Downgrade User Profile from Domain to Workgroup
1) No, it is not possible. However, you can create a new local user and copy the profile of the domain user into the local profile. This will not copy registry settings unique to that user though, so it is possible it will not be 100% identical. You could comb through the registry, but that would be difficult at best, impossible at worst.
2) No, it is not safe. I cant give you a definitive answer, as there are many factors at play. The logon cache policy, the password policy, and some others. By not creating a local user, you run the risk of headaches down the road.
Related videos on Youtube
05 : 48
02 : 04
![Windows server| How to change domain to workgroup step by step [2016]](https://i.ytimg.com/vi/W_sasI79KGo/hqdefault.jpg?sqp=-oaymwEcCOADEI4CSFXyq4qpAw4IARUAAIhCGAFwAcABBg==&rs=AOn4CLDYLaoLdyIO8oL3qRsZTC-pqpZ11w)
04 : 38
05 : 37
02 : 04
Giffyguy
I enjoy writing hardcore OO data-structures in native C++.
Updated on September 18, 2022Comments
-
Giffyguy almost 2 years
I'm doing some one-off IT maintenance for a very small business <15 employees
I moved all their e-mail to Microsoft Office365, and all of their shared network files to Microsoft SharePoint Online.
Since there are no more local files stored on-premise, I decided to decommission the central on-premise server that was used for files and e-mail previously.
The problem is, this server was also the Active Directory Domain Controller.
I've moved all workstations back to "workgroups" instead of "domains," and I've replaced domain user accounts with local user accounts and local administrators.
However, one employee insists on keeping their old domain user profile, because they claim it is too much of a pain to set up a new user profile from scratch.
Even with the domain controller gone, they are still able to log in using their old domain credentials, because the workstation has their domain user account information cached locally.
My questions are:
1) Is it possible to "downgrade" a domain user profile to the workgroup, without having to create a fresh new profile?
2) Is it safe for this employee to keep using their domain creds to log into their workstation, even though the domain is no longer present on the network? How long could we expect this to keep working for this employee?-
Keltari about 8 yearswhy would you demote the AD controller?
-
Giffyguy about 8 yearsIt was a decision made by a bunch of people in the company. They are selling off the server hardware, since there is no more company data stored on-premise. The AD server wasn't just demoted, it's been wiped and put on CraigsList. It's dunn. ;-)
-
Keltari about 8 yearsIf it were me, I would have left the AD infrastructure. It give you so much more flexibility, even in a small environment, then without it. But its to late now.
-
Giffyguy about 8 years@Keltari I agree, I would have left it there if it was up to me.
-
