Windows 7 - Migrate Local Profiles to Domain Profiles in 5 Steps and 5 Minutes Using Registry Tweak

Printer-friendly versionPDF version
Windows 7 Profile Migration

Don't waste hours using time consuming profile migration tools when you can do it in minutes using a simple registry tweak. This technique can be used to migrate local profiles to domain profiles, domain profiles to local profiles, and domain profiles to domain profiles. It simply involves modifying a registry value and changing the permissions on the user directory and registry hives. In my example, I will be migrating a local profile on Windows 7 to a domain profile. My local user's account name is "user" and my domain user's account name is "tuser". The local user is part of the Local Administrators group. The Domain User is not part of the Local Administrators group, but it won't matter if it is (This tutorial was tested with UAC turned off.) If you or your company finds this tutorial useful, helpful, or time saving, please consider making a donation with the paypal link on the right. This helps with the authors time and hosting bills. Thanks

This has been tested on many production and test environments. In our test environment, here is a list of customizations and software installed and configured on the local user's account:

  • Microsoft Outlook (Outlook Anywhere Account)
  • Microsoft Outlook (POP Account)
  • Google Chrome (All user version and user directory version)
  • Microsoft Office
  • Personalized profile (Custom background, Desktop Shortcuts, Favorites, Start Menu and Taskbar)

***PLEASE NOTE***

It is important to note that after you migrate the profile, the saved passwords in Outlook will be lost. This is not a big deal because Outlook will prompt you to enter the password when you launch it (and you do remember your email password, right???). You can use a tool like SIW.exe to retrieve the email passwords before you migrate. You should not receive any errors during or after these steps. If you do, leave a comment and we can try to help. If you are seeking professional remote or on-site support with this, we offer support as an hourly or project charge, depending on your setup. Contact us at support at itswapshop dot com for more info.

I have simplified the entire process into 5 easy steps. I also have a much longer step-by-step guide with pictures below. If this is your first time, I recommend following the full guide. If you are looking for a refresher, follow the quick guide.

Quick Guide - 5 Step Local to Domain Profile Migration:

  1. Join to Domain, restart, and then login as local user.
  2. Grant full permission on c:\users\local_user to domain user and make sure to check "Replace all child object permissions with inheritable permissions from this object".
  3. While still logged in as local user, open regedit and grant full control on the HKEY_CURRENT_USER key to domain user. Make sure to check "Replace all child object permissions with inheritable permissions from this object".
  4. Expand HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList. Each key here is associated with a user account on this computer. Go through each key and look at the "ProfileImagePath" string. Find the string for the local user and copy it. Paste it into the same string for the domain user. Now delete the entire key for the local user under the ProfileList key.
  5. Restart and login as the domain user.

It's as simple as that. If you want more details, here is the full guide:

Full Guide - Migrate Local Profile to Domain Profile in 5 Minutes:

1.) To begin, join the computer to the domain, reboot, and login as the local user (if you're not sure how to login as the local user after it's been joined to the domain, add the .\ prefix to the local users account name).

2.) In Explorer, right click on c:\users\local_user and choose properties. On the Security tab, click advanced:

Windows 7 Profile Migration 1

3.) On the permissions tab, click Change Permissions. Click Add and enter the domain user account name (Since you are logged in as the local user, you need to provide domain admin credentials to assign the domain user full control permissions. Enter the domain admin credentials and click OK):

Windows 7 Profile Migration 2

Windows 7 Profile Migration 3

Windows 7 Profile Migration 4

4.) Check Allow Full Control and click OK. Only check "Replace all child object permissions with inheritable permissions from this object" and click OK again. Click Yes on "This will replace explicitly defined permissions on all descendants of this object with inheritable permissions from local_user". Click OK on the "Advanced Security Settings for local_user" window and then on the "local_user Properties" window.

