Tuesday, December 16, 2014

Migrate SharePoint Users from One Domain To Another using Move-SPUser

Requirement:
During a acquisition, Our company decided to merge with an acquired company's AD by re-creating their user Ids in our AD. Also, the acquired company had a bunch SharePoint sites and we wanted to migrate them to our SharePoint environment.

That brought an another challenge of re-mapping user Ids with permission between domains. How do we migrate SharePoint users from one domain to another domain?

Solution: 
Well, In SharePoint 2007 days, I used STSADM to migrate users between domains:
Stsadm -o migrateuser -oldlogin domain\OldUserID -newlogin domain\NewUserID -ignoresidhistory 

Now with SharePoint 2013, Its replaced with the PowerShell cmdlet: Move-SPUser.

$WebURL="http://intranet.crescent.com"
$Web = Get-SPWeb $WebURL

$OldID="i:0#.w|Crescent\Opera1"
$NewID="i:0#.w|Crescent\Opera2"

$OldUser = $Web.EnsureUser($OldID)
Move-SPUser –Identity $OldUser -NewAlias $NewID -ignoresid -Confirm:$false

Rather moving users one by one, we prepared a CSV file, mapping users from one domain to new domain and used PowerShell script to migrate users in bulk.

Here is my CSV file structure:
sharepoint migrate users between domains

The csv file just maps old SAMAccountName with the new one.

PowerShell script to Migrate Users from one domain to another:
Add-PSSnapin Microsoft.SharePoint.PowerShell

#Import data from CSV file
$UserData = Import-CSV -path "C:\Accounts.csv"

#Iterate through each Row in the CSV
foreach ($Row in $UserData)
 {
    write-host "Processing user:" $row.Email

    #Site collection URL
    $siteURL ="https://intranet.crescent.com"
    $site = Get-SPSite $siteURL

    foreach($web in $site.AllWebs)
     {
        #Get All Users
        $UserColl = Get-SPUser -web $web.Url

        foreach ($User in $UserColl)
        {
            #Get values from CSV File
            $OldUserID= $Row.OldUserID.Trim()
            $NewUserID =$Row.NewUserID.Trim()
            $Email = $Row.Email.Trim()

            #Search for Old User Accounts
            if($User.UserLogin.Contains($OldUserID))
             {
                #Update the User E-mail
                Set-SPUser -Identity $User.UserLogin -Email $Email -Web $web.URL

                $NewUser = $User.UserLogin.replace($OldUserID, $NewUserID)

                #Migrate user from Old account to new account - migrate users to new domain
                Move-SPUser -Identity $User -NewAlias $NewUser -IgnoreSID -confirm:$false
                write-host "User Migrated: $($User.userlogin) at site $($web.Url)"
             }        
        
        } 
    }
}
This PowerShell script migrates users to new domain programmatically.

You can use Move-SPUser cmdlet in situations like:
  1. User Account deleted and Recreated in AD (with new Sid)
  2. User Account changed from One Domain to another domain
  3. User Account's Login ID is changed (such as due to last name change).

Migrate AD Groups in SharePoint from Old Domain to New Domain:
Use this PowerShell script to migrate active directory security groups from one domain to another domain.
#Old and New Groups
$OldLogin="OldDomain\Group"
$NewLogin="NewDomain\Group"

#Migrate AD Group
$Farm = Get-SPFarm
$Farm.MigrateGroup($OldLogin, $NewLogin)

Ok. Now, How to get all unique users and AD Groups to CSV file at site collection-web application or Farm level ? Well, use these PowerShell scripts:



You might also like:
SharePoint Usage Reports
Usage reports, collaboration and audit for SharePoint.
Document SharePoint Farm
Automatically generate SharePoint documentation.
*Sponsored


Check out these SharePoint products:

4 comments :

  1. Does this process require trust between the old and new AD domains? I am about to undertake this exact process, and due to reasons beyond my control we are not allowed to establish trust between the domains.

    ReplyDelete
    Replies
    1. No! Just run this script from the SharePoint server of target domain.

      Delete
  2. Will this remove the old domain username? I'd like to keep both for Co existence

    ReplyDelete
    Replies
    1. Old Domain ID will be replaced with the New one. If you want to keep both, you'll have to Clone permissions of the old user to new user. http://www.sharepointdiary.com/2015/01/clone-sharepoint-user-permissions-using-powershell.html

      Delete

Please Login and comment to get your questions answered!

You might also like:

Related Posts Plugin for WordPress, Blogger...