Disjoin and rejoin domain loses user profile?

Discussion:

(too old to reply)

g***@westernwares.com

2005-02-09 17:24:00 UTC

My W2K domain controller crashed and I replaced it with a Windows 2003
Server machine, using the same domain name as the old machine to avoid
modifying the client workstations.

However, now clients cannot login to the (same) domain due to a failed
trust relationship (Event ID 5723).

After some research, it seems that each client must disjoin from the
domain (by choosing a workgroup), then rejoin the same domain.

This works, but the client user loses their profile on that machine
(e.g. desktop layout, My Documents, etc.) Examining the Documents and
Settings folder reveals that a new profile folder was added for the
same domain (e.g. "joe.MYDOMAIN.002")

Is there a way to avoid a new profile being created when rejoining the
domain?

Is there another way to reestachins the computer to domain trust
relationship?

Can I just rename the old Documents and Settings folder to be the new
one (e.g. remove folder "joe.MYDOMAIN.002", then rename "joe.MYDOMAIN"
to "joe.MYDOMAIN.002") to recover the user's original settings?

I don't want every user on every workstation to have to recreate all
their settings just because the PDC crashed and was replaced.

Thanks in advance for any advice

Jimmy Andersson [MVP]

2005-02-09 21:16:15 UTC

Permalink

Even if you use the same DNS name for the domain, you'll get a different
domain SID. This SID combined with a RID makes up the user, which means that
they're not the same entity anymore.

Regards,
/Jimmy
--
Jimmy Andersson, Q Advice AB
Microsoft MVP - Directory Services
---------- www.qadvice.com ----------

Post by g***@westernwares.com
My W2K domain controller crashed and I replaced it with a Windows 2003
Server machine, using the same domain name as the old machine to avoid
modifying the client workstations.
However, now clients cannot login to the (same) domain due to a failed
trust relationship (Event ID 5723).
After some research, it seems that each client must disjoin from the
domain (by choosing a workgroup), then rejoin the same domain.
This works, but the client user loses their profile on that machine
(e.g. desktop layout, My Documents, etc.) Examining the Documents and
Settings folder reveals that a new profile folder was added for the
same domain (e.g. "joe.MYDOMAIN.002")
Is there a way to avoid a new profile being created when rejoining the
domain?
Is there another way to reestachins the computer to domain trust
relationship?
Can I just rename the old Documents and Settings folder to be the new
one (e.g. remove folder "joe.MYDOMAIN.002", then rename "joe.MYDOMAIN"
to "joe.MYDOMAIN.002") to recover the user's original settings?
I don't want every user on every workstation to have to recreate all
their settings just because the PDC crashed and was replaced.
Thanks in advance for any advice

ptwilliams

2005-02-09 21:22:28 UTC

Permalink

You created a new domain with the same name as the old one. This is quite
different from creating the same domain (impossible without another DC or a
backup). The name is for our (administrators) benefits - AD uses GUIDs.

The reason you've lost your profile is because the user account associated
with the profile is for a different domain and therefore has a different
SID. When you logon with the same username, Windows sees a profile folder
with that name and names your new profile username.domain-name. If you want
to access the old stuff, logon as an administrative user that isn't the user
with the wrong profile and copy the old profile [username] to the new one
[username.domain] and reset the permissions for the new account.

The best way to do this is through the System control panel applet. Look
for the user profiles tab (under advanced if you're running XP).
--
Paul Williams

http://www.msresource.net/
http://forums.msresource.net/

<***@westernwares.com> wrote in message news:***@l41g2000cwc.googlegroups.com...
My W2K domain controller crashed and I replaced it with a Windows 2003
Server machine, using the same domain name as the old machine to avoid
modifying the client workstations.

However, now clients cannot login to the (same) domain due to a failed
trust relationship (Event ID 5723).

After some research, it seems that each client must disjoin from the
domain (by choosing a workgroup), then rejoin the same domain.

This works, but the client user loses their profile on that machine
(e.g. desktop layout, My Documents, etc.) Examining the Documents and
Settings folder reveals that a new profile folder was added for the
same domain (e.g. "joe.MYDOMAIN.002")

Is there a way to avoid a new profile being created when rejoining the
domain?

