Move Windows accounts and settings to OpenLDAP

OK, if you currently have no Directory service architecture, then your going to need to create accounts in OpenLDAP for each of your users.

Dependant on your OS, your profile data will either be in c:\Documents and settings or C:\Users. When you logon with the Open LDAP account it will create a new profile for that user in this directory. You will then need to copy the profile data you want (My Documents, Local App data etc) from their old account to the new one.

You will want to try this with some test accounts first to make sure everything works as you expect, you may have some custom applications which don't work properly after the move or other issues.

This document explains the process for copying a users profile. It refers to corrupted profiles, but works for non-corrupted ones too!

You could also look at using the file and settings transfer wizard to move the data, which essentially does the same thing, but in a wizard.


Are you saying you're migrating from Active Directory to an OpenLDAP server? Without an AD guru who happens to be well versed in LDAP on staff you may be asking for issues, depending on the size of your infrastructure. Also if you're running Exchange you will most definitely want to reconsider dumping AD, or if you're using AD for DNS integration.

Basically MS made AD to work with Windows and Windows integrates with AD, so any deviation is like fitting a round peg into a square hole. I've heard stories of certain aspects of authentication that work with LDAP like password and username verification to work but other things are left hanging.

Plus there's no guarantee that MS won't revise their authentication code so that your LDAP integration won't break.

The closest I found to trying to get alternative authentication on Windows to work with minimum headache was the PGINA project, and I don't know how well that works anymore or how active it is.

Depending on your staffing and headache tolerance, if I were having to use Windows mixed with Mac/UNIX, I'd look at virtualizing AD servers (or maintaining AD servers) and creating a Mac OpenDirectory server to handle the other systems or integrating the Macs and UNIX systems with Active Directory. Really depends on your current situation though as to how well it works, but if your head people rely on Windows or "only know" windows or your primary use on the network is Windows based, I've heard plenty of headaches stemming from trying to use something other than AD for a primarily Windows-centric network.