Windows 2003 Active directory / profile rebuild Issues

[bobops]

Hello,

Long story short, our active directory server at work crashed (hard drives) and the backup of AD we had was corrupt. I rebuild the new server from scratch including active directory with all our users. Everything seems to be working correctly on the active directory as I can add new users without any issues. The problem come in with the 40 existing users we have. I named the AD server the same as the old one. However when I try to log on with an existing user, using a windows 7 laptop, the following happens. I get asked to change the password (since I set a default pass for everyone) It accepts the changes to the password and then continues the login process. After a couple of seconds I get an error message along the lines of the trust between workstation and domain does not exist. I have read a couple articles and found out how to rebuild that trust by logging on as local admin and changing the workgroup, rebooting, etc. After that the computer is seen on the domain and can register with the domain.

The problem is that if I try to login with an existing username, it creates a new user profile on the machine and does not copy all the data, docs, setting, etc. I found someone had posted to rename the OLD user profile, log in as that same user so it creates a NEW user profile. Then simply rename the OLD user profile to the NEW one and relogin. I tried that and it worked on 1 out of three profiles. The other two it keeps logging me into a temporary profile. I even tried removing, copying, renaming registry keys, but still get a temp profile. I can copy all the files and rebuild the users settings, but I do not want have to do that for 40 users. Anyone run into something like this? Any advise? Work around? Any info/help would be greatly appreciated.

we are running windows server 2003 and all the PCs run windows 7

Thanks

[allen2]

Everything you encountered is pretty normal and nothing can be confgiured to avoid this:

- when you loose your AD, you actually loose all SID of all AD objects (so including computer accounts and users accounts).

- then you need to re-add all computers to the domain.

- then after you recreated the users accounts, you'll need to re-add their SID on every computer it was present (for the ntfs rights).

- you'll also need to recreate groups and add again the users/groups that were inside and apply those groups to the shared folders

- etc....

In short, you have to do everything that was done since the creation of the AD that is lost and part of those steps need extra steps to retreive old users settings.

For the profile thingy, you'll have a hard time but you can manage to

- load every users old profile registry hive (ntuser.dat) then export it as a .reg

- login with the user account to create the new profile then logout.

- robocopy everything except ntuser.dat from the old profile in the new profile without the NTFS rights.

- load the new profile hive and import almost everything

This should solve mosts issues (some issue might still be there due to the loss of the right SID) but the proper way was to restore active directory even with an old backup.