|Subject:||Re-joining Windows XP pro to Domain|
|Posted by:||dfotiadis (dfotiad…@discussions.microsoft.com)|
|Date:||Mon, 25 Dec 2006|
Hey all. I have this problem.
Windows NT4 Primary Domain Controller crash.
No Backup Domain Controller.
No Backup media to rebuild the PDC.
Build new Windows 2003 Server with Active Directory.
Re-create all Domain Users with default settings.
Re-joining computers (Windows XP pro) to the Domain by changing membership
to Workgroup and back to Domain. The new Domain has the same name.
First time a User Logon to the Domain, creates new user profile on the
Windows XP client with default Domain Users Privileges and new Document and
Settings folder with the name: user.DOMAIN.000.
To give users full privileges to their own computers, I logon to each
computer as Local Administrator and from the Control Panel>User Accounts
select the nearly created user and change Group Membership to Other:
Next I reboot the computer in Safe Mode and copy all Folders from
C:\Documents and Settings\user.DOMAIN to C:\Documents and
(except the files NTUSER.DAT, ntuser.ini, ntuser.dat.LOG)
Next time the User logon do the Domain he has back his old profile settings.
And I thought that the nightmare is over.
But it had just begun.
Afterwards, users begin to disclaimer that they canâ€™t open some files and
gets Access Denied when the tries.
When I look closer to the problem I discovered that thousands of Files and
Folders have the Encrypt Attributes set and I canâ€™t unselect it. The user
unsure me that he newer used encryption on his computer.
The Encryption Details of the File shows that the nearly created
user[user@DOMAIN] with his Certificate Thumbprint exist in the â€œUser Who Can
Transparently Access This File:â€ field and I can add both Local Users and
users from the Domain to the list, but non of them can decrypt the Files or
unselect the Encrypt Attribute.
I notice that the â€œData Recovery Agent For This File As Defined By Recovery
Policyâ€ field is empty.
Any help is greatly appreciated.