Migrate AD Group Permissions in Sharepoint / WSS

The purpose of this project was to assist with migration of AD groups used in Sharepoint permissions.


old AD domain A, new AD domain B
Sharepoint server/farm is in AD domain A
Permissions are defined using AD groups and users
AD domain B is introduced and users/groups are migrated using ADMT (with sIDHistory)


Since Sharepoint does not use sIDHistory, AD users and groups used in Sharepoint ACLs need to be converted to security principals now in AD domain B.
Microsoft's stsadm.exe comes with migrateuser switch, which does this for AD user accounts; however, the same functionality for AD groups is lacking.

This problem is confirmed on Windows Server 2003 / WSS 2.0; this project should also work with Sharepoint MOSS 2007. In Sharepoint 2010, powershell scripts should be used to call migration API methods for both users and groups.

More information is available here: http://www.flexecom.com/manipulate-sharepoint-permissions-after-migration/

Last edited Nov 7, 2012 at 7:01 AM by DennisSuhanovs, version 3