Migrate SharePoint Users from One Domain To Another using Move-SPUser
Requirement:
During a acquisition, Our company decided to merge with an acquired company’s AD by re-creating their user Ids in our AD. Also, the acquired company had a bunch SharePoint sites and we wanted to migrate them to our SharePoint environment.
That brought another challenge of re-mapping user Ids with permission between domains. How do we migrate SharePoint users from one domain to another domain?
How to migrate users from one domain to another in SharePoint?
Well, In SharePoint 2007 days, I used STSADM to migrate users between domains:
Stsadm -o migrateuser -oldlogin domain\OldUserID -newlogin domain\NewUserID -ignoresidhistory
Now with SharePoint 2013, Its replaced with the PowerShell cmdlet: Move-SPUser.
$WebURL="http://intranet.crescent.com"
$Web = Get-SPWeb $WebURL
$OldID="i:0#.w|Crescent\Opera1"
$NewID="i:0#.w|Crescent\Opera2"
$OldUser = $Web.EnsureUser($OldID)
Move-SPUser -Identity $OldUser -NewAlias $NewID -ignoresid -Confirm:$false
Rather than moving users one by one, we prepared a CSV file, mapping users from one domain to a new domain, and used PowerShell script to migrate users in bulk.
Here is my CSV file structure:
The CSV file just maps the old SAMAccountName with the new one.
PowerShell script to Migrate Users from one domain to another:
Add-PSSnapin Microsoft.SharePoint.PowerShell
#Import data from CSV file
$UserData = Import-CSV -path "C:\Accounts.csv"
#Iterate through each Row in the CSV
foreach ($Row in $UserData)
{
write-host "Processing user:" $row.Email
#Site collection URL
$siteURL ="https://intranet.crescent.com"
$site = Get-SPSite $siteURL
foreach($web in $site.AllWebs)
{
#Get All Users
$UserColl = Get-SPUser -web $web.Url
foreach ($User in $UserColl)
{
#Get values from CSV File
$OldUserID= $Row.OldUserID.Trim()
$NewUserID =$Row.NewUserID.Trim()
$Email = $Row.Email.Trim()
#Search for Old User Accounts
if($User.UserLogin.Contains($OldUserID))
{
#Update the User E-mail
Set-SPUser -Identity $User.UserLogin -Email $Email -Web $web.URL
$NewUser = $User.UserLogin.replace($OldUserID, $NewUserID)
#Migrate user from Old account to new account - migrate users to new domain
Move-SPUser -Identity $User -NewAlias $NewUser -IgnoreSID -confirm:$false
write-host "User Migrated: $($User.userlogin) at site $($web.Url)"
}
}
}
}
This PowerShell script migrates users to new domain programmatically.
- User Account deleted and Recreated in AD (with new Sid)
- User Account changed from One Domain to another domain
- User Account’s Login ID is changed (such as due to last name change).
Migrate AD Groups in SharePoint from Old Domain to New Domain:
Use this PowerShell script to migrate active directory security groups from one domain to another domain.
#Old and New Groups
$OldLogin="OldDomain\Group"
$NewLogin="NewDomain\Group"
#Migrate AD Group
$Farm = Get-SPFarm
$Farm.MigrateGroup($OldLogin, $NewLogin)
OK. Now, How to get all unique users and AD Groups to CSV file at site collection-web application or farm level ? Well, use these PowerShell scripts:
Does this script copy site/list/library permissions also ?
Thanks for the script. Can we get an out-file for migration accounts failed?
Thanks for the script.
Could you help in migrating the users for multiple sitecollections?
I have migrated user account from old domain to new domain. however he is not able to approve or review the workflow task assigned to his old domain account with his new domain migrated account.
Error:The user who attempted to complete the task is not the user to whom the task is assigned.
I got the following error message:
You cannot call a method on a null-valued expression.
At line:23 char:13
+ $Email = $Row.Email.Trim()
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull
Looks like your CSV file doesn’t has “Email” column!
Will this remove the old domain username? I’d like to keep both for Co existence
Old Domain ID will be replaced with the New one. If you want to keep both, you’ll have to Clone permissions of the old user to new user. https://www.sharepointdiary.com/2015/01/clone-sharepoint-user-permissions-using-powershell.html
Saludeen, I need to do exactly what you describe above — “clone permissions of the old user to the new user”. But the link shown loops back to your post here: https://www.sharepointdiary.com/2014/12/migrate-sharepoint-users-from-one-domain-to-another.html
Do you have an updated link to the script which can clone permissions?
Thanks.
Here is the link: https://www.sharepointdiary.com/2015/01/clone-sharepoint-user-permissions-using-powershell.html
Does this script have to be run from the App server only? Can this be run from the web front end?
Does this process require trust between the old and new AD domains? I am about to undertake this exact process, and due to reasons beyond my control we are not allowed to establish trust between the domains.
No! Just run this script from the SharePoint server of target domain.