locked
Problem modifying an AD security group name (repost from General) RRS feed

  • Question

  • **reposted from General forum**

    http://social.technet.microsoft.com/Forums/en-US/sharepointgeneral/thread/b7fb1014-11ba-480a-913b-d497e270964b

    Hi all,

    I have recently inherited the maintenance of a Sharepoint 2007 site with zero knowledge of Sharepoint at all. Due to a restructure in the company, several AD security groups have to be renamed. Existing file ownerships and document permissions have to be preserved thus we cannot delete and recreate the groups.

    AD setup:

    • Group_X
    • Person_A belonging to Group_X
    • Person_B belonging to Group_X

    Sharepoint user setup:

    • Group_X, Person_A and Person_B are granted access to site by portal administrator
    • **Note: Group_X is created as a "New User" and not as a "New Group"

    Document library setup:

    • A folder is created and "Modify" permission is given to Group_X
    • When Person_A or Person_B logs in to the site, they will be able to access the folder

    Restructure:

    • Group_X is to be renamed as Group_Y

    What has been done so far:

    • AD security group Group_X has been renamed as Group_Y
    • Was recommended to use stsadm migrateuser command but did not work on AD security group
    • Managed to find 2 hotfixes kb973409 and kb973410 to enable a command migrategroup for stsadm
    • Executed command "stsadm -o migrategroup -oldlogin <domain>\GROUP_X -newlogin <domain>\GROUP_Y"
    • Account name in sharepoint successfully mapped to the new Group_Y

    Current problem:

    • The display name of Group_Y as viewed in Site Settings -> People and Groups, as well as when Managing Permissions still reflect as the old Group_X
    • In the People and Groups edit page, the display name is read-only and cannot be changed
    • In the Central Admin -> View User Profiles, only Persons are listed there, AD groups are not found in the list and thus display name cannot be updated from there
    • We have found a Powershell command to update the group name but running into problems executing it.

    Powershell:

    [Reflection.Assembly]::Load("Microsoft.SharePoint, Version=12.0.0.0, Culture=Neutral, PublicKeyToken=71e9bce111e9429c")
    $site=[Microsoft.SharePoint.SPSite]("http://<site>")
    $group = $site.RootWeb.SiteUsers["<domain>\GROUP_X"]
    $group.Name = "GROUP_Y"
    $group.Update()
    We have absolutely no idea of how to use Powershell. The 3rd line gives an exception "Unable to index into an object of type Microsoft.Sharepoint.SPUserCollection."

    We tried commands "$site.rootweb" and "$site.allwebs", which gave an Access Denied error.

    Any idea if we are missing out anything in the script or if there are other methods to change the display name of the AD security group?

    Thanks in advance for taking the time to read this very long post! Appreciate any help!

    Wednesday, April 18, 2012 2:03 AM

All replies