You might have seen the similar script in other blogs for migrating users / groups. Here is my contribution for the same requirement. You can use this script for migrating bulk AD users and AD groups in a single shot. I have created this script to read the information from CSV file. You can find the actual script and two sample CSV files below of this post. My customer’s scenario was, they have upgraded their SharePoint 2007 to SharePoint Server 2010 but their domain changed in SharePoint Server 2010 so they have to update AD user and group information in the SharePoint databases by running the MigrateUserAccount & MigrateGroup method.
SPFarm.MigrateUserAccount is same as the STSADM migrateuser command that we all were familiar. This method migrate user account in SharePoint Foundation to a new login name and binary ID. If an entry for the new login name already exists, it is deleted to allow this change. The following entities are updated in the entire server farm: site collection users in the UserInfo tables, people lists, and security policies.
Add-PSSnapin Microsoft.SharePoint.PowerShell
function MigrateUserOrGroups($migrationType, $csvFile)
{
#Getting the SPFarm object
$farm = Get-SPFarm
Write-Host $migrationType
#Checking whether the user input the type of Migration as Group
if($migrationType -eq "Group"){
Import-Csv $csvFile | ForEach-Object{
Write-Host "Migrating Group" $_.oldlogin "to" $_.newlogin -ForegroundColor Green
$farm.MigrateGroup($_.oldlogin, $_.newlogin)
}
#Checking whether the user input the type of Migration as User
if($migrationType -eq "User")
Write-Host "Migrating User" $_.oldlogin "to" $_.newlogin -ForegroundColor Green
$farm.MigrateUserAccount( $_.oldlogin, $_.newlogin, $false )
Write-Host "Migration Completed" -ForegroundColor Cyan
# $farm.Name
MigrateUserOrGroups $args[0] $args[1]
Script and Test Files
I am having the same problems, can you tell me how it was done?
I found links that moved only the ContentDB from moss2007 to SP2010, then run the "stsadm migrateuser" (and groups) command, one by one.
Do I have to move more DBs from the old server? I am trying to migrate the administrator too intially using this coomand:
stsadm -o migrateuser -oldlogin olddomain\sharepointadmin -newlogin newdomain\_SPAdmin
should I do that or just run the
stsadm -o siteowner -url http://portal -ownerlogin newdomain\_SPAdmin ??
When I run the migrateuser coomand I get this error now:
"Value cannot be null. Parameter name: userProfileApplicationProxy"
What am I doing wrong?
If I use your script, how do I use it? Do I just run the ps1 without parameters?
is that it?
PS S:\tools\MigrationScript> .\MigrateUserOrGroupInBulk.ps1
Migration Completed
do I have to do anythign else after? restart a service or iisreset?
my new users get immediately access denied, do I have to force the user profile sync or something?
plesase help me out ? I know I am so close...
thanks
What is the authentication type that you are using for your 2010 web application ?
Make sure that the content database "dbo.UserInfo" table got updated with the new domain details. Also, hope in your domain migration SID history was the same.
Also make sure that test your upgrade in a test environment. Do not try anything in production. Also keep a working backup copy of DB.
I am using NTLM (the default), I get prompted for a password all the times, it's the one for the new domain.
I am using a sandbox with snapshots I cn revert to.
This domain move is kicking my butt and I am contemplating the idea of putting this new server in the same domain first, install 2007, move the DB over and THEN do an upgrade to SP2010 (still in the old domain).
And next time I have a maintenance window, I can do the domain move, but at least I can take time.
I am willing to use the "migrateuser" command for all my users and groups, it's not a lot, but when I get the message "Value cannot be null. Parameter name: userProfileApplicationProxy" , I think it stopped and missed something.
Can I query the DB Content to see where I left behind the old domain references?
Also I am willing to edit tables of run queries to replace the user logins/permissions, but I am not sure how to search.
another pblem I have is to migrate the "MySite", I noticed in the new SP2010, it's only "/My/", in the URL and it gets page not found. During this process I also see that are some old MySites pages from users that are no longer here but cannot delete them, how do I take permission? My _SPAdmin doesn't reach there...
