Skip to content

Revert ADMU Migration

Jump to bottom
Joe Workman edited this page Apr 19, 2023 · 1 revision

Reverting Migration / Failed Migration

It is possible to revert an account migration manually. In some cases ADMU migration can fail if interrupted by AntiVirus or through other means. If that's the case after logging into what should be the migrated account, the migrated user can be met with a message stating that Windows "Can't sign into your account"

Screen Shot 2023-04-19 at 12 09 16 PM

If Windows is unable to access the "NTUSER.DAT" file assigned to the account security identifier (SID), a temporary profile will be created. Files or changes saved to this account are removed upon logout.

Screen Shot 2023-04-19 at 12 09 39 PM

Steps to revert Migration

To revert a migration (failed or successful) two files must be renamed and one registry key updated. During ADMU Migration, a backup of the original account user hive files are created:

  1. C:\Users\UserToMigrate\NTUSER_original_2023-04-19-120351.DAT
  2. C:\Users\UserToMigrate\AppData\Local\Microsoft\Windows\UsrClass_original_2023-04-19-120351.dat

This backup step precedes migration steps, if the backup of the original AD user's registry hive isn't made, the ADMU migration will exit before modifying files further. Both of those files represent the registry hive for the original AD User.

Rename Registry Hive Backup Files

The two backup files must be renamed to their original file names to allow the original AD user:

Rename C:\Users\UserToMigrate\NTUSER.DAT -> C:\Users\UserToMigrate\NTUSER_migrated.DAT Rename C:\Users\UserToMigrate\NTUSER_original_2023-04-19-120351.DAT -> C:\Users\UserToMigrate\NTUSER.DAT Rename C:\Users\UserToMigrate\AppData\Local\Microsoft\Windows\UsrClass.dat -> C:\Users\UserToMigrate\AppData\Local\Microsoft\Windows\UsrClass_migrated.dat Rename C:\Users\UserToMigrate\AppData\Local\Microsoft\Windows\UsrClass_original_2023-04-19-120351.dat -> C:\Users\UserToMigrate\AppData\Local\Microsoft\Windows\UsrClass.dat

In these locations only the backup file should be renamed to NTUSER.DAT & UsrClass.dat which windows will reference with the user logs on.

Update Windows Registry Profile list

Open Registry Editor as an Admin Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

Identify the SID of the AD User who was migrated in this screenshot that user's SID is underlined and their ProfileImagePath Circled. Screen Shot 2023-04-19 at 3 36 35 PM

Change their ProfileImagePath to the original location of the user profile, in this screenshot the ProfileImagePath is updated to C:\Users\ChetAtikns. This was the user's home profile path before ADMU Migration.

Screen Shot 2023-04-19 at 3 38 31 PM

Lastly update the new local user SID to point to a null location so that the profileImagePaths are not in conflict. In this screenshot the user SID with .bak denotes that the user profile who was signed in as a temporarily profile, their ProfileImagePath was updated to be C:\Users\null to ensure it's not in conflict with the AD user.

Screen Shot 2023-04-19 at 3 39 49 PM

If unbound from the domain, rebind

Lastly if the system was unbound from AD, the binding should be reinstated to allow the AD user to login.

At this point in time you should be able to login as the AD user using their AD credential set prior to ADMU migration

Screen Shot 2023-04-19 at 3 43 26 PM

Overview

Details

ADMU Deployment Options
Troubleshooting
Support
Clone this wiki locally