User Profiles and Active Directory

By: Daniel Toth

What's a profile?

A profile is where Windows keeps all your personal data and settings. Your profile is where your "My Documents", "My Pictures" and "My Music" files are stored, and where your Internet favorites and cookies are kept. Windows keeps track of your personal settings in your profile, like your desktop wallpaper and the lists of documents you've recently opened. Most of the changes you make to personalize your applications are also kept in your profile, as well as files like dictionaries and playlists.

What is Active Directory?

Active Directory (AD) is an implementation of Lightweight Directory Access Protocol (LDAP)directory services by Microsoft for use primarily in Windows environments. LDAP isa protocol used to access a directory listing.The main purpose of AD is to provide central authentication and authorization services for Windows based computers. AD also allows administrators to assign policies, deploy software, and apply critical updates to an entire organization. AD stores information and settings relating to an organization in a central, organized, accessible database. AD networks can vary from a small installation with a few hundred objects, to a large installation with millions of objects.

The User Profile Wizard (UPW), created by ForensIT, reassigns a profile from one profile to another. It appears to do this without moving the files on the local drive. This is one advantage the User Profile Wizard has over the Files and Settings Transfer Wizard (FSTW), which Microsoft integrates into its operating systems. The FSTW makes an archive of the selected user’s profile. The time to do this is anywhere from 10 minutes to over one hour. The time required for the UPW to complete its tasks is roughly 4 minutes long.

The User Profile Wizard runs on Windows 2000, Windows XP, and Windows Vista.

It also has a feature in which one can delete the account after the profile has been reassigned. This will permanently erase the old profile. Another feature of UPW is the ability to share a profile. This would allow two people to share the same settings and documents. The UPW also can add a computer to AD, while it reassigns the profile. One other option of UPW is the capability to disable the local profile after a successful migration to AD. Disabling the account would allow you to still have a backup of all the documents.

Below you will see instructions for adding a computer to AD using both the UPW and FSTW.

User Profile Wizard from ForensIT

  1. Log on as existing local user of the computer
  2. Confirm user is an Administrator
  3. Right-click on My Computer
  4. Select Manage
  5. Double-click Local Users and Groups
  6. Select Groups
  7. Double-click Administrators
  8. The users account name should be listed under Members
  9. Click OK
  10. Close Computer Management
  11. Rename computer
  12. Right-click on My Computer
  13. Click on Properties
  14. Click the Computer Name tab
  15. In Description field add a useful name
  16. Click on the Change button
  17. Type in the appropriate name (the one created in AD Computers)
  18. Click OK twice
  19. Reboot the computer
  20. Add computer to the domain
  21. NOTE: This step must be done by authorized personnel
  22. Insert media that has the User Profile Wizard on it
  23. Open My Computer
  24. Double-Click the media you just inserted
  25. Find Profwiz and double-click it

  1. Click Next

  1. Enter the Domain as example.domain
  2. Enter the account name as in
  3. Deselect the Set as default logon checkbox
  4. Click Next

  1. Select the user’s account from the list of profiles
  2. Select the Disable Account checkbox
  3. Click Next

  1. Enter an authorized ID and password
  2. Click OK

  1. A screen such as this will display when the wizard is complete

  1. Click Next
  2. Click Finish

  1. You must click OK to reboot the computer
  1. Have the user log on using theire-mail address and password
  2. Make sure the user’s default printer is set to their preference
  3. Make sure the user is able to access everything as before

File & Settings Transfer Wizard from Microsoft

  1. Log on as existing local user
  2. Confirm user is an Administrator
  3. Browse through the user’s documents to see if there are any large files
  4. Make a new folder
  5. (ex. C:\UsernameProfile)
  6. Transfer any large files to this new folder
  7. Run file and settings transfer wizard, transferring files to the new folder on the hard drive (ex. C:\UsernameProfile)
  8. Click Start
  9. Click All Programs
  10. Click Accessories
  11. Click System Tools
  12. Click on Files and Settings Transfer Wizard
  13. Click Next
  1. Select Old Computer radio button
  2. Click Next
  1. Select Other radio button
  2. Click Browse and select the folder created in step 3
  3. Click Next
  1. Select Both Files and Settings radio button
  2. Choose Let Me Select a Custom List of Files
  3. Click Next
  1. Ensure that all the folders are listed
  2. Click Next
  1. Wait for the wizard to complete
  1. Click Finish
  1. Rename computer
  2. Right-click on My Computer
  3. Click on Properties
  4. Click Computer Name tab
  5. In Description field add a useful name so that you know what computer is what when browsing the network
  6. Click on Change button
  7. Type in the appropriate name (ex. CBA-BACL-001)
  8. Click OK twice
  9. Reboot is necessary
  10. Add computer to the domain
  11. NOTE: This step must be done by authorized personnel
  12. Right-click on My Computer
  13. Click on Properties
  14. Click Computer Name tab
  15. Click on Change button
  16. Click on the Domain radio button
  17. Type in domain name
  18. Click OK
  19. Reboot is necessary
  20. Have the user log on using their Active Directory account
  21. Add user’s Active Directory account as an Administrator
  22. Open Control Panel
  23. Double-click User Accounts
  24. Input Administrator password for the computer
  25. Click OK
  26. Click Add…
  27. Type the user’s Active Directory account name in the User Name box
  28. (ex. dtoth1)
  29. Type the domain in the Domain box
  30. Click Next
  31. Select the Other radio button
  32. In the scroll box select Administrators
  33. Click Finish
  34. Run file and settings transfer wizard again to import documents and settings
  35. Select New Computer this time
  36. Follow instructions in Step 4
  37. NOTE: Sometimes the user’s original desktop icons do not copy over
  38. If they do not copy over with the wizard, browse to C:\Documents and Settings\olduseraccount
  39. Open the Desktop folder and Copy the contents to the new user’s Desktop folder
  40. Delete files created by wizard and disable local user account. This will prevent

unauthorized or accidental access to the local account but retain the files and

settings as a backup

  1. Disable the old profile
  2. Right-click My Computer
  3. Click on Manage
  4. Double-click Local Users and Groups
  5. Click on Users
  6. Right-click on the local user account
  7. Click on Properties
  8. Select the Account is Disabled box
  9. Click OK twice
  10. To delete files created by the wizard
  11. Open My Computer and browse the C drive and find the new folder you created earlier
  12. Highlight the folder and hold down Shift and press Delete
  13. Click Yes
  14. Close the window
  1. Make sure the user is able to access everything as before

Sources