How to decrypt user's files after domain migration?

Question

Hi Community!

In our company, computers were migrated from the domain ABC.com to XYZ.com

At the same time, the change of logins was implemented, for example:

Before migration: ABC\u12345

After migration: XYZ\e12345

Ater migration user login to new e12345 account, new folder was created C:\Users\e12345.

But in this folder is only "new" Appdata folder. Rest folders like Desktop, Documents etc. are linked from old user's folder: C:\Users\u12345

I have one computer, where user has encrypted one folder - Desktop - with all files in it.

After migration user can't open any encrypted files.

And he did not export certificate with private key before migration.

Our migration team suggest that user shoud login to PC via old domain account: ABC\username and decrypt files.

But when user try to do that, new account is created u12345.ABC with new SID, instead of logging into the original u12345 account.

Do you have any sugestions how user can login to his old account to decrypt files, or is there any posibble for admins to decrypt files without user's certivicate?

Thank you.

Answer 1

Hello

It sounds like a challenging situation with the domain migration and encrypted files. Here are a few suggestions that might help resolve the issue:

Accessing the Old Account: Since logging in with the old domain account creates a new profile with a different SID, you might try using the built-in Administrator account to access the old profile. This can sometimes bypass the SID issue. You can enable the built-in Administrator account using the following command in an elevated Command Prompt:

net user administrator /active:yes

Then, log in as the Administrator and try to access the old profile to decrypt the files.

Using a Recovery Agent: If your organization has set up a Data Recovery Agent (DRA) for the Encrypting File System (EFS), the DRA can be used to decrypt the files. The DRA is typically a user account that has been designated to recover encrypted files. You can check with your IT department to see if a DRA has been configured.

Restoring from Backup: If the encrypted files are critical and cannot be decrypted, you might consider restoring them from a backup. Ensure that the backup was taken before the migration and that it includes the encrypted files.

Third-Party Tools: There are third-party tools available that claim to recover EFS-encrypted files without the original certificate. However, these tools can be risky and may not always work. Use them as a last resort and ensure you have a backup of the files before attempting recovery.