Share this page : facebooktwitterlinkedinmailfacebooktwitterlinkedinmail

From: https://blogs.technet.microsoft.com/canitpro/2014/09/02/step-by-step-adding-domain-user-access-to-a-local-users-profile/

Here is the scenario: The company is moving to a domain from a workgroup. The users all have local accounts. The domain name for the user accounts will not be the same as the old local name. How can we easily manage to move their data off their current profile and back into the new domain profile? All we really need to do is change a few permissions and voila – all that old local user data now belongs to new domain user

For the purpose of this example I will use local user “Garth” and domain user “ggorling”. The steps are as follows:

1) Join the local machine to the domain using domain admin (or equivalent) credentials

2) Logon as the domain user or do a “run as” with the user account. Basically: this will let windows create a domain user profile folder. In the screen shot below you will see the local user “Garth” and the domain user “ggorling”. Then log off the Domain user.
clip_image002

3) Logon as the local user, navigate to the user profiles (C:\user\”Garth”) and right click the Garth folder.

4) Go to the Security tab in the properties and select advanced. This step is important as if you do it from the normal security tab you will get all kinds of errors.  Once the advanced tab opens you will need to click “Change Permissions” then add the domain user “ggorling”. Also, it is very important to make sure you tell Windows to replace permissions on child objects.
clip_image004
clip_image006

5) Here you give the domain user (“ggorling”)access to the local user (“Garth”) profile (“Full Control”)

6) Click Ok and close out the file explorer window

7) Now we will open the registry

8) Navigate to HKCU (since you are logged in as the local user HKCU is pointing to the correct user account), right click, select permissions and give the domain user (“ggorling”) access (“Full Control”)
clip_image008

9) Last step: browse through the Registry: HKLM – Software – Microsoft – Windows NT – Current Version –  Profile list.

10) Here you will see all the user profiles listed.  Each one has a key called “ProfileImagePath”: look through the list until you locate the one with the local username.  Copy the value.
clip_image010

11) Look through the list until you locate the domain username.  Paste the copied value here.
clip_image012

12) Save and exit

13) Reboot

PossibleIssure:

1. Explorer size and location cache no longer works ( you can not open My Computer (This PC) ):

I logged into the affected machine as the domain administrator, and when I loaded the ntuser.dat hive for the affected user, I noticed that the \Software\Classes key didn’t exist. It did, however, exist for the logged on user and it appears to correlate directly to the key under HKU\[SID]_Classes.

On a hunch, I logged back into the affected profile(domain user), drilled down to HKU\[SID]_Classes, and when I checked the permissions, I noticed that the domain user did not have explicit permissions to the key and subkeys. I added Full Control permissions, propagated them through the key and subkeys, rebooted, et voila! Everything is back to the way it should be.

2. The chrome may not work properly: reinstall chrome.

Reference

http://social.technet.microsoft.com/wiki/contents/articles/24026.step-by-step-migrate-local-user-profile-to-domain-user-profile-with-all-settings.aspx

https://social.technet.microsoft.com/Forums/en-US/a6c274a5-fa33-4e56-a1e7-e31c1eab6816/explorer-size-and-location-cache-no-longer-works-after-migrating-local-profile-to-domain-profile?forum=w8itproperf