Duplicating SSP Profiles during MOSS 2007 SP1 User Migration (Server 2003) RRS feed

  • Question

  • Hi


    My company has recently merged and we are currently running 2 AD's with a two way trust.

    When a user is migrated to the new domain we need them to be able to logon to Sharepoint and retain their old permissions. 

    However I’ve ran into an issue when a migrated user logs on. The current process is this;


    ·         User has an active account in old domain DOMAIN_A

     ·         User has an active profile in our SSP and is a member of our MAIN_SITE

    ·         User has permissions on documents, a MYSITE and can use workflows 

    ·         User is migrated to DOMAIN_B via ADMT and the SIDHISTORY is populated

    o   (at this point the user can access MAIN_SITE but has no access to previous permissions etc)


    ·         I Run STSADM -o migrateuser -oldlogin DOMAIN_A\user1 -newlogin DOMAIN_B\user1 -ignoresidhistory

    o   However this only changes the profile information on the sites and not the SSP profile 

    ·         The DOMAIN_B user can now logon and has access to previous permissions etc and all is good.


    Up to this point everything is fine migration wise until the user tries to access a MYSITE or do something new and unique it seems.


    ·         Migrated user on DOMAIN_B logons and has permissions but then clicks on MYSITE.

    ·         Sharepoint then creates a NEW profile in the SSP and creates a new MYSITE. 

    ·         The next time the user logs on to SIGN, because there is a profile in SSP called DOMAIN_B\user1 it uses this profile on teh MAIN_SITE  (Permissions are lost, no access to old mysite etc)

    ·         Deleting the SSP profile for DOMAIN_B and leaving the DOMAIN_A one fixes the issue but only until the user clicks on MYSITES again or triggers the profile creation process.


    I’ve tried numerous tips from various sites to try and resolve this but nothing so far.

    Like i said, the STSADM command seems to work fine, it's the creation of this NEW profile and that being used instead of teh old migrated profile that's the issue.


    I can only think of three options:


    1.       Change the SSP "account name" to reflect the DOMAIN name change (not sure if this is possible)

    2.       Import DOMAIN_B accounts into SSP and migrate permissions etc over to that (possibly delete the DOMAIN_A one)

    3.       Block sharepoints ability to AUTOMATICALLY create any new SSP profiles (should only be generated via import)


    Not sure where to go with that though.....

     Any input or pointers to this would be greatly appreciated.

    Thanks in advance


    Thursday, May 12, 2011 9:49 AM

All replies

  • Hi John,

    From your description, I know you still can access the old MySite. Then please try to back up the old MySite and restore it to the new My Site:

    1.       Backup old MySite using stsadm –o backup –URL http://oldermysite url –filename Driver:\file path

    2.       Create the new MySite, and restore the backup file to the new MySite. Stsadm –o restore –URL http://newmysite url –filename Driver:\file path

    Refer to http://support.microsoft.com/kb/2018640

    Best regards,

    Monday, May 16, 2011 10:23 AM
  • Hi Emir,

    Thanks for the reply.

    I have tried this previously and it works fine.

    I click on MYSITE for the DOMAIN_B user and I get teh DOMAIN_A user MY SITE.

    However if I then click on Welcome User1 and choose MY SETTINGS is creates a WSS Profile DOMAIN_B\User1

    Next time they click on MY SITE they get this new profile which has no MY SITE so a new one is created.

    Not sure if I'm perhaps missing something in the steps for migrating users between domains.

    Should I manually delete the WSS profile for DOMAIN_A\User1 after the STSADM migrateuser command?


    Thanks again



    Monday, May 16, 2011 12:26 PM