We found moveuser.exe (in the Windows Resource Kit). But it doesn't work with Administrator accounts! Oh noez!!! Some of our users are logging in as Administrator!
The way around it is thusly:
- Rename the Administrator account (say, to barbarella)
- Create a new administrator account
- Make the old administrator account that the user is using a Restricted User
- Put machine on the domain
- Reboot! not only does the machine need this to get onto the domain, it needs this to see that the old administrator account is no longer an administrator account.
- run 'moveuser.exe barbarella DOMAIN\barbarella'