In this article, I share the script with which you can quickly migrate user profile. The script assigns the rights to the profile folder and registry files, and then change the path to the profile for the new user. This script free and was preferred (for me) than a means "User State Migration Tool".
Example usage:
We need to migrate user "contoso\i-evgeny" to domain "blogspot.com"
1. Create user "blogspot\i-evgeny"
2. Join PC to new domain "blogspot.com", reboot
can remotely with powershell:
3. Logon to PC-blog with user "blogspot\i-evgeny", reboot
4. Logon to PC-blog with Administrator:
- disable UAC
can with powershell:
- run powershell script ".\ProfileMigrate.ps1 contoso\i-evgeny blogspot\i-evgeny"
- reboot
5. Logon to PC-blog with "blogspot\i-evgeny", check your files, application etc
6. If your have errors when use Certificates additional reassign rights to
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates
%userprofile%\Application Data\Microsoft\SystemCertificates
Example usage:
We need to migrate user "contoso\i-evgeny" to domain "blogspot.com"
1. Create user "blogspot\i-evgeny"
2. Join PC to new domain "blogspot.com", reboot
can remotely with powershell:
Add-Computer -ComputerName PC.contoso.com -DomainName blogspot.com -newname PC-blog -PassThru -Force -restart
3. Logon to PC-blog with user "blogspot\i-evgeny", reboot
4. Logon to PC-blog with Administrator:
- disable UAC
can with powershell:
New-ItemProperty -Path HKLM:Software\Microsoft\Windows\CurrentVersion\policies\system -Name EnableLUA -PropertyType DWord -Value 0 -Force
- run powershell script ".\ProfileMigrate.ps1 contoso\i-evgeny blogspot\i-evgeny"
- reboot
5. Logon to PC-blog with "blogspot\i-evgeny", check your files, application etc
6. If your have errors when use Certificates additional reassign rights to
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates
%userprofile%\Application Data\Microsoft\SystemCertificates
"Download .\ProfileMigrate.ps1":
[CmdletBinding()]
[CmdletBinding()]
Param (
[Parameter(Mandatory=$True,Position=0)]
[string]$U_S,
[Parameter(Position=1)]
[string]$U_D
)
if ($U_S -and $U_D) {
write-host "Usage example: .\ProfileMigrate.ps1 contoso\i-evgeny blogspot\i-evgeny" -fore green
$objUser = New-Object System.Security.Principal.NTAccount($U_S)
$strSID = $objUser.Translate([System.Security.Principal.SecurityIdentifier])
$Profile = Get-ItemProperty "hklm:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\$strSID" -Name ProfileImagePath
$path = $Profile.ProfileImagePath
$acl= (Get-Item $path).GetAccessControl('Access')
$inherit = [system.security.accesscontrol.InheritanceFlags]"ContainerInherit, ObjectInherit"
$propagation = [system.security.accesscontrol.PropagationFlags]"None"
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule ($U_D,"FullControl",$inherit,$propagation,"Allow")
$acl.addaccessrule($rule)
Set-ACL $path $ACL
reg load hklm\sourceuser $path\NTUSER.DAT
reg load hklm\sourceuser2 $path\AppData\Local\Microsoft\Windows\UsrClass.dat
$path = "hklm:\sourceuser"
$acl= get-acl -path $path
$inherit = [system.security.accesscontrol.InheritanceFlags]"ContainerInherit, ObjectInherit"
$propagation = [system.security.accesscontrol.PropagationFlags]"None"
$rule=new-object system.security.accesscontrol.registryaccessrule $U_D,"FullControl",$inherit,$propagation,"Allow"
$acl.addaccessrule($rule)
$acl|set-acl
$path2 = "hklm:\sourceuser2"
$acl2 = get-acl -path $path2
$acl2.addaccessrule($rule)
$acl2|set-acl
do {
Start-Sleep -s 10
reg unload hklm\sourceuser
} while (test-path $path)
do {
Start-Sleep -s 10
reg unload hklm\sourceuser2
} while (test-path $path2)
$objUser = New-Object System.Security.Principal.NTAccount($U_S)
$strSID = $objUser.Translate([System.Security.Principal.SecurityIdentifier])
$Profile = Get-ItemProperty "hklm:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\$strSID" -Name ProfileImagePath
$Profile.ProfileImagePath
$objUser2 = New-Object System.Security.Principal.NTAccount($U_D)
$strSID2 = $objUser2.Translate([System.Security.Principal.SecurityIdentifier])
$Profile2 = Get-ItemProperty "hklm:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\$strSID2" -Name ProfileImagePath
$Profile2.ProfileImagePath
Set-ItemProperty "hklm:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\$strSID2" -name ProfileImagePath -Value $Profile.ProfileImagePath
Remove-ItemProperty "hklm:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\$strSID" -name ProfileImagePath
} else {
write-host "Usage example: .\ProfileMigrate.ps1 contoso\i-evgeny blogspot\i-evgeny" -fore green
}
No comments:
Post a Comment