Re-joining Windows XP pro to Domain

dfotiadis · Guest

Hey all. I have this problem.

Windows NT4 Primary Domain Controller crash.
No Backup Domain Controller.
No Backup media to rebuild the PDC.

Build new Windows 2003 Server with Active Directory.
Re-create all Domain Users with default settings.

Re-joining computers (Windows XP pro) to the Domain by changing membership
to Workgroup and back to Domain. The new Domain has the same name.

First time a User Logon to the Domain, creates new user profile on the
Windows XP client with default Domain Users Privileges and new Document and
Settings folder with the name: user.DOMAIN.000.

To give users full privileges to their own computers, I logon to each
computer as Local Administrator and from the Control Panel>User Accounts
select the nearly created user and change Group Membership to Other:
Administrator.

Next I reboot the computer in Safe Mode and copy all Folders from
C:\Documents and Settings\user.DOMAIN to C:\Documents and
Settings\user.DOMAIN.000
(except the files NTUSER.DAT, ntuser.ini, ntuser.dat.LOG)

Next time the User logon do the Domain he has back his old profile settings.

And I thought that the nightmare is over.
But it had just begun.

Afterwards, users begin to disclaimer that they can’t open some files and
gets Access Denied when the tries.
When I look closer to the problem I discovered that thousands of Files and
Folders have the Encrypt Attributes set and I can’t unselect it. The user
unsure me that he newer used encryption on his computer.

The Encryption Details of the File shows that the nearly created
user[user@DOMAIN] with his Certificate Thumbprint exist in the “User Who Can
Transparently Access This File:” field and I can add both Local Users and
users from the Domain to the list, but non of them can decrypt the Files or
unselect the Encrypt Attribute.
I notice that the “Data Recovery Agent For This File As Defined By Recovery
Policy” field is empty.

Any help is greatly appreciated.