[IMPORTANT] Please note that this site will be disabled on October 31. In it's place, the new JumpCloud Help Center is live! Check it out here!

Support Center

Converting Windows System Active Directory Domain Accounts to Local User Accounts

A Windows machine bound to an Active Directory domain can have two types of user accounts, domain user accounts and local user accounts.  When a Windows machine is removed from an Active Directory domain, the local accounts are the only ones available for login on the system after the domain leave.

Migrating a Windows machine to JumpCloud from Active Directory is a two-step process. 

The first step involves account migration, where the ProfWiz utility is used to migrate the profile from the domain account to a new local account.

After the profiles from the domain accounts are migrated to local accounts, the system migration step, involves leaving the Active Directory domain and installing the JumpCloud agent.

The following sequence diagram gives an overview of the migration process using the JumpCloud AD Migration Toolkit

JumpCloud gives administrators a curated set of migration scripts and utilities for completing the two-step process of migrating an Active Directory domain bound machine and its user accounts to JumpCloud.

Important: The following procedure shouldn't be completed while logged into an account you intend to migrate. Perform the following procedure from a separate admin account.

To convert domain accounts to local accounts using the Active Directory Migration Toolkit

  1. Download and unzip the JumpCloud AD Migration Toolkit on each computer you intend to migrate.
  2. Right click on the AccountMigration.bat file and select Run as administrator.
  3. A PowerShell interactive prompt will launch. Enter the desired local account username for the migration user account. 
      • The AccountMigration.ps1 script will create a new local user with the username provided and then download and launch the Profwiz utility. See the PowerShell commands used in this script
  4. The User Profile Wizard installer will launch. Click Install.

    Note: Though JumpCloud recommends using ForensIT to assist with migrations of users off of AD to local accounts, know that this is a third-party tool that isn’t supported by JumpCloud and may not work in all scenarios and environments.

    • After the installer completes, select the Launch User Profile Wizard Personal Edition option, then click Finish.
  5. The User Profile Wizard will launch. Select the domain account to migrate from the profile list. Domain accounts start with a SID number "S-1-5-XX".
  6. Select the computer name.
      • Enter the account name entered in Step 3 in the Enter the account name: field. 
      • Important: Don't select the Join Workgroup option. We will be migrating the domain system at a later time. 
  7. The User Profile Wizard will migrate the profile from the domain account to the new local account. WAIT UNTIL THE MIGRATION PROCESS FINISHES. The process is complete when the Wizard shows "Migration Complete!"
      • Click Next. The system will restart to complete the migration.
  8. Log into the new local account. The password for the new account created by the AccountMigration.ps1 is "Temp123!". This can be modified by changing the $Password variable in the AccountMigration.ps1 script.
      • After logging in on Windows 10, the applications installed via the Windows 10 App Store will update. This is expected behavior.
Find the full workflow for domain to user account migration process using the JumpCloud Migration Toolkit in the sequence diagram below.

See the following KBs for information: 

Last Updated: Jul 18, 2019 02:28PM MDT

Related Articles
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
Invalid characters found