locked
migrate user error in WSS 3.0 RRS feed

  • Question

  • I have a situation with the migrate user command. It is a WSS 3.0 environment. The AD User name changed do to marriage. (domain\oldname to domain\newname). the user domain\oldname was granted access to the site via an AD group, it is not confirmed that the user ever actually browsed the site as domain\oldname.  A lot of time has passed (nearly 2 years) and now the user browses the site as domain\newname. Authentication succeeds, however the welcome control in the corner shows oldname. When she views "my settings" it shows old name. (I belive the SID is allow her authentication).

    When I attempt to run stsadm -o migrateuser -oldlogin domain\oldname -newlogin domain\newname I get the error that the oldlogin does not exist.

    when I browse the user info list (/_catalogs/users/simple.aspx) neither oldname or newname show up.

    When I browse userinfo table in Database (on a backup copy of database </wink>) I find domain\oldname and not domain\newname. However the tp_isActive field is set to 0.

    I believe this to be my problem. This post states nearly as much (http://social.technet.microsoft.com/Forums/en-US/sharepointadminprevious/thread/e96162f9-75f1-4c73-8288-09882555c473 ). However I cannot perform step 2b because it states that it is not a unique user. Since it is not Active, it cannot be deleted, nor can it be migrated.

    I am looking for a SUPPORTED way to make the user active again so that I can migrate the name to a new name or at least delete the domain\oldname account.

    Thanks for any help.

    Eric VanRoy

    Wednesday, March 13, 2013 11:06 PM

Answers

  • All you need to do to make the user active is to have the user do something more than READ in that site collection.  They can create or edit a list item or upload a file.  If they do anything like that they will be flagged as an active user.  Inactive users are the ones who gain permissions to the site through membership in a Group AND who have never contributed anything to the site. 

    Have the user do something active on the site and then wait for the Timer Job to run that syncs the User Profile Display name with Active users in the User Info Table.  If I remember right the default timing is 30 minutes on that timer job.


    Paul Stork SharePoint Server
    MVP Principal Solutions Architect: BlueChip Consulting Group
    Blog: http://dontpapanic.com/blog
    Twitter: Follow @pstork
    Please remember to mark your question as "answered" if this solves your problem.

    • Marked as answer by Eric VanRoy Saturday, March 16, 2013 2:05 PM
    Thursday, March 14, 2013 2:01 AM

All replies

  • Does the user show up in http://sitecollection/_layouts/people.aspx?MembershipGroupId=0?

    SharePoint - Nauplius Applications
    Microsoft SharePoint Server MVP
    MCITP: SharePoint Administrator 2010

    -----------------------
    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    Thursday, March 14, 2013 1:57 AM
  • All you need to do to make the user active is to have the user do something more than READ in that site collection.  They can create or edit a list item or upload a file.  If they do anything like that they will be flagged as an active user.  Inactive users are the ones who gain permissions to the site through membership in a Group AND who have never contributed anything to the site. 

    Have the user do something active on the site and then wait for the Timer Job to run that syncs the User Profile Display name with Active users in the User Info Table.  If I remember right the default timing is 30 minutes on that timer job.


    Paul Stork SharePoint Server
    MVP Principal Solutions Architect: BlueChip Consulting Group
    Blog: http://dontpapanic.com/blog
    Twitter: Follow @pstork
    Please remember to mark your question as "answered" if this solves your problem.

    • Marked as answer by Eric VanRoy Saturday, March 16, 2013 2:05 PM
    Thursday, March 14, 2013 2:01 AM
  • Paul, Thank you. I am having the client try that now.

    This is really a BI farm and thus 90% of trhe users only have read access. I did have an issue when trying to add the user with contribute rights to anywhere. Had to add an AD group they are a member of with Contribute rights because explicitly adding user cause "unique user" error.

    I understood about the "placeholder" when a user was granted access via an dAD group, but I had actually thought the user bacame Active when they first logged into the site. You explanation makes much more sense.

    Thanks,

    Eric

    Thursday, March 14, 2013 3:12 PM
  • Its a holdover from all the way back in SharePoint 2003.  Only user's who contribute are marked as active.  It makes the timer job run much quicker, but causes all kinds of related issues like the one you are describing.

    Paul Stork SharePoint Server
    MVP Principal Solutions Architect: BlueChip Consulting Group
    Blog: http://dontpapanic.com/blog
    Twitter: Follow @pstork
    Please remember to mark your question as "answered" if this solves your problem.

    Friday, March 15, 2013 12:11 PM
  • thanks for the help. those steps worked (or at least close enough). I still was not able to Migrate the user, but I was able to view the user in the userinfo list after they did something actionable. Since I could view them, I could then delete them. After that I added them explicitly with contribute rights and then removed the permissions (left the user).

    The user updated to the new name at that point.

    Thanks for the help. I remember fighting this in 2003.

    Eric

    Saturday, March 16, 2013 2:05 PM