ForensiT User Profile Wizard For Entire LocationForensiT User Profile Wizard is a great tool when you are migrating from domainold.tld to domainnew.tld.
The free version is a manual process but the corporate version is an automated process that helped migrate an entire office.
Cost
The cost is around $2 USD per computer. So for 100 computers, the cost is $200. Priced correctly on the time you will save.
Installation
Simply download and install. It will install in c:\program files\ForeensiT\Profile Wizard\.
A license file will be emailed to you. Save the file in the location: C:\ProgramData\ForensiT\User Profile Wizard Corporate\Deployment Files\
Run The Wizard
Running the wizard will create a CONFIG file. The config file is an xml file that is editable by any text editor. The options are pretty standard. You will be able to get through them. Very simple, nothing complex. I think the only gotchas are:
-reboot without notice (as you'll be doing this off-hours).
-create a SINGLE-DEPLOYMENT-FILE.
When finished. It will save the CONFIG file in: C:\ProgramData\ForensiT\User Profile Wizard Corporate\Deployment Files\
Edit the Config File
Edit the CONFIG file at C:\ProgramData\ForensiT\User Profile Wizard Corporate\Deployment Files\. Run the PROFWIZ.EXE again to edit the file you just created.
You need to edit a few items to get it to work the way we want it to. Namely, the following:
<! -- Corporate Edition Settings -- >
< AdsPath > OU=Workstations,OU=Office,DC=olympic,DC=domain-name,DC=tld
< Silent > True
< NoMigrate > False
< NoReboot > False
< RemoveAdmins > True
< MachineLookupFile >\\server\share\migrate-pc-file.csv
< Log > \\sever\share\Migrate.Log
< ScriptLocation > \\server\share\Migrate.vbs
(yes, change this even if it says not to. I find having the server share is more accomodating)
<! -- Settings for migrating all profiles -- >
< All > True
< Exclude > ASPNET,Administrator
<! -- Advanced Settings -- >
< Persist > False
< NoGUI > True
< ProtocolPriority > LDAP
< DC > \ \ britannic2.britannic.domainname.tld
< ProfBatRetryLimit > 3
< ProfBatRetryDelay > 2
Most of the key/values are self explanitory. To choose which domain controller you want to join, the ProtocolPriority must be set to LDAP and the DC setting specifies the FQDN of the domain controller (make sure you precede with the "\\").
Create Migrate-PC.CSV File
A .csv file needs to be created. Column A is the current computer name. Column B is the new computer name. If the names are the same then the computer name doesn't change.
Save this file in \\server\share\migrate-pc-file.csv
Save the single-deployment-file in the same location: \\server\share
Deployment
I used 3 ways to deploy.
1- automatic from admin workstation:
- -download PROFBAT at: http://www.forensit.com/support-downloads.html
- -save it in:C:\ProgramData\ForensiT\User Profile Wizard Corporate\Deployment Files\
- -make sure you are still on the domainold.tld and logged in a users at domainold.tld
- -reboot all the computers for a fresh start (use PDQ inventory if you need to do this automatically).
- -click START > PROGRAM-FILES > FORENSIT > COMMAND-LINE (you do not need to run this as-admin)
- -a cmd prompt opens
- you should be at: C:\ProgramData\ForensiT\User Profile Wizard Corporate\Deployment Files\
- -type: profbat.exe
- -hit enter
- -wait... It will give some feedback but not much.
- -it will automatically go through all the computers in the .csv list, migrate all the profiles and join the new domain and reboot the computers.
- -once rebooted, everyone can use their new login at newdomain.tld
- -AWESOME!
- -the logs should be at \\server\share
- -each pc will have it's own migration log.
2- manually from admin workstation:
- -click START > PROGRAM-FILES > FORENSIT > COMMAND-LINE (you do not need to run this as-admin)
- -a cmd prompt opens
- -type: profwiz.exe /COMPUTER computer-name-here
- -hit enter
- -you will see:
> - -wait... It won't give any verbose information.
- -soon it will go to a new line once finished and you will see:
>
> - -the logs are the place you indicated (which should be \\server\share\).
3-manually at admin workstation after domainnew.tld
If for some reason, the pc's are joined to the domainnew.tld without the profiles being migrated, don't worry as it is pretty much the same process. The most important part is the first step:
- -make sure you are on the domainnew.tld and logged into a user with domainnew.tld
- -click START > PROGRAM-FILES > FORENSIT > COMMAND-LINE (you do not need to run this as-admin)
- -a cmd prompt opens
- -type: profwiz.exe /COMPUTER computer-name-here
- -hit enter
- -you will see:
> - -wait... It won't give any verbose information.
- -soon it will go to a new line once finished and you will see:
>
> - -the logs are the place you indicated (which should be \\server\share\).
4- manually at the client computer:
- -save the profwiz.exe, profwiz.config, migrate.exe, migrate.vbs at the share: \\server\share\
- -edit the profwiz.config
- -change: <GUI> True
- -save
- -run: migrate.vbs
- -it should show the progress and migrate all the profiles over.
- -reboot the computer.
5- automatically via logonscript
- -save the profwiz.exe, profwiz.config, migrate.exe, migrate.vbs at the share: \\server\share\
- -add the migrate to the login-script: \\server\share\migrate.vbs
- -login to the client pc. It will begin the migrate process and skip if has already been run (of course it won't be referenced once the computer is joined to the new domain).
Final Thoughts
That's it! That should handle all the scenarios that will work. Of course, there are many scenarios that will NOT work. Most of the errors will be trying to move a client-pc on domainold.tld by using an admin-workstation already joined to domainnew.tld (and logged into domainnew.tld user). Or vice-versa. If you are making changes, the client-pc and the admin-pc must be on the same domain (at least for it to be easy).
In any event, in all scenarios I did not visit a single client pc. Everything worked with a little thinking. This should be built into Windows Server.
NOTES:
https://www.forensit.com/Downloads/User%20Profile%20Wizard%20Corporate%20User%20Guide.pdf
For the curious... Yes, it is possible to have 2 domains on the same network subnet at the same time. But there can only be one DHCP and both domains should reference the other in the DNS -> FORWARD LOOKUP ZONES. Simply add the other domain and IP address of the other domian server.