locked
Users being removed from Security groups after being migrated to a new farm and domain. RRS feed

  • Question

  • We are actually experiencing a scenario where users that were migrated from this farm over to our farm are losing their permissions sporadically for the new farm and sites security group. For instance, one user who use to be a member of a Site Owner Group, ended up being out of the group without any human intervention. It seems like whenever AD syncs with MOSS 2007, something funny happens that is causing these users to lose their permissions. Can somebody help me withthis please?
    Stech
    • Edited by Mike Walsh FIN Wednesday, March 9, 2011 7:04 PM word strangely not suitable for titles
    Wednesday, March 9, 2011 3:41 PM

Answers

  • Hi Standley,

     

    Thanks for your post.

    Here is the summary issue as I understand.

    Scenario: SharePoint 2007 was migrated from one farm to a new farm, and it’s also a new domain. But the users, who uses to be a member of Site Owner Group, cannot log on to the new farm.

     

    When a user is migrated in Active Directory, the Security Identifier (SID) changes for the user. Additionally, the logon information for the user might be changed. Windows SharePoint Services and Microsoft SharePoint Portal Server 2003 store user information based on both the user SID and the user logon information. When the user SID or the user logon information changes in Active Directory, Windows SharePoint Services must be updated with the new user information before the user can access Windows SharePoint Services successfully.

     

    More information:

    http://support.microsoft.com/kb/896593

    http://support.microsoft.com/kb/896161

     

    Thanks,

    Wayne

    TechNet Subscriber Support in forum

    If you have any feedback on our support, please contact tngfb@microsoft.com

    Thursday, March 10, 2011 1:13 AM
  • Hi Stanley,

    Glad to receive your reply.

    Have you migrated the users after you migrated to the new farm?

    As the links in my first reply, you can try to use the stsadm command or C# code to achieve this.

    Share your views.

    Friday, March 11, 2011 3:39 AM

All replies

  • Hi Standley,

     

    Thanks for your post.

    Here is the summary issue as I understand.

    Scenario: SharePoint 2007 was migrated from one farm to a new farm, and it’s also a new domain. But the users, who uses to be a member of Site Owner Group, cannot log on to the new farm.

     

    When a user is migrated in Active Directory, the Security Identifier (SID) changes for the user. Additionally, the logon information for the user might be changed. Windows SharePoint Services and Microsoft SharePoint Portal Server 2003 store user information based on both the user SID and the user logon information. When the user SID or the user logon information changes in Active Directory, Windows SharePoint Services must be updated with the new user information before the user can access Windows SharePoint Services successfully.

     

    More information:

    http://support.microsoft.com/kb/896593

    http://support.microsoft.com/kb/896161

     

    Thanks,

    Wayne

    TechNet Subscriber Support in forum

    If you have any feedback on our support, please contact tngfb@microsoft.com

    Thursday, March 10, 2011 1:13 AM
  • Hi Wayne,

    Thank you for your reply. After reading my post I realize that I have not clearly explained my issue. Let's hope this time I do a better job. For instance, we have Domain XC and Farm XC on one side, and we have Domain B and Farm B on the other side.

    1- Domain XC users were migrated to  Domain B AD.

    2- A Microsoft PFE wrote a script to migrate users from their Farm XC to our Farm B. (At begining everything seems to work fine in terms of access and permission)

    3- XC Farm users were added to their respective security groups in their site collection in B Farm.

    4- For some reason, after every profile sync which runs hourly these migrated users are removed from the security group. As a result, they end up losing right to manage their site collection.

    Does that make sense

     


    Stech
    Thursday, March 10, 2011 3:21 PM
  • Hi Stanley,

    Glad to receive your reply.

    Have you migrated the users after you migrated to the new farm?

    As the links in my first reply, you can try to use the stsadm command or C# code to achieve this.

    Share your views.

    Friday, March 11, 2011 3:39 AM
  • Hi Stanley,

    Would you please let us know how is your problem going? Is the suggestion helpful for your issue?

    If you need further assistance, please feel free to let us know.

     

    Thanks,

    Wayne

    TechNet Subscriber Support in forum

    If you have any feedback on our support, please contact tngfb@microsoft.com

     

    Wednesday, March 16, 2011 1:41 AM