Tools for upgrade and migration from MOSS 2007 to SharePoint 2010 - PowerShell Import-Module ActiveDirectory and Get-SPFarm (MigrateUser)

  • Article

Have you found yourself in a fun position of supporting the migration or upgrade of MOSS 2007 to SharePoint 2010 AND going from one domain to another AND you need to make sure that the users access, history, e-mail, etc are not impacted? To add a little more fun, the domains have no connectivity at all to each other.

For example, BOB logs on to the MOSS2007 site collection as DomainA\BOB

However, the company DomainA has been purchased and absorbed by the much bigger company DomainB and they have new logons for BOB. BOB (aka Robert) is a very important author of items in the site collection that is being brought over and is the husband of the CEO of DomainB. He MUST retain his access to the content in the farm being brought over to DomainB via the copy and upgrade of the content database.

Bob now logs on as DomainB\Robert and goes to the new url for his migrated and upgraded site collection. He sees the site, but none of the documents are authored by him. Heck, they all say DomainA\Bob and he can not do anything to the items. Oh oh, he is on the way to see the CEO and you (the SharePoint dude(tte)) just happen to overhear his frustration and yell out "No worries Bob, I can fix it for you."

At a high level, the users for your MOSS 2007 site collection will come over in the content database and you need to do some matching and migrating.

The user in the site collection is DomainA\Bob and he maps to the userID of 231 (just a number I picked, but it is important as it is a number that is Bob) in the users listing on the site. If a site collection admin ADDS DomainB\Robert as a new user, Robert will not be userID 231, but whatever the next userID number is that is available. As such, DomainB\Robert will not have the specific permissions that DomainA\Bob had. In fact, to SharePoint, they are 2 DIFFERENT Users. STOP THAT SCA! OK, you did, let's continue.

As the SharePoint FARM administrator on the SharePoint 2010 farm with permission to the User Profile Service application you can save the day for Robert using MigrateUser from the Get-SPFarm object.

From the SharePoint 2010 Management Shell (YAY PowerShell!)

$SPFarm = Get-SPFarm

$Bob = "DomainA\Bob"

$Robert = "DomainB\Robert"

$IgnoreSIDHistory = $true # different domains, totally different users, SID history would be a little odd.

$SPFarm.MigrateUser ($Bob, $Robert, $IgnoreSIDHistory)

 

A more in-depth write-up is available at https://blogs.msdn.com/b/sowmyancs/archive/2012/01/07/migrate-users-groups-powershell-script.aspx as the method above is a quick few minutes in PowerShell for one user. Chances are you are going to need to do this for all users.

If you need to update or change any other Properties for DomainB\Robert that are tied to his Active Directory Properties, take a look at https://blogs.msdn.com/b/adpowershell/archive/2009/02/25/ad-powershell-quick-start-guide.aspx

 

WARNING : I have seen numerous posts on the internet stating that you could/should/would do this with T-SQL. I HIGHLY RECCOMEND THAT YOU DO NOT DO THIS. Unless, you like living on the edge and getting all unsupported. There is really no need to do the direct SQL method anyways, the methods are fairly straight forward.