Thursday, August 13, 2015

How to Migrate Windows User Profile to New Account. User Profile Migration Script.

In this article, I share the script with which you can quickly migrate user profile. The script assigns the rights to the profile folder and registry files, and then change the path to the profile for the new user. This script free and was preferred (for me) than a means "User State Migration Tool".

Example usage:
We need to migrate user "contoso\i-evgeny" to domain "blogspot.com"
1. Create user "blogspot\i-evgeny"
2. Join PC to new domain "blogspot.com", reboot
can remotely with powershell:

Add-Computer -ComputerName PC.contoso.com -DomainName blogspot.com -newname PC-blog -PassThru -Force -restart

3. Logon to PC-blog with user "blogspot\i-evgeny", reboot
4. Logon to PC-blog with Administrator:
- disable UAC
can with powershell:

New-ItemProperty -Path HKLM:Software\Microsoft\Windows\CurrentVersion\policies\system -Name EnableLUA -PropertyType DWord -Value 0 -Force

- run powershell script ".\ProfileMigrate.ps1 contoso\i-evgeny blogspot\i-evgeny"
- reboot
5. Logon to PC-blog with "blogspot\i-evgeny", check your files, application etc
6. If your have errors when use Certificates additional reassign rights to
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates
%userprofile%\Application Data\Microsoft\SystemCertificates

"Download .\ProfileMigrate.ps1":

[CmdletBinding()]
Param (
  [Parameter(Mandatory=$True,Position=0)]
  [string]$U_S,
  
  [Parameter(Position=1)]
  [string]$U_D
)


if ($U_S -and $U_D) {
    write-host "Usage example: .\ProfileMigrate.ps1 contoso\i-evgeny blogspot\i-evgeny" -fore green
    $objUser = New-Object System.Security.Principal.NTAccount($U_S)
    $strSID = $objUser.Translate([System.Security.Principal.SecurityIdentifier])
    $Profile = Get-ItemProperty "hklm:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\$strSID" -Name ProfileImagePath
    $path = $Profile.ProfileImagePath

    $acl= (Get-Item $path).GetAccessControl('Access')
    $inherit = [system.security.accesscontrol.InheritanceFlags]"ContainerInherit, ObjectInherit"
    $propagation = [system.security.accesscontrol.PropagationFlags]"None"
    $rule = New-Object System.Security.AccessControl.FileSystemAccessRule ($U_D,"FullControl",$inherit,$propagation,"Allow")
    $acl.addaccessrule($rule)
    Set-ACL $path $ACL

    reg load hklm\sourceuser $path\NTUSER.DAT
    reg load hklm\sourceuser2 $path\AppData\Local\Microsoft\Windows\UsrClass.dat
    $path = "hklm:\sourceuser"
    $acl= get-acl -path $path
    $inherit = [system.security.accesscontrol.InheritanceFlags]"ContainerInherit, ObjectInherit"
    $propagation = [system.security.accesscontrol.PropagationFlags]"None"
    $rule=new-object system.security.accesscontrol.registryaccessrule $U_D,"FullControl",$inherit,$propagation,"Allow"
    $acl.addaccessrule($rule)
    $acl|set-acl
    $path2 = "hklm:\sourceuser2"
    $acl2 = get-acl -path $path2
    $acl2.addaccessrule($rule)
    $acl2|set-acl

    do {
    Start-Sleep -s 10
    reg unload hklm\sourceuser
    } while (test-path $path)

    do {
    Start-Sleep -s 10
    reg unload hklm\sourceuser2
    } while (test-path $path2)

    $objUser = New-Object System.Security.Principal.NTAccount($U_S)
    $strSID = $objUser.Translate([System.Security.Principal.SecurityIdentifier])
    $Profile = Get-ItemProperty "hklm:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\$strSID" -Name ProfileImagePath
    $Profile.ProfileImagePath

    $objUser2 = New-Object System.Security.Principal.NTAccount($U_D)
    $strSID2 = $objUser2.Translate([System.Security.Principal.SecurityIdentifier])
    $Profile2 = Get-ItemProperty "hklm:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\$strSID2" -Name ProfileImagePath
    $Profile2.ProfileImagePath

    Set-ItemProperty "hklm:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\$strSID2" -name ProfileImagePath -Value $Profile.ProfileImagePath
    Remove-ItemProperty "hklm:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\$strSID" -name ProfileImagePath
} else {
    write-host "Usage example: .\ProfileMigrate.ps1 contoso\i-evgeny blogspot\i-evgeny" -fore green
}









No comments:

Post a Comment