Windows 7 Profile Migration 5

Windows 7 Profile Migration 5.1

Windows 7 Profile Migration 6

Windows 7 Profile Migration 7

Windows 7 Profile Migration 8

5.) Hold down the Windows Key and press "R" to open the run box. Type "regedit" in it and click OK:

Windows 7 Profile Migration 9

6.) Right click on HKEY_CURRENT_USER and choose permissions. On the Security tab, click Advanced

Windows 7 Profile Migration 10

Windows 7 Profile Migration 11

7.) On the Permissions tab, click Add. Enter username of domain user and click OK (Since you are logged in as the local user, you need to provide domain admin credentials to assign the domain user full control permissions. Enter the domain admin credentials and click OK):

Windows 7 Profile Migration 12

Windows 7 Profile Migration 13

8.) Check Allow Full Control and click OK. Only check "Replace all child object permissions with inheritable permissions from this object" and click OK. Click Yes on "This will replace explicitly defined permissions on all descendants of this object with inheritable permissions from HKEY_CURRENT_USER". Click OK on the Permissions for HKEY_CURRENT_USER window:

Windows 7 Profile Migration 14

Windows 7 Profile Migration 15

Windows 7 Profile Migration 16

Windows 7 Profile Migration 17

9.)  Expand the "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList" key (I recommend right clicking on the ProfileList key and clicking export to make a backup of it). Each Key under ProfileList corrosponds to a user account. If you select one of the keys, the Value of the String "ProfileImagePath" will show you what user account it is for. Find the local user and the domain user keys:

Windows 7 Profile Migration 18

10.) For the local user's key, copy the ProfileImagePath String value, and paste it into the ProfileImagePath String Value for the domain user:

Windows 7 Profile Migration 19

11.) Right Click on the local user's key and click Delete. Click Yes to confirm the deletion:

Windows 7 Profile Migration 20

12.) You are finished. Restart and login as the domain user.

Do I have to delete the local user's key if I need to switch accounts betweeb local and domain?

If you want to switch between being a local and domain user (I can't think of a reason you would want to), then I recommend backing up the "ProfileList" key before and after do the migration. You would still delete the local users key, but if you needed to go back to being a local user account, just restore the "before migration" registry backup. Then when you want to go back to being a domain user, restore the "after migration" registry backup.

Hi, this is because there some restrictions under domain account, therefor I need to switch.
"before migration" registry backup, do you mean only the ProfileList key of the original local account? or I also need to backup the domain account which I altered?

Do I have to delete the local user's key if I need to switch accounts between local and domain?

This is really helpful.

It mostly works for me (on a Windows 8 slate) except I get a crash in Internet Explorer Control Panel when exiting Internet Explorer (IE 10)

My IE config is set to delete all cached files on exit, and with some judicious changing of options, it is the deletion of "Cookies And Website Data" option that causes the error (does not occur when unchecked). Seems to point to some sort of permissions problem somewhere in the IE browser cache. Have dug around and changed a few things but the problem does not go away.

Problem signature:
Problem Event Name: APPCRASH
Application Name: rundll32.exe_inetcpl.cpl
Application Version: 6.2.9200.16384
Application Timestamp: 50109cdd
Fault Module Name: Flash.ocx
Fault Module Version: 11.3.378.5
Fault Module Timestamp: 50bdbb8b
Exception Code: c0000005

Also, just an observation, but I think that the bulk setting of the permissions on the local users profile overwrites the read permission for "NT Service\WMPNetworkSvc" on any Music folders that have been shared in WMP so would make the files invisible to the WMP sharing service and so not visible to other PCs / media devices.

Tried resetting the IE settings, and fiddling with the WebCache permissions, neither worked.

The problem only went away after I de-installed and reinstalled IE10

Thanks, I plan on doing some in-depth testing of this method on Windows 8 in the future. I will post a revised tutorial when I do.

Do you have to log in as the domain user before you start the process? When I expand HKEY_LOCAL_MACHINE down to the profile list, I can't find a profile for the domain user, only for the local users.

Yes, Step 1 of the 5-Step guide should be this:

Join to Domain, restart, login as domain user, restart and then login as local user. 

I used RunAs from a CMD prompt to start an arbitrary application as the domain user while logged in as the local user. This created the domain user's profile folder and ProfileList subkey...no multiple login required

Thanks for the tip. This should make the process even quicker!

Wonderfull mate! this works perfect for windows 8!!

I suppose that for migrating domain profile to a local profile a should do a reverse procedure? I tried but it didn`t work. As a result I ve got the domain prifile looks like local and other way around. Please advice what should I do to make this work?

