Hi Dale,
If the server is the PDC and there has no other BDC in the domain, the
problem you encountered is normal.
When you format the hard disk and reinstall the Windows NT, the SID of the
user are changed even the user name is same. That's why you get new user
profile in the Windows 2000/XP client and the user permission are lost.
To the first problem, we can try to change the profile path as the
following steps.
1. Run regedit
2. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\ProfileList
3. Under it, you can see some SID listed under it
4. Find the one of which ProfileImagePath key value points to the new
created user profile path (C:\Documents and Settings\Dale.000)
5. Modify the value to the original user profile path (C:\Documents and
Settings\Dale)
6. Close the Registry Editor and restart the computer
The ACL of the network share contains a list of ACE. Each ACE contains one
SID and the related permission. When you set the permission of a network
share, the Windows shell will converts the SID to the user name which can
be read easily. Since you have reinstalled the server, the SID is the
original ACE can't be find in the new domain. So, the permission is lost.
If you have the full backup of the server, we can restore it from the
backup. If not, we have to manually reset the network share permissions.
Now, I have some suggestions to avoid the problem from happening again.
1. Create the BDC to the domain. This can hold the account information. If
the PDC is down, we can easily recovery the whole domain. The user
information will be restored from the BDC when the PDC re-built.
2. Backup the server with the NTBACKUP or other backup application weekly.
This will keep the network share permission.
Thanks for using Microsoft News Group!
Sincerely,
Steven Liu
Microsoft Online Partner Support
MCSE 2000
Get Secure! ¨C
www.microsoft.com/security
This posting is provided Ħ°as isĦħ with no warranties and confers no rights.
--------------------
| Reply-To: "Dale" <IGTeck.DeleteThis@hotmail.com>
| From: "Dale" <IGTeck.DeleteThis@hotmail.com>
| Subject: NT Domain Migration Problem
| Date: Sat, 30 Aug 2003 09:21:35 -0700
| Lines: 43
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
| Message-ID: <u6hB6MxbDHA.2372.DeleteThis@TK2MSFTNGP09.phx.gbl>
| Newsgroups: microsoft.public.windows.server.migration
| NNTP-Posting-Host: adsl-67-122-232-126.dsl.scrm01.pacbell.net
67.122.232.126
| Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP09.phx.gbl
| Xref: cpmsftngxa06.phx.gbl microsoft.public.windows.server.migration:3066
| X-Tomcat-NG: microsoft.public.windows.server.migration
|
| Recently, an issue occurred on our NT 4.0 Server that subsequently would
not
| allow it to boot. An ERD disk was inserted, which unknown to the
| administrator, was from Jan 2000. This then caused a time warp to occur
| after all of the settings were selected and run. There are about 35
clients
| connected on this network. The operating systems range from Windows 98 to
XP
| Pro.
|
| Once the problem with the server had been recognized, the C:\ drive was
| reformatted and NT Server reinstalled. The name of the server was changed
| but, the domain name was left in tact. As the client system were booted up
| they could not connect to the new server to browse. The NetDom utility was
| used but, was not successful. One by one all of the NT 4.0 Workstations
and
| Windows 2000 client systems were migrated to a Workgroup and then back to
| the domain. Much to our dismay this created two new unforseen problems.
|
| The first was that it created two new profiles. An example was in Windows
| 2000. In C:\Documents and Settings the profile folders for each client,
for
| exmple "Dale", were present before the incident. Afterward, it was noticed
| the that a "Dale.(Domain Name)" and a "Dale.000.(Domain Name)" were
created.
| This meant that all of the settings, documents, desktop, Outlook eMail
| settings, etc. were no longer available to the User. They had to be
manually
| moved to the new profile.
|
| The second and more distressing problem was the Users rights. They no
longer
| have rights on there system to even open simple files that are local to
| their hard drive. They get an error message that indicates that they do
not
| had "priviledges" to these items. I tried adding them to the local
| Administrator's group on their individual systems but, without success.
|
| I attempted to change the security settings individually on files and
found
| that it did work however, was very time consuming to go from folder to
| folder, highlight all, right-click and change rights on them. I found that
| the only thing that seemed to work was to add each user account into the
| Domain Admins global group. This was not the way I had envisioned this.
| Creating a huge domain security breach just to allow local access to
simple
| tasks.
|
| Can anyone shed so light on what went wrong and more importantly, how to
| repair the damage?
|
| Dale
|
|
| >> Stay informed about: NT Domain Migration Problem 
FAQ
Profile
Private Messages
Log in
