Migrate user accounts

If the source and destination environments are in the same active directory domain, all existing users, groups, and security should work in the destination environment exactly as it did in the source. In this scenario no further user migration is necessary.

It is common for production and non-production environments to exist in different domains, in which case the user objects in the migrated site collection is not in the correct domain and users are not able to access the site.

SharePoint has the ability to migrate user accounts using the Move-SPUser PowerShell cmdlet.

Using this tool is out of scope for this guide, however provided below is a simple example for a claims-based web application that migrates users into the "Bonzai Intranet" domain.

Note:

For your environment you would need to make modifications to this script.

$web = Get-SPWeb -Identity https://bankgroup.bonzai-intranet.com

foreach ($user in $web.Users)

{

$username = ($user.LoginName -split "`\\")[1]

$newUserLogin = "i:0#.w|bonzai\$username"

Write-Output "Migrating $($user.LoginName) to $newUserLogin..."

Move-SPUser -Identity $user -NewAlias $newUserLogin -IgnoreSID

}

This script does not work if the users do not share the same username (i.e. sAMAccountName) in both the source and destination domains or if the accounts do not exist in the destination domain.

The script does not migrate active directory security groups nor any internal names like NT AUTHORITY.

The script throws an exception for any user that cannot be migrated, though these can be ignored if they are expected.