Our company (a small web firm) will soon me migrating from a workgroup-based environment to a domain-based environment (Windows Server 2008). Some of our team members (myself included) work mainly from our laptops and have a lot of private stuff (applications, documents) installed.
Currently, this is not really a problem, since we can use a single local account to logon to the system. What I would like to avoid as much as possible is having to reinstall and reconfigure 90% of the settings and maybe even installing the same application twice on the same system, simply because it has not been installed for the newly created domain user.
We have not had much experience with Domains so far and I find it pretty hard to come up with simple, yet detailed information and answers.
What is the best approach to doing this migration?
There is already a question regarding workgroup --> domain migration but it does not really go into much detail about the actual workstation configurations and things to keep in mind from the end-user's viewpoint.
Any advice would be appreciated.
Joining your client computer(s) to the domain won't take away the ability for you to continue logging-on as the local user account you're already using. Group Policy will begin to apply to the computer once it's joined to the domain, but in a stock Windows Server 2008 Active Directory there really won't be any Group Policy settings of consequence applied, so for all intents and purposes the client computer will appear unaffected by joining the domain.
With respect to your concerns re: applicaitons and setttings: Your existing local user account's profile can be migrated to the domain user account's profile, and this will preserve most settings. One item that is particular offensive, however, is applications that store paths referencing "C:\Documents and Settings..." (or "C:\Users..." if you're in a Windows Vista / 7 world) in the registry. In this case, if you want these paths to continue to "work" you must perform the profile migration in such a way that the domain account ends up using the same directory on the local hard disk drive for profile storage as the local account, which ultimately means relocating or deleting the local user profile.
Personally, if I were you, I'd join the client comptuer to the domain, logon once with your domain account, reboot (to be sure that there aren't any open handles to any user registries left open), logon as "Administrator" (assuming the local account you've been using isn't "Administrator"), and use the "Copy To" functionality in the "User Profiles Settings" dialog, reachable through the "Advanced" tab of the "Properties" of "My Computer" to copy the local user account's profile over the domain account's profile. Specify the domain account in the "Permitted to use" section of the "Copy To" dialog.
I'd logon as the domain account (which should then have the look-and-feel of your old local user account), and use REGEDIT to scan thru HKEY_CURRENT_USER looking for references to "C:\Documents and Settings\old-local-user..." and alter them to refer to the new domain account's profile location. It's tedious, but you'll probably have some stupid applications that saved absolute paths to profile locations. (Thanks, stupid app developers...)
The nice thing about this method is that it preserves the local user account. You can still logon as the local user if you find that things aren't working with the domain user account.
The bad thing about this method is that it preserves the local user account. You can still logon as the local user, and in doing so, make modifications to locally stored documents, etc, and end up getting confused about what's what and destroying data.
As soon as the domain user account is working as you'd like it, I'd delete the local user account and its profile. If you're paranoid, back-up the profile directory and just disable the local user account. Personally, I'd try to make a clean break so that you're not kicking that old user profile directory down the beach forever.
Finally, if you don't have access to someone with good Active Directory expertise re: designing your Active Directory, using Group Policy to deploy software / centrally control update deployment / centrally store user data files / leverage romaing user profiles, etc, I'd encourage you to look for somebody who can spend a couple of hours helping you out. You can get a lot of really neat functionality out of Active Directory, and some very simple Group Policy settings can be used to get user data centrally stored and backed up, get Windows and Microsoft application updates being centrally deployed and managed, etc. It's good stuff, and can save you a lot of time and headaches down the road.
Good luck!