Freigeben über


Migrate Users / Groups – PowerShell Script

You might have seen the similar script in other blogs for migrating users / groups. Here is my contribution for the same requirement. You can use this script for migrating bulk AD users and AD groups in a single shot. I have created this script to read the information from CSV file. You can find the actual script and two sample CSV files below of this post. My customer’s scenario was, they have upgraded their SharePoint 2007 to SharePoint Server 2010 but their domain changed in SharePoint Server 2010 so they have to update AD user and group information in the SharePoint databases by running the MigrateUserAccount & MigrateGroup method.

SPFarm.MigrateUserAccount is same as the STSADM migrateuser command that we all were familiar. This method migrate user account in SharePoint Foundation to a new login name and binary ID. If an entry for the new login name already exists, it is deleted to allow this change. The following entities are updated in the entire server farm: site collection users in the UserInfo tables, people lists, and security policies.

 Add-PSSnapin Microsoft.SharePoint.PowerShell
 function MigrateUserOrGroups($migrationType, $csvFile)
 {
    #Getting the SPFarm object
    $farm = Get-SPFarm
  
    Write-Host $migrationType
    #Checking whether the user input the type of Migration as Group
    if($migrationType -eq "Group"){
    Import-Csv $csvFile | ForEach-Object{
       Write-Host "Migrating Group" $_.oldlogin "to" $_.newlogin -ForegroundColor Green
       $farm.MigrateGroup($_.oldlogin, $_.newlogin)
       
        }
       }
       
     #Checking whether the user input the type of Migration as User
     if($migrationType -eq "User")
       {
         
         Import-Csv $csvFile | ForEach-Object{
         Write-Host "Migrating User" $_.oldlogin "to" $_.newlogin -ForegroundColor Green
         $farm.MigrateUserAccount( $_.oldlogin, $_.newlogin, $false )
         }      
       }
       
    Write-Host "Migration Completed" -ForegroundColor Cyan
    
    
    # $farm.Name
 }
  
 MigrateUserOrGroups $args[0] $args[1]

 

You can download the above PowerShell Script and sample test CSV files from the below link

 

Script and Test Files

Comments

  • Anonymous
    January 24, 2012
    I am having the same problems, can you tell me how it was done? I found links that moved only the ContentDB from moss2007 to SP2010, then run the "stsadm migrateuser" (and groups) command, one by one. Do I have to move more DBs from the old server? I am trying to migrate the administrator too intially using this coomand: stsadm -o migrateuser -oldlogin olddomainsharepointadmin -newlogin newdomain_SPAdmin should I do that or just run the stsadm -o siteowner -url http://portal -ownerlogin newdomain_SPAdmin ?? When I run the migrateuser coomand I get this error now: "Value cannot be null. Parameter name: userProfileApplicationProxy" What am I doing wrong? If I use your script, how do I use it? Do I just run the ps1 without parameters?

  • Anonymous
    January 24, 2012
    is that it? PS S:toolsMigrationScript> .MigrateUserOrGroupInBulk.ps1 Migration Completed do I have to do anythign else after? restart a service or iisreset? my new users get immediately access denied, do I have to force the user profile sync or something? plesase help me out ? I know I am so close... thanks

  • Anonymous
    January 24, 2012
    What is the authentication type that you are using for your 2010 web application ? Make sure that the content database "dbo.UserInfo" table got updated with the new domain details. Also, hope in your domain migration SID history was the same.

  • Anonymous
    January 24, 2012
    Also make sure that test your upgrade in a test environment. Do not try anything in production. Also keep a working backup copy of DB.

  • Anonymous
    January 24, 2012
    The comment has been removed

  • Anonymous
    January 24, 2012
    another pblem I have is to migrate the "MySite", I noticed in the new SP2010, it's only "/My/", in the URL and it gets page not found. During this process I also see that are some old MySites pages from users that are no longer here but cannot delete them, how do I take permission? My _SPAdmin doesn't reach there...

  • Anonymous
    January 24, 2012
    The comment has been removed

  • Anonymous
    January 24, 2012
    I've been using SPMike site, I found it before, I just have been misunderstanding which database to migrate, I've only done the WSS_Content DB but I think I have to do the SharedService as well. Im my SP site I have to migrate from, I have 1 managed app mounted under SharedServices, the DB is called SharedServicesContent_somerandomUIDm, thou I also have another one called SharedServices1_DB. Which one is the one to backup and mount on the new DB? Is it the one with the UID (the one that I see on my collection sites? I will try this tomorrow...

  • Anonymous
    January 24, 2012
    Ok, you have to take the SSP configuration DB which contains the Userprofiles table and other details, In your case from the name it look like SharedServices1_DB. Please double check it.