Hi Gab,
Make sure that the authenticatino prompt is not a loop back check issue or not.
support.microsoft.com/.../896861
For Mysite migration, if you are using explicit inclusion managed path it has to be created in the SharePoint 2010 prior to the upgrade. Please look at the below article for getting more information about how to do a user profile migration :
spmike.com/.../migrating-moss-2007-sspmysites-to-sharepoint-2010-in-a-database-attach-scenario
Direct modification of SharePoint DBs are not supported. In a test environment you can look at the table values if you want. Table you will be looking is dbo.UserInfo.
I've been using SPMike site, I found it before, I just have been misunderstanding which database to migrate, I've only done the WSS_Content DB but I think I have to do the SharedService as well. Im my SP site I have to migrate from, I have 1 managed app mounted under SharedServices, the DB is called SharedServicesContent_somerandomUIDm, thou I also have another one called SharedServices1_DB. Which one is the one to backup and mount on the new DB? Is it the one with the UID (the one that I see on my collection sites?
I will try this tomorrow...
Ok, you have to take the SSP configuration DB which contains the Userprofiles table and other details, In your case from the name it look like SharedServices1_DB. Please double check it.
weird, my comments don't go thru, I have to enter them twice...
Anyway, I have 2 DBs in there, but the one attached to the WebApplication under Central Administration is the SharedServices_randomGUID one, NOT the other one named "..._DB", I am not sure which one I should migrate over of the two.
You can't upgrade those two DBs, you have to leave it in 2007. Once you setup a new SharePoint 2010 environment it will be creating it for you. Just migrate only the content databases, SSP profiles, My Sites. Please read the below technet for getting more information : technet.microsoft.com/.../ee517214
I am not worried about the MySites, they don't need to be converted. I think I am at a good point right now, I've migrated to a new domain the 2 DBS (WSS_Content and SPP), I've upgraded and they are running in my webapplications.
However on steps 16 and under of the SPMike page, I cannot start the FIM, and I cannot create the Sync Connection b/c the service is not running.
Also I can't search anything in the current state.
These are some of the errors I get related to FIM and User Profile Syncronization:
The Execute method of job definition Microsoft.Office.Server.UserProfiles.UserProfileImportJob (ID 45690568-c3e9-4257-9a3b-afb709002afa) threw an exception. More information is included below.
Operation is not valid due to the current state of the object.
-------
System.Configuration: System.Configuration.ConfigurationErrorsException: Required attribute 'externalHostName' not found. (C:\Program Files\Microsoft Office Servers\14.0\Service\Microsoft.ResourceManagement.Service.exe.Config line 29)
at System.Configuration.BaseConfigurationRecord.EvaluateOne(String[] keys, SectionInput input, Boolean isTrusted, FactoryRecord factoryRecord, SectionRecord sectionRecord, Object parentResult)
at System.Configuration.BaseConfigurationRecord.Evaluate(FactoryRecord factoryRecord, SectionRecord sectionRecord, Object parentResult, Boolean getLkg, Boolean getRuntimeObject, Object& result, Object& resultRuntimeObject)
at System.Configuration.BaseConfigurationRecord.GetSectionRecursive(String configKey, Boolean getLkg, Boolean checkPermission, Boolean getRuntimeObject, Boolean requestIsHere, Object& result, Object& resultRuntimeObject)
at System.Configuration.BaseConfigurationRecord.GetSection(String configKey)
at System.Configuration.ClientConfigurationSystem.System.Configuration.Internal.IInternalConfigSystem.GetSection(String sectionName)
at System.Configuration.ConfigurationManager.GetSection(String sectionName)
at Microsoft.ResourceManagement.WebServices.ResourceManagementServiceSection..cctor()
-----
The Forefront Identity Manager Service could not bind to its endpoints. This failure prevents clients from communicating with the Web services.
A most likely cause for the failure is another service, possibly another instance of Forefront Identity Manager Service, has already bound to the endpoint. Another, less likely cause, is that the account under which the service runs does not have permission to bind to endpoints.
Ensure that no other processes have bound to that endpoint and that the service account has permission to bind endpoints. Further, check the application configuration file to ensure the Forefront Identity Manager Service is binding to the correct endpoints.
