Convert Profile
Introduced in version JumpCloud ADMU v1.5.0 there is now an added feature to 'convert' the user profile. This will do the following:
- Redirect new local account to previous domain profile
- Keep AppData and profile data intact
- Register original user UWP windows apps to new user
- Give new user access to previous domain profile's registry
- (optionally and recommended) create a backup of the system using the
Checkpoint-ComputerPowerShell command
At a high level, the difference between Migration and Conversion is copying data vs updating pointers. Migration (the default behavior if "Convert Profile" is not selected) will make a copy of the user's data and AppData (only if specified using USMT Custom XML). By contrast, the "Convert Profile" feature will create a net new user account and point to the selected domain account for login. The selected domain user's profile is left intact, their preferences, AppData and general personalizations should remain after conversion.
- Not require storage space to duplicate the domain profile.
- Much faster performance vs "Account Migration" as "Conversion" Migrations.
- AppData stays intact, no required custom xml to target AppData folder.
- The convert process does NOT require a healthy secure channel on a system, this means the system can be offline from a DC for past 30 days and you can still convert the profile.
- The C:\Users\USERNAME\ directory is also updated to the new username to match the username.
- Ability to target user session on first logon after profile conversion via scripts
By selecting the 'Convert Profile' checkbox the ADMU will not utilize the USMT. You can still choose to install the JCAgent, leave the domain and force a reboot.
Select a domain profile and enter the new local account username in the text-box. The temporary Local account password will be used until the new account is bound to JC via the console.
Users on systems with a 'broken secure channel' can be converted using the ADMU "Convert Profile" feature by identifying the user's SID. The System account could also show as a SID if it can't be resolved by the local cache on the system, in that case you can still see the 'local path' to identify the profile you are converting.
Default applications still reset to their default settings, there may be a way to pass user application settings for default application preferences but there may be additional work and pathfinding before we can implement this.
After converting an account with the ADMU, the conversion process to get the account and it's data back to a directory account is currently completely manual. In the first pass at account conversion, we will allow both the duplication or conversion of domain profiles. As we develop further the conversion process and add the ability to roll back, this conversion process may eventually take over the duplicate ability and allow for a simplified UI.
- Logon 'splash screen'.
- Sign in and JC bind to user after conversion and during logon.
- Improve registry conversion time.
- Further ability to rename, redirect local and domain profiles on the system.
- potential to reverse the account to the domain state.
In windows 10 the default behavior of system restore is such that system restore points can only be created once per day. If you've run system restore on a given day and tell the ADMU to create a restore point, it will error out. Similarly if, system restore is disabled on your system, this feature will not work.
