This week, I joined my Windows 7 laptop to my Windows SBS 2011 domain.
I have been using a local user “Simon” but also have a domain user “Simon” so, quite naturally, I wanted to join them together in some way so that all the stuff and settings I had built up with the local user would be available to the domain user.
As I explained in an earlier blog posting, I was using Windows 7 Home Premium so I couldn’t join the domain. But I have now updated to Windows 7 Professional and it all becomes possible. Unfortunately, I also had to loose the Linux partition because I keep filling up my disk space.
As usual, I scoured the internet for help and found a few parts of the jigsaw. It appears that many people have tried to do the same thing with varying degrees of success.
The first breakthrough came when I found a great utility helpfully provided by Microsoft called MoveUser which they, slightly less helpfully, stopped providing since Windows Vista. It won’t work in Windows 7.
However, it gave me the starting point to find an alternative solution.
The Solution – Most of It
I found a great VBS script which migrates the users based on Vista’s MoveUser.exe replacement.
I downloaded the zip and unpacked it. All I had to do was edit the domain string on line 28 of the script following the example as closely as possible and all would be perfect.
I followed the instructions but kept getting the same error: ‘The specified domain either does not exist or could not be contacted.’ on line 144. Oh.
Basically, I had got something wrong with the way I specified the domain.
The Full Solution
For a while I went through various hoops – trying to write some C# code to access the Active Directory on my SBS 2011 server – these attempts also all failed with the same error.
Then I found Active Directory Explorer (a fascinating little app) and realised what was wrong with the LDAP URL. The value that finally worked was:
<ad-server>/OU=SBSUsers,OU=Users,OU=MyBusiness,DC=<sbs-domain>,DC=local
This came from lots of trial and error – including in the C# code… The missing part was the name or IP address of the Active Directory server, <ad-server> (in my case the Windows SBS 2011 server). The OU parts are copied from Active Directory Explorer – and are where I found the Users when I searched. It may be OK to remove them.
Finally, the DC parts are the full domain setup for your server and is also copied from Active Directory Explorer.
The value for strDomainDN should not include the “LDAP://” because it gets added later by the script.
Once I setup this value it almost worked perfectly – but for one final error: Error 0x80070522: A required privilege is not held by the client.
It was quite obvious when I realised – I needed to run Command Prompt as Administrator. I had assumed that Control-Shift clicking the context menu in Windows Explorer would do this – but it clearly didn’t.
How It Went
So, here is the full process:
I created and logged in as a local administrator user, “LaptopAdmin”. I won’t be migrating that user.
I downloaded the script and unzipped it and opened it in an editor.
Next, as I was unsure of my Active Directory details (as in, how to specify them), I downloaded, expanded and ran Active Directory Explorer and searched for one of my domain users.
I used this information to fill in line 28 of the MoveUser.vbs script and saved it.
Next I popped up the start menu and right clicked Command Prompt, Run as Administrator. I changed to the directory containing the script.
Ran the script:
> MoveUser.vbs Simon DOMAINSimon /k
It pops up a dialog asking if I want to do the move. This copied (/k – ‘cause I trust nothing) everything from my Local laptop user to a new DOMAIN user DOMAINSimon.
When finished, it put up a final dialog, “Done”.
The Result
As I hoped, it has worked. Logging in as the new DOMAINSimon user it looked exactly the same as logging in as the local Simon.
So far, the only differences I have found is that my saved passwords have been lost in Internet Explorer (but not Chrome or Firefox) and it changed my IE Home Page to be CompanyWeb (the default SharePoint site created by SBS 2011).
Also, a number of Microsoft settings were lost – mainly stored passwords – and my Start Menu recent program list was decimated. Irritating, but not the end of the world.
If I find any other problems or changes I’ll add a note here.
You could have just used your local profile management, and used the “Copy To” feature along with a handy little utility called Windows Enabler (windows-enabler.softpedia.com/)
Using this, you can simply open Windows Profile Management (Windows Properties / Advanced / Profiles) select your old local profile, then run Windows Enabler, select Copy To, highlight your Domain Profile, and copy the files and settings.
Hope this helps.