----
Microsoft.ResourceManagement.Service: System.TypeInitializationException: The type initializer for 'Microsoft.ResourceManagement.WebServices.ResourceManagementServiceHostFactory' threw an exception. ---> System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.TypeInitializationException: The type initializer for 'Microsoft.ResourceManagement.WebServices.ResourceManagementServiceSection' threw an exception. ---> System.Configuration.ConfigurationErrorsException: Required attribute 'externalHostName' not found. (C:\Program Files\Microsoft Office Servers\14.0\Service\Microsoft.ResourceManagement.Service.exe.Config line 29)
--- End of inner exception stack trace ---
at Microsoft.ResourceManagement.Policy.PolicyApplicationManager..ctor()
at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)
at System.Activator.CreateInstance[T]()
at Microsoft.ResourceManagement.Utilities.SingletonObjectBase`1.get_Instance()
at Microsoft.ResourceManagement.Utilities.DefaultSingletonObjectClassFactory`2.CreateInstance()
at Microsoft.ResourceManagement.Utilities.ClassFactoryManager.CreateInstance[T]()
at Microsoft.ResourceManagement.WebServices.ResourceManagementServiceHostFactory..cctor()
at Microsoft.ResourceManagement.WebServices.ResourceManagementServiceHostFactory..ctor()
at Microsoft.ResourceManagement.WindowsHostService.OnStart(String[] args)
------
Service cannot be started. System.TypeInitializationException: The type initializer for 'Microsoft.ResourceManagement.WebServices.ResourceManagementServiceHostFactory' threw an exception. ---> System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.TypeInitializationException: The type initializer for 'Microsoft.ResourceManagement.WebServices.ResourceManagementServiceSection' threw an exception. ---> System.Configuration.ConfigurationErrorsException: Required attribute 'externalHostName' not found. (C:\Program Files\Microsoft Office Servers\14.0\Service\Microsoft.ResourceManagement.Service.exe.Config line 29)
at System.Configuration.BaseConfigurationRecord.Evaluate(FactoryRecord factoryRecord, SectionRecord sectionRecord, Object parentResult, Boolean getLkg, Boolean getRuntimeO...
---------
---------------
The server encountered an unexpected error and stopped.
"ERR: MMS(6944): libutils.cpp(10513): RegQueryValueEx of Server failed with 2
BAIL: MMS(6944): libutils.cpp(10515): 0x80070002 (The system cannot find the file specified.)
ERR: MMS(6944): libutils.cpp(10513): RegQueryValueEx of SQLInstance failed with 2
ERR: MMS(6944): libutils.cpp(10513): RegQueryValueEx of DBName failed with 2
BAIL: MMS(6944): server.cpp(359): 0x80070002 (The system cannot find the file specified.)
BAIL: MMS(6944): server.cpp(3860): 0x80070002 (The system cannot find the file specified.)
BAIL: MMS(6944): service.cpp(1531): 0x80070002 (The system cannot find the file specified.)
ERR: MMS(6944): service.cpp(980): Error creating com objects. Error code: -2147024894. This is retry number 0.
BAIL: MMS(6944): clrhost.cpp(224): 0x80131022
BAIL: MMS(6944): scriptmanagerimpl.cpp(7670): 0x80131022
BAIL: MMS(6944): server.cpp(251): 0x80131022
BAIL: MMS(6944): server.cpp(3860): 0x80131022
BAIL: MMS(6944): service.cpp(1531): 0x80131022
ERR: MMS(6944): service.cpp(980): Error creating com objects. Error code: -2146234334. This is retry number 1.
ERR: MMS(6944): service.cpp(980): Error creating com objects. Error code: -2146234334. This is retry number 2.
ERR: MMS(6944): service.cpp(980): Error creating com objects. Error code: -2146234334. This is retry number 3.
BAIL: MMS(6944): service.cpp(994): 0x80131022
Forefront Identity Manager 4.0.2450.34"
----------
LEt me also mention that I've followed this page as well on creating new "MySites": sharepointgeorge.com/.../configuring-my-site-sharepoint-2010
and I don't see MySites Template, is there an explaination for that ?
If you are using enterprise edition of SharePoint 2010 you should see that template. Here is reference for troubleshooting UPA Synch service issue : technet.microsoft.com/.../gg750257.aspx
current license is: SharePoint Server with Standard Client Access License
it seems it should have it, no?
sharepoint.microsoft.com/.../editions-comparison.aspx