Ditching Small Business Server? Use USMT to convert to local accounts

The User State Migration Tool is quite useful when managing user profiles & accounts on your PCs during an operating system migration or upgrade – especially if you have lots of devices to work with. Documented features show you how to switch user profiles between domains – useful when consolidating your Active Directory domains, for example. What about cases when you’re ditching your local infrastructure in favor of all things cloud?

Microsoft’s documentation doesn’t say anything about converting from a domain account to a local account – and yet it’s possible. Here’s how you do it.

First collect your “user state”. To speed up the process, you can use the /hardlink and /nocompress options like so:

Scanstate.exe %temp%\store /i:miguser.xml /i:migapp.xml /hardlink /nocompress /l:%temp%\store\save.log /progress:%temp%\store\save_progress.log /o /ue:*\* /ui:DOMAIN\username

Let’s break down the statement above.

  • %temp%\store specifies that the collected user state should go to the temporary folder, in the store subfolder
  • /i:miguser.xml /i:migapp.xml provide configuration files to move files and settings
  • /hardlink specifies that the source files shouldn’t actually be moved. We can do this because we’re not actually switching PCs for the user, so there’s no need to move profile data. Instead, scanstate simply builds a catalog of files to include when reloading the data into the new profile
  • /l: and /progress: switches specify where to save log and progress log files
  • /ue:*\* tells scanstate to exclude all user profiles from the process. Why? Because we’re going to explicitly call for the profile we’re interested in next
  • /ui:DOMAIN\username is explicitly telling the migration tool to copy ONLY the DOMAIN\username profile. You can use multiple /ui switches if you want to.
  • /o tells the tool to overwrite whatever’s in that store directory. We don’t need to use it, but if you had a failed run, this will ensure a clean slate. Don’t do this on a shared store :).

Once this operation completes, you can create the new local profile by running the following command:

loadstate.exe %temp%\store /i:miguser.xml /i:migapp.xml /hardlink /nocompress /l:%temp%\store\load.log /progress:%temp%\store\load_progress.log /ue:*\* /ui:DOMAIN\username /lac:NewPassword /lae /mu:DOMAIN\username:%computername%\username

Let’s break this one down too (skipping switches that are the same):

  • /lac:NewPassword – specifies that loadstate should create a new Local Account with the password of NewPassword. If you don’t specify NewPassword, the new local account will be created without a password
  • /lae – specifies that the new local account should be enabled. If you don’t use this switch, it’ll be created, but disabled
  • /mu:DOMAIN\username:%computername%\username – this is the magical conversion dust. It’ll switch the account from being a domain account in the DOMAIN domain, to a local account belonging to the %computername% computer. If you’re running this as part of a script, you can just leave %computername% to automatically substitute the actual PC name at run-time.

When this operation completes, your new user profile will be created, data migrated, and now you’re ready to remove this PC from the domain. Note that Outlook email settings aren’t migrated this way, so you’ll need to reconnect Outlook to (presumably) Office 365. Also, default migration files don’t include things like Google Chrome bookmarks, so you’d need to manage that transition separately.

Going into the details for USMT is beyond the scope of this post, but if you’d like a guided tour, check out the Curah! collection that puts it all in one place.

Got questions? Looking to migrate from the soon-to-expire Small Business Server? Give me a call – 1-484-558-0404 or create a support request with MSOnlineHelpdesk.com!