As you are apparently not interested in the user objects themselves but only the associated data and profile information, this should work:
- take ownership and reset filesystem permissions of every profile directory (
C:\Users
by default - if you had local profiles in place)
- create your new local users and log them on interactively once - new profile directories and references get created during this step
- change the filesystem permissions of your old profile directories to include
Full Access
for the respective newly created users
If you are not interested in the users' settings which were stored in the registry but only need to migrate the user data, just either copy the relevant data (presumably stuff like Documents
, Desktop
or Downloads
) out of the old profile directories into the newly created ones yourself or let the users do it (you've granted them access in step 3.). If you need the settings as well, there is more work to do:
- log off the users you just logged on
- run the Registry Editor (
regedit.exe
) as an administrative user to modify the ProfileImagePath
value of the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\<SID>
subkey so your newly created user objects would map to your old AD users' profile directories
- restart your machine to make sure all profiles have unloaded
- log on your new users - you should see error messages and erroneous behavior all along - this is due to the fact that you've changed the filesystem permissions for the profile, but permissions on the profile's registry are still too restrictive
- run the Registry Editor (
regedit.exe
) as an administrative user to add Full Control
for the respective users' registry permissions. The user's registry profiles are loaded into HKEY_USERS\<SID>
and HKEY_USERS\<SID>_Classes
regkeys. You would need to be able to identify the <SID>
-subkeys and map them to your user's names to set permissions - you could do it by retrieving each user's SID and matching them against the list of course, but a much simpler approach is to look up the USERNAME
value within the HKEY_USERS\<SID>\VolatileEnvironment
key.
- restart the machine again and log on the users - you should be good now
Now depending on the number of users you want to re-create, this can be an awful lot of work - consider scripting the whole procedure then.
Oh, one more important thing: since you seem to be the type to forget taking backups before making significant changes, try to think of it this time and
make sure you have an easily accessible backup beforehand.
This would be especially necessary if you have no significant experience in handling profiles or using registry editor, as in this case you are rather likely to screw things up beyond all repair.
Oh, and you can't set SIDs of created user or group objects - not even programmatically. For migration purposes, there is the sIDHistory attribute, but population of this one is restricted to the use of the DsAddSIDHistory function - which requires a functional source domain (which you don't have) and an AD user object as the destination (which you don't have either).