SharePoint Pals
 | Sign In
SharePoint User Account and AD (Active Directory) Group Migration using PowerShell script in SharePoint 2010
by Ahamed Fazil Buhari 20 Jun 2016
Author
SharePoint Developer
Visits   
Today  :   12     Total  :    4482

If the SharePoint site has been migrated from one domain (user@abc.com) to another domain (user@xyz.com) using Content DB backup & restore or any other mode of migration where the contents are migrated but not the user accounts, then we can migrate the User accounts and AD groups using PowerShell script. The below scripts are tested and verified in SharePoint 2010 to SharePoint 2010 migration from one domain (abc.com) to another domain (xyz.com)

About User Accounts:

User account gives the control that who can access the SharePoint site. We can make use of existing domain or network server account which is already available in the environment. For example, if you have your SharePoint site in your ABC organization. Then, your user account would be yourname@abc.com

About Active Directory Group:

First and foremost, let’s see the difference between SharePoint Group and AD Group.

There's much difference between SharePoint Group and Active Directory Group. In simple, SharePoint groups are something that is handled inside the SharePoint site and it contains collection of users & groups. It is mostly administrated by a SharePoint site owner.

Active Directory groups have a collection of users and groups stored in Active Directory (Domain level). These groups are managed by the AD admin.

SharePoint user accounts and active directory group migration will be accomplished using the below PowerShell scripts.

The following ps command will be executed on the SharePoint application server for each of the migrated users –

 *************************************************************************
 $farm.MigrateUserAccount( $_.oldlogin, $_.newlogin, $_. enforceSidHistory ) 
 
 Oldlogin(string) - A string that contains the old login name.
 Newlogin(string)- A string that contains the new login name	
 enforceSidHistory(Boolean)- true to query Active Directory for the SID history attribute to ensure that the new login name corresponds to the old one; otherwise, false
 *************************************************************************
 

User accounts migration and AD group remapping will be accomplished with step by step approach as outlined below -

Step 1: Extract Users from all the migrated site collections

Following script provides the list of users that are added to the SharePoint site. The script will be executed for all the migrated site collections.

FetchURL.csv should contain the list of SharePoint sites.

clip_image002

 $CSVData = Import-CSV -path "C:\FetchURL.csv"
 foreach ($row in $CSVData)  
 {
     $exportlist = @() 
     #Creating SPSite Object 
     $MySiteCollection = new-object Microsoft.SharePoint.SPSite($row.siteURL)
     $MyWeb = $MySiteCollection.openweb()
     #Getting the SP Users available in that site 
     $siteUsers = $MyWeb.SiteUsers
     #Exporting the users into csv file 
     $exportlist = @()
     foreach($user in $siteUsers){
         $obj = New-Object PSObject -Property @{
             “ABCuser”= $user.LoginName
             “XYZuser”=’’
         }
         $exportlist += $obj 
         $DocPath =$row.siteURL.Split("/")
  	  #Saving the csv file into local drive 
         $path = 'C:\'+ $DocPath[$DocPath.Length-1]+'.csv'
         $exportlist | Export-Csv -path $path
     }
     $MyWeb.Dispose()
     $MySiteCollection.Dispose()
 } 
 

Step 2: Update the User Accounts as per the target environment naming convention

The output csv files from Step 1 will have the user account names available in those sites as shown below,

clip_image004

Update the corresponding user account in XYZuser column. Here, the user account user1@abc.com has its corresponding account in target environment as user1@xyz.com and so on for other accounts.

Finally the csv file will be updated as below,

clip_image006

*************************************************************************

Step 3: Extract AD groups from all the migrated site collections

Following script provides the list of AD groups that are added to the SharePoint site. The script will be executed for all the migrated site collections.

FetchURL.csv should contain the list of SharePoint sites.