I want to create local user profile from domain user profile. I dont have connection to the domain but I have domain admin password. After I do that I want to unjoin coputer from the domain. Never mind the replication, network drives etc. I only need all applications and their settings, e mail account and data to be reachable...

Thanks in advance

Regards,

Lazar

This method should work if you reverse the local/domain user order, as long as you follow it exactly. If you have any trouble with it, check out this older tutorial for XP:

http://itswapshop.com/tutorial/how-migrate-local-profiles-domain-profiles-5-minutes-using-registry-tweak-windows-xp-and-7

There were problems with it on Windows 7, so this newer tutorial was written to correct the issues. The older tutorial may help you out in your situation.

I've done this several times, but got stuck on a permissions issue. For some reason it's not setting the permissions for my domain user on the App Data hidden file or any subfolder for that matter during step 2 of the quick steps. I had to manually edit the permissions for each subfolder and set the domain user to full control in order for it to take effect. I could see it working when I did it your way, but when I double checked it, nothing was getting set. Very weird, but once I manually overwrote the permissions, everything was golden.

Thanks, I will go back over it in my test environment and see if I can find the problem.

On Step 6, what do I do if I am accessing the Registry from the local Admin account? Do I still edit the properties on HKEY_CURRENT_USER even though the current user is my admin account, not the local profile that I am changing into a domain profile? There are issues that prevent me from logging on as the local user.

No, you only edit HKEY_CURRENT_USER if you are logged in as the local user's profile that you are trying to covert to a domain profile. If you can't log in as the local user, you can take a look at this older tutorial for XP:

http://itswapshop.com/tutorial/how-migrate-local-profiles-domain-profiles-5-minutes-using-registry-tweak-windows-xp-and-7

It shows how to load the users ntuser.dat and usrclass.dat files without being logged in as that user. But you will likely have issues if you do it this way. This older tutorial wouldn't work right on Windows 7, so I revised it using the methods outlined here. If it's just an issue of you don't have the password to login, or they aren't there right now, I suggest waiting on them to give you the password so you can follow the tutorial.

The main issue is that explorer crashes whenever I log into their local user account, and I'm using this as a last ditch effort to see if I can save their data.

Will this procedure work with moving a profile from one domain to another?

Yes, but in addition to this tutorial, you may want to take a look at this tutorial for XP. It shows how to change the permissions on the ntuser.dat & usrclass.dat files from another user account.

Thanks for the posting. In my case a domain user account had been deleted and then recreated using the original username. I still had a copy of the data profile files for the original user profile and came across the "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList" fix described in microsoft's KB947215. But although all the security permissions for the files and sub directories in "C:/user/username/"were updated correctly with the new userID, the recreated user could not access anything.

It was your reference to granting full control on Advanced security settings on HKEY_CURRENT_USER key to the domain user that was the fix.In my case the domain user existed, and I needed to elevate them to administrator before updating the HKEY_CURRENT_USER key, but after that all was well. Thank you.

Hi, thanks for this very useful tutorial!
I've some question about it. Starting from XP tutorial, and comparing with this Win7 tutorial, I'm asking myself:
1) why is no more needed to take ownership of the user folder and then give it back to SYSTEM??
2) changing user permissions on HKEY_CURRENT_USER registry key (and childs) is the same to load hives from ntuser.dat and usrclass.dat and change manually permission on both?
3) changing permissions from inside regedit on HKEY_CURRENT_USER is *NOT* the same that changing permission on filesystem for files ntuser.dat and usrclass.dat, right?

Thanks

If in step 4 I copied the "ProfileImagePath" string to the "Default" profile, it would then clone that profile to any new profiles created on that machine right? Both local and Domain?

Thank you for this helpful guide.

I'm in the process of adding new machines to a domain at a remote office. Some of these machines are stand-alone and others are members of a soon-to-be-retired legacy domain.

Is a local account a necessary intermediate step for allowing a new domain's user account access to the user account and profile settings of the old domain?
(e.g. Give local access to old domain account -> remove PC from old domain -> add PC to new domain -> add new domain user -> give new domain user rights to local account -> new domain user has access to old domain account profile, data, etc.)

Doesnt work on windows 8 windows store apps dont work and log on issues with taksbar and desktop

Post new comment