Migrating user profiles from one domain to another should be done using Microsoft’s Active Directory Migration Tool (ADMT). However, there are some circumstances whereby this tool cannot be used. ADMT requires the use of a forest trust between source and target domains. If you are migrating away from SBS to Standard domains you cannot create a trust with an SBS server for instance. There is a work around using ADMT 3.0 whereby you can trick it into using pass through authentication instead of a trust, but Microsoft removed this “feature” in 3.1 and above. Since 2012 Server only supports a re-release of ADMT 3.2 available only from http://connect.microsoft.com ADMT in this scenario is pretty useless for profile migration.
In order to achieve a profile migration you can perform some registry tweaks and re-permission the user profile on each client machine. This is a “dirty” method and one that should be executed with extreme caution. Before proceeding ensure you have a back out plan such as duplicating the profile and backing up the registry keys you modify before changing anything
- One the workstation, log on as local administrator and join the machine to the new domain. Reboot the machine to complete the join process
- Log on to the machine using the new user credentials of the user you want to migrate the profile to. Once log on is complete, log off the machine. Log back on as domain administrator
- Open C:\Users\ and right click on the old profile folder from the legacy domain and select properties. On the security tab grant the new user object from the new domain full control and owner rights to the folder and all it’s subfolders
- Press Windows key + R to launch the run dialogue box and type regedit and press enter
- Expand HKEY_USERS and click on file and Load Hive
- Browse to the old legacy users profile folder in C:\Users and select the NTUSER.DAT file. (You may have to enable show hidden and protected operating system files) or just type the literal path in
- Give the hive a name (can be anything) e.g. simon.jackson
- Right click on the hive you created and select permissions. Add the new username from the new domain and grant the full control rights to this folder and all subfolders
- Click on file and select Unload Hive once finished
- Next browse the registry to the following location HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
- View each key looking at the ProfileImagePath value to identify the profile created when the new user logged in in step 2
- Once found edit this string and point it at the old legacy profile folder
- Find the ProfileImagePath for the legacy user and delete that entirely.
- Close the registry
- Open C:\Users folder and delete the profile folder of the new user object created in step 2. NOT the legacy one
- Reboot the machine
- Log on with the new user credentials and your user should use the legacy profile
Please be aware that there may be some applications and settings that may not translate properly and could cause some issues. In that event browse to c:\users\profilename\appdata\local and delete or rename the offending application folder. Although the user may lose some application settings this is a small sacrifice in order to give them an “almost” seamless transition.
Of course the correct and proper way to perform a user profile migration in this scenario is to use User State Migration Tool (USMT), but if you are in a hurry the above should get you through a tight spot.
Mark is an Independent Microsoft Teams Consultant with over 15 years experience in Microsoft Technology. Mark is the founder of Commsverse, a dedicated Microsoft Teams conference and former MVP. You can follow him on twitter @UnifiedVale