Attempting 100 users profile folder migration from one domain to another (different forest, two way external trust setup) and getting error when attempt to log in with a test account that I have migrated and copied user profile folder over.
Error : The group policy client service failed the logon error; access is denied.
Old environment:
Users connect only via RDS. User profiles are roaming. Profiles
are stored on a share on the old domain RDS servers are on old domain.
new environment
Users connect only via RDS. User profiles are roaming. Profiles
are stored on a share on the new domain RDS servers are on new domain.
Used AD migration tool to copy over user ids and groups.
did not use SID migration as dont have auditing set up in the old domain.
user roaming profiles load / work ok in both the old and new domain when using new
accounts in both domains. thus permissions and gpo are set ok.
roaming profiles are working fine in the old domain.
Only issues is after trying to copy the profiles to the new domain.
Copied over user folders to new share on new server in new domain.
Used
xcopy /d /e /v /c /i /h /r /k /x /y \\old_share\Shares\Profiles\\new_share\Shares\Profiles
changed the permission to the folders with subinacl /noverbose /subdirec "\\new_share\Shares\*.*" /changedomain=old=new
renamed the user folders in the new location so that userid.olddomain.v2 is now correct ; userid.NEWdomain.v2
user profile location is set via AD GPO .
checked all permissions to \\new_share\Shares\Profiles and they are appear correct
no errors in event logs.
if i delete the \\new_share\Shares\Profiles\userid folder I can log in ok and get roaming profile created ok with userid.
Thus i suspect a permissions issue after the folder copy.
not sure where to go here.
all servers are 2008 r2.
domain controllers in old domain are running at functional level of windows 2000
in new domain running at functional level of windows 2008
I renamed the ntuser.pol and ntuser.dat .
no help. they got recreated ok but couldnt connect still.