Move roaming profile user from 2008 to 2012 on new domain; logon and permission issues

windows-server-2008-r2 windows-server-2012 roaming-profile

6,430

If it was me, I would have done things in a slightly different order to avoid this sort of thing. I suspect the roaming profile you copied to the new server is causing the problem. Profile issues moving to new domains is something I have experienced a lot.

If I were you, I would do the following to attempt to resolve the issue:

Log off as Jim

Log in as Local admin

Take a backup of the local and roaming profile

Right click Computer\Properties\Advanced System Settings\Advanced Tab\User Profiles - Highlight any reference to Jim in the list and hit delete

Go to the server, delete the server copy of Jim's roaming profile and remove the roaming profile setting from the user account object

Log off local admin and restart the machine

Log in as Jim (you will create a new profile)

Set the roaming profile setting for Jim, then log off and on a few times until you can see the profile appear on the server

Copy folders you need from the **old roaming profile backup** to the **new local** profile. Do not copy the whole thing as you'll move over things like the NTuser.dat file and other system files that will be either useless or cause you problems. Only copy stuff you need, like favourites and desktop for example.

Log off as Jim (new profile will be saved to the server is the location specified in AD)

Log on as Jim (the profile will be downloaded from the server and will hopefully now work)

This should fix it. Let me know how you get on.

6,430

stormdrain

Updated on September 18, 2022

Comments

stormdrain over 1 year
I have an older server 2008 machine with domain old.local. I created a new server (2012 R2), promoted to dc and created the domain new.local.

I set up a share for user folders Users$. I moved a users' folder (call him jim) from old.local to new.local. On a machine that was joined to old.local and that had been used by this user, I joined new.local. I updated the profile folder path on new.local to reflect the Users$/jim location on the new server.

Now, when I log into the computer that I just joined to the new domain with the jim user, I am getting "Logged on with temporary profile" message. The only thing in event viewer that mentions anything about logging in states:
```
DCOM got error "1787" and was unable to logon OLD\jim in order to run the server: {UUID}
```
I can't figure out why the heck it is logging an error about trying to log into the old domain. I also can't figure out why the temporary profile issue is happening; the effective permissions on the folder show jim as the owner with full control. Wouldn't be surprised if this is just an artifact of not logging into the new domain correctly though.

Any ideas on what else I can check to track this problem down would be appreciated.
stormdrain about 10 years

Thanks -- trying now. In the meantime, what would the proper order be to do this?
Simkill about 10 years

If by proper you mean 'The Microsoft way', then I think they would tell you to use the Active Directory Migration Tool (ADMT). That is, assuming you are moving the whole of the old domain to the new domain and not just 'Jim'. technet.microsoft.com/en-us/library/cc974332(v=ws.10).aspx EDIT - I do not know if ADMT is compatible when migrating to 2012 R2, in which case I don't know what the tool or replacement tool is now called.
Simkill about 10 years

Try dropping the roaming profile setting on active directory as an addition to step 5. Updating answer now. Please also see additional step - Set the roaming profile setting for Jim, then log off and on a few times until you can see the profile appear on the server. Please remember to start from step 1 as deleting the profiles is a must every time a temp profile is created.
stormdrain about 10 years

I don't see any temp profiles being created; there is default profile (which can't be deleted), admin and another local user (McAfee). I deleted the Users$ share, re-created, and removed and re-added roaming setting for jim. Multi-login's and outs and still no folder for jim in Users$. Also still getting same 1787 error; and still met with OLD\jim at login screen.
Simkill about 10 years

Have you rebooted immediately after the deletion?
Simkill about 10 years

Ok, that is all I have for you I'm afraid, that procedure has worked for me in the past. Hope you find a fix.
stormdrain about 10 years

I still have to do this for a few other users - would much appreciate if you could update the answer with a better procedure if starting from scratch. I.e. Should I just join the new domain and log in? Then will the profile be copied to roaming folder? You are right about ADMT not working. At any rate, thanks.