One thing I’ve found is that some data migration utilities such as USMT 4.0 fail in certain scenarios. This can cause user backup or restore to fail.
Some scenarios that cause issues:
- When a user profile registry key has been removed, the relevant user profile folder will not get backed up. This may not be an issue as the user could not logon with that profile in any case. But sometimes bizarre things happen like user has new profile and was accessing data from an old profile via a Desktop Shortcut. (You should never have this state, but yes I’ve seen it. I didn’t do it) Typically not an issue, but something to be aware of.
- When users have been migrated to a new domain, and username was same in previous and old domain, and the old domain profile still exists on the PC, and no DCs from old domain contactable. In this case USMT will backup data successfully but fail to restore data with an error like this:
[0x000000] Invalid user mapping: username -> S-1-5-21-2653292272-867113950-848626192-1402[gle=0x00000006]
- When a domain SID cannot be resolved. This can happen when logged on as a local account and the network connection to relevant domain is not connected to machine. Connecting machine to the network will immediately resolve this issue.
To assist identify the root cause of this type of issue I made a simple console .exe, available with C# source code here:
Just run the tool and it will report SID resolution and/or profile issues. This can be run as standard user, it does not require admin privilege:
Checking profiles in registry…
Profile Path: C:\Windows\system32\config\systemprofile
Profile Path: C:\Windows\ServiceProfiles\LocalService
Account Name: NT AUTHORITY\LOCAL SERVICE
Profile Path: C:\Windows\ServiceProfiles\NetworkService
Account Name: NT AUTHORITY\NETWORK SERVICE
Profile Path: D:\Users\malcolmm_sup.testname
Account Name: testdomain\malcolmm_Sup
Profile Path: D:\Users\malcolmm_sup
Account Name: testdomain\malcolmm_Sup
note: above scenario two user accounts are SAME, but SID is different. Use the SID prefix to find out which is the old domain. I.e. in this case I know it is S-1-5-21-2047200006-2327669565-1480420199. Due to the old domain being decommissioned, but SID history enabled both SIDs are now resolving to the same user account. This causes USMT restore to fail.
Profile Path: D:\Users\malcolmm
Account Name: testdomain\malcolmm
Profile Path: D:\Users\svc_W7soe_mgmt
Account Name: testdomain\svc_w7soe_mgmt
Profile Path: D:\Users\desktopadmin
Failed to retrieve username for SID S-1-5-21-3225382612-1001891589-4274512590-1000. Error message: Some or all identity references could not be translated.
Profile Path: D:\Users\DesktopAdmin3
Failed to retrieve username for SID S-1-5-21-3225382612-1001891589-4274512590-1052. Error message: Some or all identity references could not be translated.
Profile Path: D:\Users\DesktopAdmin3.PC-120560
Account Name: PC-120560\DesktopAdmin3
Profile Path: D:\Users\Administrator
Account Name: PC-120560\Administrator
Profile Path: D:\Users\DefaultAppPool
Account Name: IIS APPPOOL\DefaultAppPool
Checking profiles folder ‘D:\Users’…
Profile ‘D:\Users\malcolmm.old’ doesnt exist in registry.
Profile ‘D:\Users\malcolmm_Sup.old’ doesnt exist in registry.
Profile ‘D:\Users\TEMP.testdomain’ doesnt exist in registry.
BROKEN PROFILES ON THIS PC
Ignoring well known SID ‘S-1-5-18’ Profile ‘C:\Windows\system32\config\systemprofile’
Ignoring well known SID ‘S-1-5-19’ Profile ‘C:\Windows\ServiceProfiles\LocalService’
Ignoring well known SID ‘S-1-5-20’ Profile ‘C:\Windows\ServiceProfiles\NetworkService’
Profile in ‘D:\Users\desktopadmin’ with SID ‘S-1-5-21-3225382612-1001891589-4274512590-1000’ has following issue: Can’t resolve SID to a user name
Profile in ‘D:\Users\DesktopAdmin3’ with SID ‘S-1-5-21-3225382612-1001891589-4274512590-1052’ has following issue: Can’t resolve SID to a user name
Profile in ‘D:\Users\malcolmm.old’ with SID ” has following issue: User profile does not exist in registry
Profile in ‘D:\Users\malcolmm_Sup.old’ with SID ” has following issue: User profile does not exist in registry
Profile in ‘D:\Users\TEMP.testdomain’ with SID ” has following issue: User profile does not exist in registry