Hi, We implemented SharePoint 2007 project for one of our customers. The customer had two domains A) SKB.co.uk B) AbcGroup.co.uk The SharePoint was implemented in the [AbcGroup.co.uk] domain. With some help from windows administrators we configured the network to allow [SKB.co.uk] users to access the SharePoint on AbcGroup.co.uk domain. The problem I have is that the customer is planning to migrate all the users from [SKB.co.uk] into [AbcGroup.co.uk] and I do not know what impact this is going to have on the users who have been accessing the sites from [SKB.co.uk] domain account. At the moment all the end-users are in the [SKB.co.uk] domain and SharePoint groups are configured to allow users from [SKB.co.uk] domain. In another 6 months time all the [SKB.co.uk] domain users will be migrated to [AbcGroup.co.uk] domain, and I guess SharePoint is going to deny access when the users try to access from [AbcGroup.co.uk] domain. I have hundred of sites and many of these sites have unique permission for users in [SKB.co.uk] domain. Could someone please advise me how to go forward and gracefully accept the change in the domain name in the user accounts? Thanks Shiva S Shiva Sadayan

I did some more research and came across these two links http://justgeeks.blogspot.com/2007/09/moving-sharepoint-to-new-active.html http://www.toddklindt.com/blog/Lists/Posts/Post.aspx?ID=75 Shiva Sadayan

Hello Shiva , SharePoint stores user information based on both the Security Identifier and user logon information, when either changes in Active Directory, WSS needs to be updated with the new user information otherwise that user will be unable to access the WSS environment. SharePoint behavior depends a lot on how the users are migrated as in if you would preserve the SID history or not . Depending on the same SharePoint accessibility can vary. User accounts can also be migrated using the stsadm -o migrateuser operation. Article below has more information on how we can achieve the same http://technet2.microsoft.com/windowsserver/WSS/en/library/f9f9a3eb-ce46-4dbb-a15c-9fad9eb32ec71033.mspx?mfr=true. Link below an article by Bill Baer talks about Programmatically achieving the same and is specifically targeted towards multiple user scenarios. http://blogs.technet.com/b/wbaer/archive/2008/03/08/migrating-user-accounts-in-windows-sharepoint-services.aspx . Programmatically (Multiple User Scenarios) Where working with a large number of users, you may wish to programmatically migrate those users using the MigrateUserAccount method which migrates a user account in WSS to a new login name and binary Id updating the site collection user in the UserInfo tables, people lists, and security policies across the farm. The MigrateUserAccount method is a member of the Microsoft.SharePoint.Administration namespace, SP Farm class and takes three arguments, oldLogin, newLogin, and enforceSidHistory. 1.oldLogin is the is the login name you would like to modify - if the login name exists, it will be deleted to allow the change. 2.newLogin is the desired login name. 3.enforceSidHistory will query the Active Directory for the SID history attribute to ensure that the new logon name is truly correspondent to the old one (checks and balances). NOTE Set enforceSidHistory to False when working with non-Windows user accounts, for example, Forms-Based Authentication users. Sample Code using Microsoft.SharePoint; using Microsoft.SharePoint.Administration; namespace MigrateUser { class Program { static void Main(string[] args) { SPFarm Farm = SPFarm.Local; Farm.MigrateUserAccount("CONTOSO\\UserA", "CONTOSO\\UserB", true); } } }This code snippet is provided under the Microsoft Permissive License. Probably you or a developer at your end can further work on the code and see if you can create some sort of loop to get information for multiple users . references http://social.technet.microsoft.com/Forums/en-US/sharepointadmin/thread/af4c26d1-b89f-4206-9136-9a2169000364 ========================================== Manas-MSFT