Tuesday, November 30, 2010

VPN User Migration Challenge and Cached Credentials

One of the challenges you might run into during the user and computer migration is the VPN or offsite user migration. Most of these users will be using their Cached Credentials to log into the Domain.  These Cached Credentials won’t be available after the domain membership change. So users won’t be able to login after the computer migration. I have seen many articles and blogs talk about caching the target credentials prior to the computer migration using Runas command, running a Schedule job, Creating a custom service using the target account etc. I have tested many of these options in the lab but none of these option would work because the Cached Credentials will clear from the registry after the Domain membership change.

As you can see in the following screenshot, I have all the Cached Credentials before the migration:


After the domain membership change, these values will get cleared from the registry as shown in the following screenshot:


However, when you move a computer to a Workgroup, the Cached Credentials won’t get cleared.

Here are some of the workarounds or options for migrating VPN users if they can’t come into the office during the migration.


If you are using Microsoft VPN client, You can use Log on using dial-up connection option as shown in the following screenshot:


This option will establish a VPN connection prior to the domain login process. Most of the third party VPN software has this functionality.  You might need to enable this option. 

Option #2

You can also create a local user account on the workstation and login locally using this account after the computer migration.  Then establish a VPN connection and access a resource using the target account (runas /user:targetdomain\targetuser notepad.exe) .   This process will cache the credentials in the registry.  But you need to provide the local user account information to the user and you need to make sure the VPN software is configured for all user profiles including local user profiles.

Option #3

Most of the third party migration tools provide VPN user migration functionality. The Microsoft ADMT doesn’t have this functionality. So you have to use one of above mentioned options.

Other Related Articles:

Active Directory Migration Using ADMT - http://www.sivarajan.com/admt.html

Computer Migration - Things to Consider - http://www.sivarajan.com/cm.html

User Account Migration and Merging Using ADMT - http://www.sivarajan.com/


Great article! I'm really appreciated for it. As soon as I get back home from Las Vegas trip https://worldcams.tv/united-states/las-vegas/strip (visiting local casinos and the Grand Canyon was my dream) I'll study it more precisely.

The effectiveness of IEEE Project Domains depends very much on the situation in which they are applied. In order to further improve IEEE Final Year

Project Domains practices we need to explicitly describe and utilise our knowledge about software domains of software engineering Final Year Project

Domains for CSE
technologies. This paper suggests a modelling formalism for supporting systematic reuse of software engineering technologies

during planning of software projects and improvement programmes in Final Year Projects for CSE.

Software management seeks for decision support to identify technologies like JavaScript that meet best the goals and characteristics of a software

project or improvement programme. JavaScript Training in

Accessible experiences and repositories that effectively guide that technology selection are still lacking.

Aim of technology domain analysis is to describe the class of context situations (e.g., kinds of JavaScript software projects) in which a software

engineering technology JavaScript Training in Chennai can be applied successfully

The Angular Training covers a wide range of topics including Components, Angular Directives, Angular Services, Pipes, security fundamentals, Routing,

and Angular programmability. The new Angular TRaining will lay the foundation you need to specialise in Single Page Application developer. Angular Training

Post a Comment

Popular Posts


Twitter Delicious Facebook Digg Stumbleupon Favorites More