locked
Impact for SharePoint servers by performing AD migration between domains RRS feed

  • Question

  • what are Impacts for SharePoint servers by performing AD migration between domains (source and destination domains) , will there be any impact for source sharepoint servers.  Please help me.. THANKS.

    Thanks, Ram Ch

    Wednesday, April 17, 2013 12:23 PM

All replies

  • You'll need to migrate users within the farm using stsadm -o migrateuser or Move-SPUser.  Other than that, there should not be any issues given a two-way full trust is set up (one-way and Selective trusts have additional requirements for SharePoint).

    Changing the domain of the SharePoint servers is unsupported.


    SharePoint - Nauplius Applications
    Microsoft SharePoint Server MVP
    MCITP: SharePoint Administrator 2010

    -----------------------
    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    Wednesday, April 17, 2013 2:15 PM
  • Thanks Trevor for your reply. what about user profile sync ,particularity about user profile import connection that existing in the source domain?

    stsadm -o migrateuser or Move-SPUser , this command we need to perform for all the users or any specific account. please confirm. thanks.


    Thanks, Ram Ch

    Wednesday, April 17, 2013 3:53 PM
  • and what is the reason Changing the domain of the SharePoint servers is unsupported.

    Thanks, Ram Ch

    Wednesday, April 17, 2013 3:53 PM
  • You need to perform stsadm -o migrateuser or Move-SPUser for any user that is migrated between domains.  As for the UPA connections, if you're migrating between two forests, make sure you have both set up with sync connections.  If you're migrating just between two domains within the same forest, make sure you only have a single sync connection covering both domains.

    As for moving SharePoint servers between domains, it is primarily due to information held within the config database as well as other security issues which do not translate when moving the machine from domain to domain.


    SharePoint - Nauplius Applications
    Microsoft SharePoint Server MVP
    MCITP: SharePoint Administrator 2010

    -----------------------
    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    Wednesday, April 17, 2013 3:55 PM
  • Thanks Trevor, both are different domains and trusted, both are versions are of MOSS 2007. in this case what do we need to reconfigure import sync connection after merging the domains?

    Thanks, Ram Ch

    Wednesday, April 17, 2013 4:03 PM
  • and if we have hundreds of users how this command will help. stsadm -o migrateuser or Move-SPUser. thanks.

    Thanks, Ram Ch

    Wednesday, April 17, 2013 4:05 PM
  • You need to add a sync to the trusted domain.

    If this is MOSS 2007, you'll need to run stsadm -o migrateusers as Move-SPUser is only available on 2010 and up.

    You can script the migrateusers command by pulling in variables from a csv file, for example.


    SharePoint - Nauplius Applications
    Microsoft SharePoint Server MVP
    MCITP: SharePoint Administrator 2010

    -----------------------
    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    Wednesday, April 17, 2013 5:08 PM
  • do you mean we need to recreate the sync connection after AD merge? and also what are the issues that we get as you mentioned "As for moving SharePoint servers between domains, it is primarily due to information held within the config database as well as other security issues which do not translate when moving the machine from domain to domain." As precaution we will identify the issues before merging AD Domain. Thanks.


    Thanks, Ram Ch

    Thursday, April 18, 2013 3:17 AM
  • Hi,

    Thank you for your question. I am trying to involve someone familiar with this topic to further look at this issue. There might be some time delay. Appreciate your patience. Thank you for your understanding and support.

    Thanks,

    Entan Ming

    TechNet Subscriber Support in forum

    If you have any feedback on our support, please contacttnmff@microsoft.com.


    Entan Ming
    TechNet Community Support

    Thursday, April 18, 2013 9:58 AM
    Moderator
  • You should have two sync connections, one per forest.  As for moving SharePoint servers between domains, it simply isn't supported.  You'll need to build a new farm in the new domain and transfer the content (databases) between the farms.


    SharePoint - Nauplius Applications
    Microsoft SharePoint Server MVP
    MCITP: SharePoint Administrator 2010

    -----------------------
    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    Thursday, April 18, 2013 10:43 PM
  • Thanks Trevor,what would be the case of migrating users in case after merging with new domain? in our case old domain accounts will remain active for at least next 5 months. so in this case i think no need to perform stsadm -o migrate users as old domain remain active for next 5 months though domain has moved?. please correct me if i am wrong..

    Thanks, Ram Ch

    Friday, April 19, 2013 4:16 AM
  • You need to migrate the user once their account has either been migrated (e.g. via ADMT) or a new account has been created for them in the target domain (note if you do migrate accounts via ADMT with SID History, make sure the source account is in a disabled state post-account migration).

    SharePoint - Nauplius Applications
    Microsoft SharePoint Server MVP
    MCITP: SharePoint Administrator 2010

    -----------------------
    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    Friday, April 19, 2013 4:34 AM
  • I just want to explain the situation in detail, so that you can share your thoughts. Please bear with me.

    Currently we are working in X company. We recently bought Y Company.

    Both X and Y companies have different SharePoint instances with different Domains.

    Our infrastructure team made a decision to migrate Y Company Domain to X Company. But they are not going to disable old accounts of Y Company.

    We believe there will be no impact at any level to Y Company SharePoint instances since users of Y Company can login using their old Y company domain accounts.

    But please let us know your thoughts and correct me if my assumption is wrong.  Thanks.

     


    Thanks, Ram Ch

    Friday, April 19, 2013 4:50 AM
  • If you migrate Company Y employees with ADMT and SID History into Company X, you must disable the source account in Company Y domain.

    If you just create a two-way trust between the domains, users from Company Y can leverage their Company Y domain accounts to log into SharePoint with no migration required.


    SharePoint - Nauplius Applications
    Microsoft SharePoint Server MVP
    MCITP: SharePoint Administrator 2010

    -----------------------
    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    Friday, April 19, 2013 4:53 AM
  • Trevor, hope you are doing well!! can we use stsadm -o migrate user command if domains are not trusted each other.


    Thanks, Ram Ch

    Monday, May 13, 2013 8:24 AM
  • Yes you can.  You'll need to use -ignoresidhistory.

    SharePoint - Nauplius Applications
    Microsoft SharePoint Server MVP
    MCITP: SharePoint Administrator 2010

    -----------------------
    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    Monday, May 13, 2013 2:12 PM