Migrate an AD User Profile to a Local User Account

This problem may present itself in different ways, in my scenario it was that a company employee was going no longer work in our corporate office but would start working exclusively from home. This generated a number of challenges, one of which was removing their computer account from our Active Directory domain, but retaining all their local settings and desktop customizations that they are familiar with. Rather than just telling my end user “tough luck… you have to start over” I did some digging and found that it’s not terribly difficult to keep all their settings.

The reason for doing all this are numerous but the biggest reason is that once their cached AD credentials expire, the user will no longer be able to logon to their computer since they are going to be connected to their home network and not in contact with a domain controller (you could try to do this via VPN , but may be more trouble than its worth).

Fortunately, the awesome folks over at ForensiT developed a slick tool to migrate user profile data. You’ll need it, so download the latest version of User Profile Wizard from their site (illustrated here is version 3.8).

Step 1:
Make a backup of the user’s local data on the workstation. This is generally in C:\Users\%username% just copy it to another temporary location for safe keeping. However, if they have a very large profile which can be caused by ton of items on their desktop, you may need to save it to a USB thumb drive or external drive.

Step 2:
Create a new local user on the computer that does NOT use domain credentials. You can do this through Control Panel > User Accounts > Manage User Accounts. Make sure the new user is part of the Administrators group and that if you setup a password you know what it is. Reboot the computer and login as the new local user account.

local_user_create

Step 3:
Now that you’re logged in as the local account, its time to disconnect the workstation from the domain. This can be done in Control Panel > System > Advanced System Settings > Computer Name tab. It doesn’t really matter what Workgroup name you add them to, it can be anything. Domain Admin credentials may be required to make this change. Reboot the computer and log back in as the local user account.

Step 4:
Launch the User Profile Wizard. From the first screen you’re going to specify which local account is going to adopt the AD user profile’s settings and data. This should be the NEW local profile that you just created and logged in as in Step 2. Click Next.

profile_wizard_1

Step 5:
On the next screen select the profile that you’re going to pull data from. This should be the now disconnected AD profile and should have a syntax similar to user.<DOMAIN>. If you don’t see this account listed, you may have to check the box that says “Show Unassigned Profiles”. Once you have the account selected, click next.

profile_wizard_2

Step 6:
The User Profile Wizard works it’s magic. This user had about 12GB of data and it took about 10 minutes to complete the transfer. Don’t get worried if it stops on the “Setting Profile ACL…” step as mine did for quite some time before moving on. Once you see “Configuration Complete” click next or finish.

profile_wizard_3

The migrated data will NOT show until the user that received the migrated data logs off and back on again, so don’t panic if you don’t see anything change on the desktop immediately. For good measure it might be wise to reboot the PC completely.

 

2015-01-21T15:45:31+00:00January 21st, 2015|Tags: , , , |

One Comment

  1. Romulon April 15, 2018 at 10:30 pm - Reply

    Worked like a charm! Thanks a ton.

Leave A Comment