings so I thought I could just copy the profile
but that doesn't work very because my old profile shows up as "Account Unknown".
So I started on my hunt for a way to copy my profile over. Instead I found an
article on Windows IT Pro that shows how to Move
Here are the general steps they listed:
The One-Size-Fits-All Approach
try a step-by-step example. Suppose Jake once used a local account to log on to
a machine named Old, and he'll now use a different local account to log on to a
machine named New. Here's how to move his profile from Old to New.
- Copy Jake's old profile folder from Old to New. The %USERPROFILE%
environment variable identifies the location of Jake's profile. (You must log
on as Jake for this method to work.) Alternatively, look in the
NT\CurrentVersion\ProfileList\SID\ProfileImagePath subkey, where SID is Jake's
SID. If you need to determine which SID is Jake's, use GetSID, which you can
GetSID's syntax is a bit odd:
where accountname is the account's name and accountsource is the name
of the machine that contains the account. Having the account name and machine
name appear twice isn't a typo—both names must appear twice. In Jake's case,
you would type
getsid \\Old jake \\Old jake
Now you have the SID and therefore the correct registry
- After you find Jake's profile, copy it to the location in which New
keeps profiles—probably Documents and Settings, so his copied profile now sits
in C:\documents and settings\jake.
- Create Jake's new local account on New. Log on as Jake, then log off.
Log back on to the system as a local administrator, and use GetSID to find
Jake's new SID.
- Open Jake's folder in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\ProfileList. Double-click the ProfileImagePath subkey and
replace its contents with \%systemdrive%\documents and settings\jake. Close
your registry editor.
- To fix the file and directory permissions, right-click the Jake
directory and choose Properties. On the Security tab, add a permission for
Jake in the typical way: Click the Add button, then choose the local Jake
account. Back on the Security tab, give Jake full control by clicking the box
under Allow next to Full Control. Close the dialog boxes.
- Start up regedt32 (in Win2K or NT) or regedit (in Windows Server 2003 or XP). Navigate to the
HKEY_USERS hive. In regedt32, click Registry, Load Hive; in regedit, click
File, Load Hive. In the Load Hive dialog box, navigate to C:\documents and
settings\jake. Inside that folder, select ntuser.dat and click OK. A second
Load Hive dialog box asks you to fill in a Key Name text field. Enter Jake and
- On your registry editor's main screen, open the HKEY_USERS hive. In
regedt32, click the Jake folder and choose Security, Permissions; in regedit,
right-click the Jake folder and choose Permissions. Click Add and add a new
permission entry for Jake. Click OK to return to the Permissions for dialog
box. Give Jake full control over his registry subkeys by clicking the box
under Allow next to Full Control, then click OK to return to the registry
editor's main screen.
- Now that you're finished with the modifications, you need to write the
changes back to the file. To do so, click the HKEY_USERS\Jake folder. In
regedt32, click Registry, Unload Hive; in regedit, select File, Unload Hive.
Choose Yes to confirm the action. Exit your registry
After doing this pretty much everything worked. With the exception I had to
re-enter any of my saved passwords, which is not a big deal. I believe the
passwords were wrong because they probably use DPAPI
which uses the currently logged in user as part of the encryption