Local users migration from windows 2003 to windows 2008 R2 server


When we run server upgrade projects; most often we may not able find the appropriate resource over the Internet or finding them are time consuming. So here I am gathering some common services that IT engineers often need to migrate.

Preparing tools and pre-requisites:

Following steps illustrate migration of local users and groups from windows 2003 to windows 2008 R2.

See the list of attribute that are not supported:

http://technet.microsoft.com/en-us/library/dd379531(WS.10).aspx

Please check pre-requisite from following link:

http://technet.microsoft.com/en-us/library/dd379545(WS.10).aspx#BKMK_install2003

Windows 2008 R2 (destination server).

Add server migration tools feature from server manager from destination  server.
Run CMD as an administrator navigate to following path. (alternatively; run windows server migration tools from Administrative Tools – windows server migration tools)

cd %Windir%\System32\ServerMigrationTools\  (eg. C:\Windows\System32\ServerMigrationTools)

SmigDeploy.exe /package /architecture X86 /os WS03 /path <deployment folder path> (eg. C:\Windows\System32\ServerMigrationTools\SmigDeploy.exe /package /architecture X86 /os WS03 /path Z:\win2k3)

Note: Above process will create a sub folder called SMT_ws03_x86  folder on z:\win2k3 folder (syntax may differ base on your server architecture).

Now copy SMT_ws03_x86  from  destination server (win2008) (z:\win2k3\ folder)  to source server (windows 2003). eg: c:\ SMT_ws03_x86

Windows 2003 (source server).

Run following command from source server (windows 2003) to install (register) windows server migration tools to source server.

C:\SMT_ws03_x86> ./smigdeploy (this will install server migration tool to source server (win 2003) and automatically open power shell windows as below (don’t close the window).  Following export command will create the deployment folder the designated drive:

Export-SmigServerSetting -User <Enabled | Disabled | All> -Group -Path <MigrationStorePath> -Verbose

(eg. PS C:\SMT_ws03_x86> Export-SmigServerSetting –User All  -Group –Path Z:\win2k3) – exporting all users.  Copy the entire z:\win2k3 folder to destination server (win2008 r2)

Back to Destination server:

Now back to destination server (win 2008 r2) and assume you did copy z:\win2k3 folder from source server to destination server c:\win2k3)- contain exported attributes (deployment package) from source server

Now run following command from Windows server migration tools shell window (run as administrator) to import all users and groups.

Import-SmigServerSetting -User  All -Group -Path c:\win2k3 –Verbose

Note: Accounts and groups are with same name which exists in destination server will not be imported. Upon completion of the import command above; it will list down the possible errors, warning and success list.

You may Unregister following tool from source server when done.
SmigDeploy.exe /unregister

Few things to take note:

All imported users accounts will be disabled and user must change password at the next logon option will be selected.

Execute following VB script to clear the selection for  “user must change password at the next logon”.

‘——————–8<———————-
Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000

‘ create network object for the local computer

Set objNetwork = CreateObject(“Wscript.Network”)

‘ get the name of the local computer

strComputer = objNetwork.ComputerName

Set objComputer = GetObject(“WinNT://” & strComputer)

objComputer.Filter = Array(“user”)

For Each objUser In objComputer

lngUserFlags = objUser.userFlags

lngUserFlags = lngUserFlags Or ADS_UF_DONT_EXPIRE_PASSWD

objUser.userFlags = lngUserFlags

objUser.SetInfo

Next

‘——————–8<———————-

Execute following  VB script to enable all disable users except guest but still need to set password for imported users.

‘*************************************************
‘ File:        Enable_Local _User_Accounts.vbs
‘ Lists local accounts and enables all except guest
‘**************************************************

Set objShell = CreateObject(“Wscript.Shell”)

Set objNetwork = CreateObject(“Wscript.Network”)

strComputer = objNetwork.ComputerName

Set colAccounts = GetObject(“WinNT://” & strComputer & “”)

colAccounts.Filter = Array(“user”)

Message = Message & “Local User accounts:” & vbCrLf & vbCrLf

For Each objUser In colAccounts

If objUser.Name <> “Guest” Then

Message = Message & objUser.Name

If objUser.AccountDisabled = True then

Message = Message & ” has been enabled” & vbCrLf

objUser.AccountDisabled = False

objUser.SetInfo

Else

Message = Message & ” is already enabled” & vbCrLf

End if

End If

Next

‘ Initialize title text.

Title = “Local User Accounts By Robiul”

objShell.Popup Message, , Title, vbInformation + vbOKOnly
————–
I have yet to find any windows native tools that can import local users password except commercial tool like Migrator but  I did not try it myself.
http://www.winzero.ca/MSVR-Migrator.htm/

http://www.activexperts.com/activmonitor/windowsmanagement/adminscripts/usersgroups/localusers

Advertisements

About Robiul

Robiul has 15 years of continuous successful career experience in ICT with extensive background in System Engineering, IT infrastructure design, operations and service delivery, managing IT projects / MIS functions for local and multi-national companies with in-depth knowledge of multiple operating systems as well as construct / manage small to medium size Data Center. Proven ability to design and implement medium to semi-large scale LAN/WAN/WLAN and system infrastructures. Academic qualification: Master of Science in Information Systems. Professional certifications are: MCSE, CCNA, ITIL and FoundStone Security Professional, VCP, NetAPP, CISSP etc.
Aside | This entry was posted in Windows and tagged . Bookmark the permalink.

3 Responses to Local users migration from windows 2003 to windows 2008 R2 server

  1. Conor says:

    Thanks for the article.

    When the users are migrated to the new server, what is the password that sets to them?

    Thanks

    • Robiul says:

      you need to enter new password for migrated users either manually or using scripts. but there are many commercial tools available that supports user password migration. eg. tools from Quest.

    • Robiul says:

      Local users password can not be migrated using Microsoft tools, so you need to key the new password for them or let users to prompt for the new password upon login. now you can use script to add a default password to all the imported users. There are some commercial tools available that can allow much simple steps to migrate users with password.

Comments are closed.