Chat now with support
Chat with Support

Welcome, ApexSQL customers to Quest Support Portal click here for for frequently asked questions regarding servicing your supported assets.

Migration Manager for AD 8.14 - Resource Kit User Guide

System Requirements

Migration Manager Resource Kit can be installed on an Intel-based computer where Migration Manager is installed running any of the following operating systems:

  • Microsoft Windows Server 2019
  • Microsoft Windows Server 2016
  • Microsoft Windows Server 2012 R2
  • Microsoft Windows Server 2012
  • Microsoft Windows Server 2008 R2 Service Pack 1 or higher
  • Microsoft Windows Server 2008 Service Pack 1 or higher (x64 edition)
  • Microsoft Windows Server 2008 Service Pack 1 or higher (x86 edition)
  • Microsoft Windows 7 Service Pack 1 or higher (x86 edition)
  • Microsoft Windows 7 Service Pack 1 or higher (x64 edition)

ExportProfile

This utility associates the current source user’s profile with the future (migrated) account. As a result, the same profile will be shared between the source and target accounts.

NOTE: The utility links the new account to the old profile. However, it does not grant the new account the permissions needed to use the profile. This has to be done manually or with other Migration Manager components. See Migration Manager for Active Directory Resource Processing Guide for details..

Pre-requisites for Using ExportProfile

Pre-requisites for Using ExportProfile

The following requirements must be satisfied before ExportProfile can be used:

  • The user account must exist in the target domain.
  • The explicit right to modify the following registry key must be granted to the user account:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\

CurrentVersion\ProfileList

  • A two-way trust relationship must be set up between the source and the target domains.
  • The source domain must be visible in the target domain and vice versa. You can check that by running the net view command from the command prompt:

net view /domain:SourceDomain

 

Using ExportProfile

Using ExportProfile

ExportProfile uses the following command line syntax:

ExportProfile.exe IniFileFull

where IniFileFull is the path to the parameter file.

The format of the parameter file is described in the Format of the ExportProfile Parameter File topic.

The program will accept either a full UNC path to the parameter file or a relative path. If the file is specified in relative format, ExportProfile assumes the file is located in the Windows directory—not in the current directory. To work around this limitation, use the following syntax from a logon script or a batch file:ExportProfile.exe %0\..\IniFile

Or use the following syntax from the command line:

ExportProfile.exe .\IniFile

When looking for the SIDHistory, the ExportProfile queries the global catalog of the forest. To process the query, the computer where the utility is executed has to be a Windows NT 4.0 computer and a member of a native mode Windows 2000 domain, or a Windows 2000 computer. If the computer is a Windows NT 4.0 system in Windows NT 4.0 domain or a mixed-mode Windows 2000 domain, UseOldNames in the parameter file should be set to 1.

If a mapping is found, the program creates a key for the migrated account in the following location:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\

CurrentVersion\ProfileList

ExportProfile fills the new key with values taken from the old key of the logged–on user.

If a key for the migrated account already exists in the registry, then only the link to the ProfileImagePath is changed. To simplify troubleshooting, rollback, and cleanup, the old value is saved under the name ProfileImagePath.BAK.

When the program is run from a logon script, the INI file can be located in the Netlogon share, along with logon script itself.

If the operating system supports the %LOGONSERVER% system variable, you can use it in the argument line and put the parameter file in any share with read access.

NOTE: If the account was renamed during migration and SIDHistory was not used, ExportProfile cannot link the new account to the old profile.

If the target user was already logged in on the domain controller, ExportProfile cannot link the target account to the old profile. The utility will have access denied because the users don't have rights on the other users' registry branch on the DC. There are no problems if logging in on a workstation or a member server..

Examples

> ExportProfile.exe ExportProfile.ini
> ExportProfile.exe %0\..\ExportProfile.ini

For a local run:

> ExportProfile.exe .\ExportProfile.ini

ExportProfile and ChangeProfile can be used in one custom add-in file in the following way:

>ChangeProfile.exe %0\..\ChangeProfile.ini
>if ERRORLEVEL 0 ExportProfile.exe %0\..\ExportProfile.ini

Since ChangeProfile determines the absence of a profile for the new account and returns 0, ExportProfile can be executed to export the current user settings to the future user profile.

Checking the return code of ChangeProfile helps to prevent running ExportProfile when there is no need for both programs to be executed. Running ExportProfile in this case guarantees all the users will have their profiles updated.

The setting of two keys in the registry does a marking of the execution:

[HKEY_CURRENT_USER\Software\Aelita\RegUtil\ExportProfile]
AttempNumber=Number of last attempt

and

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\
CurrentVersion\ProfileList\TextSID] MiniProfileMigration=2

If the link is successfully changed, the program saves the old link under a new name called ProfileImagePath.BAK. An administrator or a power user could revise this value to locate the unused profiles and clear disk space allocated to them.

Related Documents