1

I used to run an Active Directory installation. The AD server had died a few years back and I'd just been running on cached credentials since I didn't have hardware available to rebuild on and hadn't been using AD for that many services.

I recently got a new server and am trying to get AD set back up. I am unable to boot the old system and don't know where backups are of the old AD tree. I was able to associate the computer to the new domain, but presumably since SIDs don't match up, it recreated new users with the same name (but a .000 on the user directory) for my user. I'm trying to figure out a good way to merge the old local user with the new AD account. I'm aware that it can be done by moving registry entries and files from one set of user files to the other such as is described here, but I wasn't sure if there might be a simpler, more direct way to force a re-association despite the change in SID. The domain name and username are the same for both.

Community
  • 1
AJ Henderson
  • 369
  • 3
  • 15
  • there is no secret sauce you pretty much have to follow the linked doc. – tony roth Jun 18 '13 at 14:08
  • @tonyroth - yeah, that's kind of what I expected. I wasn't sure if there was a way to maybe pull the user out of the local cache and restore it in to AD perhaps. Or possibly something else similar. – AJ Henderson Jun 18 '13 at 14:15

2 Answers2

3

As others said, you can't really do this. The cached credentials wouldn't be of much use anyway - as far as I know the only thing of much interest are the usernames and passwords and they are held using a different hash from the one on the directory so you can't reimport them.

User SIDS will be recreated in the new directory anyway, sort of by definition. If you want to import users from another domain so they keep their security rights you need to use the regular import tools. But you won't have those cached on the PC anyway. So you will need to (re)grant your users access to whatever domain resources they need.

Ken
  • 56
  • 2
  • Thanks, there wasn't much in the way of domain resources. I just wanted to preserve user state on the local desktop. I knew that AD state was going to be a lost cause. I'm pretty sure the Copy To functionality described in MDMarra's answer will work for that purpose though. – AJ Henderson Jun 18 '13 at 17:20
2

You should know that questions about home networks are off topic here, but I'll throw you a bone since this is easy.

You can't "force a re-association despite the change in SID" whatever that means. What you can do is use the User State Migration Tool, or simply use the Copy Profile feature to copy your old account's profile to your new one.

MDMarra
  • 100,183
  • 32
  • 195
  • 326
  • ah, I figured home networks were off topic because it was trying to avoid things like "why doesn't my Linksys router work?" I figured that an actual Windows Server question would be on topic since you don't normally see them in home networks. I'll look in to the links you provided though. Thanks. – AJ Henderson Jun 18 '13 at 15:24
  • I edited my question to remove the references to it being a home network to avoid making a bad example. Thanks for pointing out the issue. I do think this could be relevant in a professional context if someone was unable to restore a DC and was trying to preserve desktop users. The last link looks the most promising. I'll update this as the correct answer tonight if it works. – AJ Henderson Jun 18 '13 at 15:38
  • 3
    I'd hope that anyone using AD in a production environment has more than one DC in the first place :) – MDMarra Jun 18 '13 at 15:42
  • for an enterprise that is likely, but how many small businesses are running on a single Small Business Server? Having done some consulting development work in that segment, it is a LOT! :( – AJ Henderson Jun 18 '13 at 16:08