How to Migrate Local Profiles to Domain Profiles in 5 Minutes Using Registry Tweak - Windows XP and 7
Don't waste hours using time consuming profile migration tools when you can do it in minutes using a simple registry tweak. This technique can be used to migrate local profiles to domain profiles, as well as domain profiles to local profiles. It simply involves modifying a registry value and changing the permissions on the user directory. In my example, I will be migrating a local profile on Windows XP to a domain profile. This method has also been tested on Windows 7, however, if you are using Windows 7 (turn off UAC), please see the notes at the bottom.
*** Windows 7 - Use this revised tutorial ***
To begin, if you haven't ever logged in with the domain user account, you will need to do that first. The rest of the steps I recommend performing as a domain admin. Log out of the domain user's account and log in as a domain admin, open up Explorer, and browse to the Documents and Settings folder (Windows 7 would be the "Users" folder). Now right click on the local users profile and choose Properties. Click Add to add the domain user to the list of users with permissions. Now select Allow Full Control for the domain user and click Apply:
Click the Advanced button to open the Advanced Security Settings Window. Select the “Replace permission entries on all child objects with entries shown here that apply to child objects” checkbox and click Apply and OK (depending on the number of files in the users directory, it may take a couple of minutes to apply the permissions). Optionally, remove the local user from the permissions list. I recommend removing the local user account, but it is not required.
We will now perform the same actions on the users NTUSER.DAT file while it's loaded in the registry. Go to Start > Run > regedit to open the registry editor. Select HKEY_LOCAL_MACHINE, then open the File menu and choose Load Hive. Now browse to the local users direcotry and load the file NTUSER.DAT. You may have to type the filename “NTUSER.DAT” in the File Name box if you can’t see the file in the directory, due to it being hidden. In my case, this file is located at C:\Documents and Settings\user\NTUSER.DAT (Windows 7 would be C:\Users\user\NTUSER.DAT). It will ask you to give it a name. You can give it any name, as this is only used so you can recognize it under the HKEY_LOCAL_MACHINE key. In my example, I named it “ntuser”.
You will now see “ntuser” as a key. Right click it and select Permissions. Just as before, add the domain user and select full control. Click Apply.
Click Advanced, check “Replace permission entries on all child objects with entries shown here that apply to child objects”. Click Apply and OK.
While the “ntuser” key is selected, open the File menu and select Unload Hive:
That’s it for the permissions. Now we will move on to how to modify the registry. Expand this registry key:
You will find a registry key for each user on this system. If you select each key, under ProfileList, look at the value for ProfileImagePath. It will show you the path to each to the user directory. You will be looking for the key that belongs to the local user. Copy the value from ProfileImagePath for the local user.
Now simply paste that value into ProfileImagePath for the domain user. You should then delete the key for the local user to prevent the local user from logging in. As with any registry modifications, backup the ProfileList key before performing these steps.
That’s it. Restart your computer and log in as the domain user. You will be greeted by the original profile of the local user, including: background, documents, Outlook profiles, programs, start menu, and any other settings.
Notes: I’m not sure why (if you know, please leave a comment), but the saved passwords from Outlook will be lost. Once you open Outlook, it will ask you for your password, so make sure you have any Outlook passwords before you migrate profiles. Also, if you are trying to migrate a domain profile to a local profile, you basically alter the steps listed above accordingly.
For Windows 7, make sure you have UAC disabled. I'm not saying it won't work if you leave it enabled, but I tested it with UAC disabled. If you encounter any of these errors: "NTUSER.DAT This file is in use" or "Registry Editor could not set security in the key currently selected, or some of its subkeys", simply restart the computer and login only as a domain admin to ensure none of the local users resources are in use. Then perform the permission steps again.
If you have any questions or concerns, please leave a comment.