I'm currently working in a situation where AD migration took place. The users were successfully migrated from one AD to another AD, and were told to user the new domain to logon to SharePoint sites.
Here comes the problem, they are receiving an access denied message whenever they are trying to login using their new domain account details. I know this is due to not running SharePoint migration for mapping user permissions.
So, I tried to run the STSADM migrate user command. The message show' operation successful' but when I cross checked the user profile, the email is still pointing to old domain. And also is there any PowerShell script to run the command for many users at a time in bulk ?
Can someone please help me on this ?
Thanks in advance.
Here is the general process you would use:
$user = Get-SPUser -Identity "olddomain\username" -Web http://webUrl Move-SPUser -Identity $user -NewAlias "newdomain\username" -IgnoreSid
Only use -IgnoreSid if SID History was not enabled during migration (ask the individuals who performed the migration), or if using Windows Claims identities (where the username starts with "i:0#.w|").
Next, you'll need to recreate your UPS synchronization connection, pointing to the new domain instead of the old domain. Perform a Full Synchronization, and this should update the user's profile in the UPA. The profile changes should get pushed out to each Site Collection within a day via another timer job.
Thanks for your reply.
I tried to run this command in dev environment, and I get the following error message.
"Get-SPUser : You must specify a valid user object or user identity",
"Move-SPUser : Cannot validate argument on parameter 'Identity'. The argument is null. Supply a non-null argument and try command again."
Here is the exact scenario where I'm struck.
|Before running stsadm migrate user command|
|After running migrate user command|
If you can notice the email for new login after running stsadm changed to @abc.
That is likely the UPN and not email address. Where are you seeing this value?
When you use Get-SPUser, you must specify a valid Site Collection where the user exists. It will still migrate it farm wide.
I'm seeing this in the people picker and User Profile Properties (Central Admin) as well .
And also I'm providing a valid site collection address, but still seeing the same error while running the commands you've provided.
Is the Web Application using Claims?
Have you updated the UPA Sync Connection to point to the new forest?
It is using the default/ windows authentication.
Actually I'm kinda new to SharePoint, I do see two forests/connections in my 'Synchronization connections' (in Central Admin).
How can I update the UP Sync Application to point to exactly one forest as I will be having two forests in my connections ?
Please correct me if I'm wrong.
I just deleted the connection (old AD connection) and tried to run the UPA.
But this time in the find profiles search box those users are not being returned anymore.
I can only find the users that were in the domain (2nd forest) from the beginning.