SharePoint User Account and AD (Active Directory) Group Migration using PowerShell script in SharePoint 2010


Ahamed Fazil Buhari
SharePoint Developer
Published On :   20 Jun 2016
Visit Count
Today :  1    Total :   5988
Plan, Migrate, Secure, Report
SharePoint & Office 365 Tool. Simple & Easy to Use. 15-Day Trial!

SharePoint Office 365 Tool
Simple & Powerful Tool for Migration, Security & Reporting. Free Trial


If the SharePoint site has been migrated from one domain (user@abc.com) to another domain (user@xyz.com) using Content DB backup & restore or any other mode of migration where the contents are migrated but not the user accounts, then we can migrate the User accounts and AD groups using PowerShell script. The below scripts are tested and verified in SharePoint 2010 to SharePoint 2010 migration from one domain (abc.com) to another domain (xyz.com)

About User Accounts:

User account gives the control that who can access the SharePoint site. We can make use of existing domain or network server account which is already available in the environment. For example, if you have your SharePoint site in your ABC organization. Then, your user account would be yourname@abc.com

About Active Directory Group:

First and foremost, let’s see the difference between SharePoint Group and AD Group.

There's much difference between SharePoint Group and Active Directory Group. In simple, SharePoint groups are something that is handled inside the SharePoint site and it contains collection of users & groups. It is mostly administrated by a SharePoint site owner.

Active Directory groups have a collection of users and groups stored in Active Directory (Domain level). These groups are managed by the AD admin.

SharePoint user accounts and active directory group migration will be accomplished using the below PowerShell scripts.

The following ps command will be executed on the SharePoint application server for each of the migrated users –

 *************************************************************************
 $farm.MigrateUserAccount( $_.oldlogin, $_.newlogin, $_. enforceSidHistory ) 
 
 Oldlogin(string) - A string that contains the old login name.
 Newlogin(string)- A string that contains the new login name	
 enforceSidHistory(Boolean)- true to query Active Directory for the SID history attribute to ensure that the new login name corresponds to the old one; otherwise, false
 *************************************************************************
 

User accounts migration and AD group remapping will be accomplished with step by step approach as outlined below -

Step 1: Extract Users from all the migrated site collections

Following script provides the list of users that are added to the SharePoint site. The script will be executed for all the migrated site collections.

FetchURL.csv should contain the list of SharePoint sites.

clip_image002

 $CSVData = Import-CSV -path "C:\FetchURL.csv"
 foreach ($row in $CSVData)  
 {
     $exportlist = @() 
     #Creating SPSite Object 
     $MySiteCollection = new-object Microsoft.SharePoint.SPSite($row.siteURL)
     $MyWeb = $MySiteCollection.openweb()
     #Getting the SP Users available in that site 
     $siteUsers = $MyWeb.SiteUsers
     #Exporting the users into csv file 
     $exportlist = @()
     foreach($user in $siteUsers){
         $obj = New-Object PSObject -Property @{
             “ABCuser”= $user.LoginName
             “XYZuser”=’’
         }
         $exportlist += $obj 
         $DocPath =$row.siteURL.Split("/")
  	  #Saving the csv file into local drive 
         $path = 'C:\'+ $DocPath[$DocPath.Length-1]+'.csv'
         $exportlist | Export-Csv -path $path
     }
     $MyWeb.Dispose()
     $MySiteCollection.Dispose()
 } 
 

Step 2: Update the User Accounts as per the target environment naming convention

The output csv files from Step 1 will have the user account names available in those sites as shown below,

clip_image004

Update the corresponding user account in XYZuser column. Here, the user account user1@abc.com has its corresponding account in target environment as user1@xyz.com and so on for other accounts.

Finally the csv file will be updated as below,

clip_image006

*************************************************************************

Step 3: Extract AD groups from all the migrated site collections

Following script provides the list of AD groups that are added to the SharePoint site. The script will be executed for all the migrated site collections.

FetchURL.csv should contain the list of SharePoint sites.

 $CSVData = Import-CSV -path "C:\FetchURL.csv"
 foreach ($row in $CSVData)  
 { 
     $exportlist = @() 
     #Creating SPSite object
     $MySiteCollection = new-object Microsoft.SharePoint.SPSite($row.siteURL)
     $MyWeb = $MySiteCollection.openweb()
     #Fetching the AD groups available in that SP Site
     $groups = $MyWeb.sitegroups
     #Exporting all the AD groups into csv file
     foreach ($grp in $groups) {
         foreach($user in $grp.Users)
         {
             if ($user.IsDomainGroup -eq $true) {
                 $obj = New-Object PSObject -Property @{
                     “abcGroup”= $user.LoginName
                     "xyzGroup" = ''
                 }
                 $exportlist += $obj 
             }
         }
     }
     $DocPath =$row.siteURL.Split("/")
     #saving the csv file in local drive
     $path = 'C:\'+ $DocPath[$DocPath.Length-1]+'_Group.csv'
     $exportlist | Export-Csv -path $path
 }
 $MyWeb.Dispose()
 $MySiteCollection.Dispose() 
 
Step 4: Migrate Users and AD groups into the Target SP farm

The following PowerShell command will be used to migrate all the Users and AD groups from the csv file into the target SP farm

 If ((Get-PSSnapIn -Name Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue) -eq $null )
 { 
  Add-PSSnapIn -Name Microsoft.SharePoint.PowerShell
 }
 function MigrateUserOrGroups($migrationType, $csvFile)
 {
    #Getting the SPFarm object
    $farm = Get-SPFarm 
    Write-Host $migrationType
    #Checking whether the user input the type of Migration as Group
    if($migrationType -eq "Group"){
    Import-Csv $csvFile | ForEach-Object{
       Write-Host "Migrating Group" $_. abcGroup "to" $_. xyzGroup -ForegroundColor Green
       $farm.MigrateGroup($_.abcGroup, $_.xyzGroup)      
        }
       }      
     #Checking whether the user input the type of Migration as User
     if($migrationType -eq "User")      {        
         Import-Csv $csvFile | ForEach-Object{
         Write-Host "Migrating User" $_. ABCuser "to" $_. XYZuser -ForegroundColor Green
         $farm.MigrateUserAccount( $_.ABCuser, $_.XYZuser, $false)
         }      
       }
       
    Write-Host "Migration Completed" -ForegroundColor Cyan  
    # $farm.Name
 }
 MigrateUserOrGroups $args[0] $args[1] 
 
 

Inputs for the PowerShell script:

For User migration: Open ‘SharePoint 2010 Management Shell’ and Run the following command. ./PowershellfileName.ps1 “User” “<Path of CSV file which has both ABC and XYZ user account details>”

For Group migration: Open SharePoint 2010 Management Shell and Run the following command.

./PowershellfileName.ps1 “Group” “<Path of CSV file which has both ABC and XYZ AD Group details>”

Happy Coding,

Ahamed Buhari

SharePoint Usage Reports
Usage reports, collaboration and audit for SharePoint.
Categories

KWizCom Forms App