 $CSVData = Import-CSV -path "C:\FetchURL.csv"
 foreach ($row in $CSVData)  
 { 
     $exportlist = @() 
     #Creating SPSite object
     $MySiteCollection = new-object Microsoft.SharePoint.SPSite($row.siteURL)
     $MyWeb = $MySiteCollection.openweb()
     #Fetching the AD groups available in that SP Site
     $groups = $MyWeb.sitegroups
     #Exporting all the AD groups into csv file
     foreach ($grp in $groups) {
         foreach($user in $grp.Users)
         {
             if ($user.IsDomainGroup -eq $true) {
                 $obj = New-Object PSObject -Property @{
                     “abcGroup”= $user.LoginName
                     "xyzGroup" = ''
                 }
                 $exportlist += $obj 
             }
         }
     }
     $DocPath =$row.siteURL.Split("/")
     #saving the csv file in local drive
     $path = 'C:\'+ $DocPath[$DocPath.Length-1]+'_Group.csv'
     $exportlist | Export-Csv -path $path
 }
 $MyWeb.Dispose()
 $MySiteCollection.Dispose() 
 
Step 4: Migrate Users and AD groups into the Target SP farm

The following PowerShell command will be used to migrate all the Users and AD groups from the csv file into the target SP farm

 If ((Get-PSSnapIn -Name Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue) -eq $null )
 { 
  Add-PSSnapIn -Name Microsoft.SharePoint.PowerShell
 }
 function MigrateUserOrGroups($migrationType, $csvFile)
 {
    #Getting the SPFarm object
    $farm = Get-SPFarm 
    Write-Host $migrationType
    #Checking whether the user input the type of Migration as Group
    if($migrationType -eq "Group"){
    Import-Csv $csvFile | ForEach-Object{
       Write-Host "Migrating Group" $_. abcGroup "to" $_. xyzGroup -ForegroundColor Green
       $farm.MigrateGroup($_.abcGroup, $_.xyzGroup)      
        }
       }      
     #Checking whether the user input the type of Migration as User
     if($migrationType -eq "User")      {        
         Import-Csv $csvFile | ForEach-Object{
         Write-Host "Migrating User" $_. ABCuser "to" $_. XYZuser -ForegroundColor Green
         $farm.MigrateUserAccount( $_.ABCuser, $_.XYZuser, $false)
         }      
       }
       
    Write-Host "Migration Completed" -ForegroundColor Cyan  
    # $farm.Name
 }
 MigrateUserOrGroups $args[0] $args[1] 
 
 

Inputs for the PowerShell script:

For User migration: Open ‘SharePoint 2010 Management Shell’ and Run the following command. ./PowershellfileName.ps1 “User” “<Path of CSV file which has both ABC and XYZ user account details>”

For Group migration: Open SharePoint 2010 Management Shell and Run the following command.

./PowershellfileName.ps1 “Group” “<Path of CSV file which has both ABC and XYZ AD Group details>”

Happy Coding,

Ahamed Buhari

blog comments powered by Disqus

SharePoint Pals

Pals
SharePoint Pals, a community portal for SharePoint developers, Administrators and End Users. Let's join hands and share the point together.
Read this on mobile

Training

Angular Js Training In Chennai
Advanced Angular Js training with real world developer scenarios
Angular Js, Web Api and Ionic for .Net Developers
All in one client side application development for .Net developers
Angular Js For SharePoint Developers
Get ready for the future. Its no more just C#

Get Connected

SharePoint Resources

SharePoint 2013 and 2010 Web Parts
Free Web Parts with Source Code for SharePoint Community




SharePoint 2013 Books and Tutorials
Collection of free SharePoint 2013 books and tutorials (eBooks, pdfs)

Supported By

Contribute your article and be eligible for a one month Free Subscription for Plural Sight. The Author of the most popular New Article (published in the previous month) will be awarded with a Free One month Plural Sight Subscription. Article can be sent to articles@sharepointpals.com in a word document.

Related Resources

Recent Tweets

Twitter January 15, 00:25
How To Enable Target Value And Actual Value In #D3 Gauge Chart https://t.co/VxSi4QnNrC

Twitter January 15, 00:24
How To Open #SharePoint List Hyperlink Column In Modal #Popup Window https://t.co/EQ7HkoZDkX

Twitter January 15, 00:24
Quick Introduction To #Asp.NetCore And It’s Features https://t.co/zAXObHCFpH

Twitter January 15, 00:22
How To Configure #PerformancePoint Services To Use Secure Store In #SharePoint 2013 https://t.co/LEwnUoI7EY

Twitter January 15, 00:21
How To Block Or Disable #Office365 Services https://t.co/Yvp2VPFIRP

Follow us @SharePointPals
Note: For Customization and Configuration, CheckOutRecent Tweets Documentation