Manual Profile Migration Process As Performed by Enrollment Services
Documentation derived from Rev 4. 04/04/2005 by AATech Staff
Note: the documentation is a sample of the documentation specific for a particular
department. You may find it helpful in preparing your migration into Active Directory.
Items in Bold require the user to be there for authentication.
Items in Red are multi-part and need to be done in a specific manner and/or sequence.
- Log on as the user.
- Make sure the user and Domain Admins from Enrollment are local administrators on the
box. Note: the user may be an administrator on the box by virtue of belonging to a
Security Group such as Registrar, Admissions, StudentAid, etc.
- Verify “My Documents" is pointed to H:\My Documents. This should be the case for all
- Have the user attempt to use their current Enrollment password for their AD password.
If their current Enrollment password is not AD compliant, have them pick a new password
for AD and then change their Enrollment password to match it. Make sure they know
that these passwords are independent of their VAX/SIS password so changing these passwords
DOES NOT change the password they use for getting into the VAX/SIS. The goal of this
step is to make sure their AD password and Enrollment password are the same.
- Use the iAM site to update the user's profile and home directory information accordingly.
- Verify that their UUID matches their Enrollment login ID.
- Log off the user.
- Log into the computer as the Enrollment Domain administrator; it may take a couple
of minutes to log in to this account but you will eventually get to the desktop.
- Remote desktop into AATECH3 as Enrollment Domain administrator and take ownership
of the user's profile directory (e.g., d:\profiles\rjax); make sure to select the
checkbox for “Replace owner on sub-containers and objects". This should result in
administrators having full control on the user's profile directory.
- Log off of AATECH3.
- Remote desktop into AATECH2 using your UOM credentials.
- Map z: drive to \\AATECH3\d$ using the Enrollment Domain admin credentials.
- Copy z:\users\<uuid> to d:\users (e.g., copy z:\users\rjax to d:\users). NOTE: This
will result in the entire user's data directory from aatech3 being copied to a new
location on aatech2. MAKE SURE YOU COPY the data, DO NOT MOVE IT.
- Verify the sizes of the user's data folders on AATECH3 and AATECH2 are the same.
- Set the appropriate permissions for the user's new folder on AATECH2
- Right click on D:\profiles\<uuid> and select Properties. Click the Security tab. Click
the Advanced button. Uncheck the box that says “Inherit from parent…". A dialog box
will pop up; click Copy. Click OK.
- Set folder security: Verify that Administrators and SYSTEM have Full Control on the
user's data directory. Add the user and give them full control as well. Remove “Users"
from the list.
- Create share
- Set share security.
- Copy z:\profiles\<uuid> to d:\profiles (e.g., copy z:\profiles\rjax to d:\profiles).
Note: this will result in the entire profiles directory for this user on aatech3 to
be copied to aatech2. MAKE SURE YOU COPY the profile, DO NOT MOVE IT.
- Verify the sizes of the user's profile folders on AATECH3 and AATECH2 are the same.
- Give user full control on d:\profiles\<uuid>
- Verify that Administrators and SYSTEM have full control on user's profile directory.
- Log off of AATECH2.
- Verify the Computer Name for the computer is correct.
- Move the computer from the Enrollment Domain to the Enrollment Workgroup
- Restart the computer.
- Log in as the local administrator.
- Join the computer to the UOM domain; do NOT restart at this time.
- Add UOM\<uuid> and UOM\LSP-ACADAFF to the local administrators group.
- Restart the computer.
- Log on as UOM\<uuid> Explain to the user the use of email@example.com for logging on.
- Verify profile transfer (desktop should look identical including background).
- Create a test folder or file on the user's desktop.
- Log the user off, verify no errors (such as profile errors) while logging out.
- Log in as UOM\<uuid>.
- Verify that no profile errors occur and that the test folder or file appears on the
- Set up corresponding network printers on AATECH6. Print a test page for each one then
test their printing from an application. Make sure to set the correct printer as their
default printer. After confirming proper operation of printers located on AATECH6,
delete any printers from Enrollment-NT35, AATECH3 or AATECH5.
- Test the e-mail functionality.
- Test access to ALL network drives including their H:\ drive.
- Test applications that are critical to the user.
- Then test commonly used applications such as Office.
- Attempt a simple edit of an existing file located on their H:\ drive and save that
change. Close the file then open it back up to verify the change they made is still
there. After verifying, undo the change, save, and close the application.
- Fix any broken items as necessary.