Is there another way to reestachins the computer to domain trust
relationship?

Can I just rename the old Documents and Settings folder to be the new
one (e.g. remove folder "joe.MYDOMAIN.002", then rename "joe.MYDOMAIN"
to "joe.MYDOMAIN.002") to recover the user's original settings?

I don't want every user on every workstation to have to recreate all
their settings just because the PDC crashed and was replaced.

Thanks in advance for any advice

g***@westernwares.com

2005-02-09 22:17:14 UTC

Permalink

Wow

You mean that when a PDC box dies and is replaced, EVERY user profile
on EVERY workstation has to start over - or have an administrator visit
each workstation and perform the profile folder renaming?

I'm actually lucky, I guess - I only have three workstations in my
office and only one user account to reprogram to get them back where
they were.

There should be a 'ReSync to Domain' button to resync the SID and RID
for a userid/domain with a new server so all settings are not lost
(e.g. all Outlook email and settings.)

I will try your folder renaming workaround to see if I can get my
workstations back to the same state they were in before the server was
replaced... (I've been manually copying various files between the
profile folders to the new user.domain folder, but still can't get my
email back - Outlook still thinks it's unconfigured. I fear there may
be registry entries that will need hacking also to get the
configuration back as it was on each workstation.)

What a mess.

But thanks for the suggestions to try!

ptwilliams

2005-02-09 23:15:20 UTC

Permalink

Bear in mind that most environments will have multiple DCs, so if one dies
or is replaced the domain still exists.

Give the suggestion a go. If you have more problems post back. One of us
here will be able to help...
--
Paul Williams

http://www.msresource.net/
http://forums.msresource.net/

<***@westernwares.com> wrote in message news:***@z14g2000cwz.googlegroups.com...
Wow

You mean that when a PDC box dies and is replaced, EVERY user profile
on EVERY workstation has to start over - or have an administrator visit
each workstation and perform the profile folder renaming?

I'm actually lucky, I guess - I only have three workstations in my
office and only one user account to reprogram to get them back where
they were.

There should be a 'ReSync to Domain' button to resync the SID and RID
for a userid/domain with a new server so all settings are not lost
(e.g. all Outlook email and settings.)

I will try your folder renaming workaround to see if I can get my
workstations back to the same state they were in before the server was
replaced... (I've been manually copying various files between the
profile folders to the new user.domain folder, but still can't get my
email back - Outlook still thinks it's unconfigured. I fear there may
be registry entries that will need hacking also to get the
configuration back as it was on each workstation.)

What a mess.

But thanks for the suggestions to try!

g***@westernwares.com

2005-02-09 23:53:48 UTC

Permalink

Thanks, Paul

Yes, I wish *now* that I had promoted the W3K server as a duplicate DC
to my W2K PDC *before* the first one crashed, as you describe on your
(great) website.

Next time, I'll take a look at your site first for my next Windows
networking adventure...

Rick

ptwilliams

2005-02-10 08:27:44 UTC

Permalink

Hey! Thanks very much Rick!!!

All the best in your endeavours...
--
Paul Williams

http://www.msresource.net/
http://forums.msresource.net/

<***@westernwares.com> wrote in message news:***@c13g2000cwb.googlegroups.com...
Thanks, Paul

Yes, I wish *now* that I had promoted the W3K server as a duplicate DC
to my W2K PDC *before* the first one crashed, as you describe on your
(great) website.

Next time, I'll take a look at your site first for my next Windows
networking adventure...

Rick

g***@westernwares.com

2005-02-09 23:27:05 UTC

Permalink

Follow-up:

I renamed the workstation folders username to username.DOMAIN (and set
the permissions for the "new" user) as suggested.

I also had to spend quite awhile with regedt32 replacing all the
references to "C:\Documents and Settings\username\..." to become
"C:\Documents and Settings\username.DOMAIN\..." before Outlook and
other Microsoft apps would work properly.
(A global search and replace command would have been *very* handy for
regedt32.)

I *think* I now have one workstation back where it was (for one user at
least) before the PDC server crashed.

I am *very* glad I don't have 100 users on 100 workstations to do this
for...