  • Anonymous
    January 26, 2012
    weird, my comments don't go thru, I have to enter them twice... Anyway, I have 2 DBs in there, but the one attached to the WebApplication under Central Administration is the SharedServices_randomGUID one, NOT the other one named "..._DB", I am not sure which one I should migrate over of the two.

  • Anonymous
    January 26, 2012
    You can't upgrade those two DBs, you have to leave it in 2007. Once you setup a new SharePoint 2010 environment it will be creating it for you. Just migrate only the content databases, SSP profiles, My Sites. Please read the below technet for getting more information : technet.microsoft.com/.../ee517214

  • Anonymous
    January 31, 2012
    The comment has been removed

  • Anonymous
    January 31, 2012
    LEt me also mention that I've followed this page as well on creating new "MySites": sharepointgeorge.com/.../configuring-my-site-sharepoint-2010 and I don't see MySites Template, is there an explaination for that ?

  • Anonymous
    January 31, 2012
    If you are using enterprise edition of SharePoint 2010 you should see that template. Here is reference for troubleshooting UPA Synch service issue : technet.microsoft.com/.../gg750257.aspx

  • Anonymous
    February 01, 2012
    current license is: SharePoint Server with Standard Client Access License it seems it should have it, no? sharepoint.microsoft.com/.../editions-comparison.aspx

  • Anonymous
    February 01, 2012
    Yes, it should be. Can you check following location in your SharePoint Server file system, C:Program FilesCommon FilesMicrosoft SharedWeb Server Extensions14TEMPLATESiteTemplatesSPSMSITEHOST. This is the site template for My Site Host.

  • Anonymous
    April 30, 2012
    You should charge GAB for posting so many comments  :-)

  • Anonymous
    April 30, 2012
    "I like it" not Gab LOL :)

  • Anonymous
    October 15, 2012
    I have 10 web applications in my test environment (SharePoint Foundation 2010). Two of the web applications are on a different domain and now being migrated to sync with the 8 web applications. I downloaded your PS script and sample csv files and changed the content of the csv, both user and group with only one item each. Ran the MigrateUserorGroupBulk.ps1 as administrator in the test environment…message came up “Migration Completed”. When I checked the site permissions, nothing changed. The group and the user still contained the old domain. Can you please tell me what am I missing? Do I need to reboot my server or do an IISreset? Surely appreciate the help.

  • Anonymous
    October 15, 2012
    Can you check the userinfo table in the database and see the status ?

  • Anonymous
    February 10, 2013
    Hi, We are migrating to another domain, users will go first and then SharePoint. I checked the command move-spuser and there you can add -ignoreSID, is there an option here too? Thnx

  • Anonymous
    April 24, 2013
    will this same script works in moss 2007?

  • Anonymous
    July 11, 2013
    Hi, So how do I run it?? I am having a similar issue as MaTee. I Run it and nothing happens.. This script is awesome, but can you explian how to run it properly, step by step? Where do you point the csv file.. how do you give values to the variables you use at the time of running?

  • Anonymous
    March 18, 2014
    Will this work with SP 2007? All I'm trying to do is migrate user credentials/permissons from one domain to another. We have a one way trust from anoter domain we added in SP. Now everyone is moving over to the new domain and I need to copy/migrate the existing user names/credentials/permissions to the new domain accounts which are already created in AD - just need to add them to SP

  • Anonymous
    July 07, 2014
    Hi, Your script assume to work that you don't use claims authentication. With claims authentication, the tp_login for a group contains the 'c:0+|' chain followed by the object SID.... How do you migrate groups in this case ? Thanks.

  • Anonymous
    November 14, 2014
    Can i use this script for SharePoint 2007? My client is migrating his Sharepoint 2007 solution from one machine to new machine. For this i need to migrate the user accounts from old AD domain to new domain for SharePoint 2007. If not, please suggest the best way to do this migration.

  • Anonymous
    February 05, 2015
    This works fine for me!! Thank you for real help.

  • Anonymous
    February 24, 2015
    Hi, I'm doing an ADMT between two forests, and I have to migrate the SharePoint users.  I have tested your script and it works well, but i have also seen references on other sites that suggest using the Move-SPUser command.  What is the difference and which one should I use? Thanks,

  • Anonymous
    March 31, 2015
    Hi, i have a query about migrating AD groups to new domain. can we use the command stsadm -o migrategroup command to migrate the permissions given via AD groups?. I am having sharepoint 2010 farm i have migrated all the users using the stsadm -o migrateuser command successfully. A large no of users have been given permissions via AD groups so need to migrate these AD groups also. any suggestion on this would be greatly appreciated.

  • Anonymous
    February 09, 2016
    what  would be the script if i want to convert the NT token user to split up into two claims (windows claims +adfs claims)? lets say domainuser = i:0#w|domainuser + i:0#e| domainuser?

  • Anonymous
    February 17, 2016
    Do you have an updated version of this for 2013?