Transfer an account from a 'dead' domain

So - following from my previous question: How do I stop DFSR replication preventing a Domain Controller from advertising Domain Services?, I lost the FSMO DC, and my only other DC was in an unrecoverable state.

I've created a new domain to continue my testing, but now have an issue which I suspect is relevant to any domain suffering a "catastrophe".

I have user accounts and client PCs "on the old domain". (Actually 1 client PC and 3 accounts)

I can still sign into the client PC as any of those users on the "dead" domain, because that is cached.

There are (thankfully) no encrypted files in the "old" domain.

What I would now like to do is migrate the full content (files, preferences, etc) from the "dead" domain to the new "live" domain for any/all user accounts, for the "old" PC.

Is there anything out there which can assist me in doing so?


USMT, which is part of the WinAIK


To make this as painless as possible, you will need to restore at least one of the Domain Controllers from a backup. Hopefully you do have backups, since this is about a failed Domain Controller, which is the cornerstone of your AD infrastructure. If you can't do this, you're going to have to recreate almost everything manually on the server-side (or at least with a lot of manual interation).

Once you can prop up a DC from backup for the old domain, you will then have to use ADMT to migrate the old users/computers/servers to the new domain. This tool will transparently translate NTFS and share permissions on the old servers/workstations/user profiles to their corresponding objects in the new domain. All that you need are credentials in both domains and a server to run ADMT from.

If you can't get at least one working DC, you're going to have to manually copy and set permissions for all of your workstations and servers. The User State Migration Tool might make the local profiles less painful for you, but any server NTFS ACLs will have to be scripted or done by hand.