IT 관련 이야기/SharePoint

After you migrate a user from a different Active Directory domain, the user can no longer access Windows SharePoint Services

종소리도깨비 2008. 10. 30. 16:05
반응형

SYMPTOMS

After you migrate a user from one Active Directory domain to another Active Directory domain, the user experiences one of the following symptoms:
The user can no longer access Microsoft Windows SharePoint Services.
The user can access Windows SharePoint Services, but the user's settings are no longer the same as they were before the migration.

 

CAUSE

When a user is migrated in Active Directory, the Security Identifier (SID) changes for the user. Additionally, the logon information for the user might be changed. Windows SharePoint Services and Microsoft SharePoint Portal Server 2003 store user information based on both the user SID and the user logon information. When the user SID or the user logon information changes in Active Directory, Windows SharePoint Services must be updated with the new user information before the user can access Windows SharePoint Services successfully.

 

RESOLUTION

How to obtain the hotfix

This issue is fixed in the Microsoft Windows SharePoint Services post-Service Pack 1 Hotfix Package that is dated March 29, 2005. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
896349 (http://support.microsoft.com/kb/896349/) Description of the Windows SharePoint Services post-Service Pack 1 hotfix package: March 29, 2005

 

API information

The Windows SharePoint Services post-Service Pack 1 hotfix package that is dated March 29, 2005 contains an API that you can use to update Windows SharePoint Services with the migrated user information. This new API is made up of the following data:
Namespace: Microsoft.SharePoint.Administration
Class: SPGlobalAdmin
Method: MigrateUserAccount

Method usage

 /// <summary>
  /// Migrate a WSS user to a new login name.
  /// </summary>
  /// <param name="oldLogin">Old login name</param>
  /// <param name="newLogin">New login name</param>
  /// <param name="enforceSidHistory">If true, Active Directory will be
  /// queried to ensure that the specified old login name is contained
  /// within the new login name's SID history.</param>

  public void MigrateUserAccount(string oldLogin,
                                 string newLogin,
                                 bool enforceSidHistory);

Example

 SPGlobalAdmin g = new SPGlobalAdmin();
  string oldLogin = @"DOMAIN\user";
  string newLogin = @"DOMAIN\user2";
  bool enforceSidHistory = true;

  g.MigrateUserAccount(oldLogin, newLogin, enforceSidHistory);

Parameters

Old login name Replace this value with the original pre-migration user name of the migrated user. This user name must be in the domain\username format.
New login name Replace this value with the new post-migration user name of the migrated user. This user name must be in the domain\username format.
enforceSidHistory Set this value to True to require that the SID History attribute of the user name that you specified in the New login name value contains the SID of the user name that you specified in the Old login name value. Alternatively, if you do not want the SID History attribute to be verified, set the enforceSidHistory value to False.
Additionally, the following new command is added to the Stsadm.exe command-line tool:
stsadm -o migrateuser -oldlogin DOMAIN\user -newlogin DOMAIN\user [-ignoresidhistory]
If you do not specify the -ignoresidhistory parameter in this command line, the command queries Active Directory for the SID History attribute. This attribute is automatically populated by Microsoft Windows when you migrate a user to another domain.

Error messages

The following error messages are available:
You receive a "The user does not exist" error message if either of the following conditions is true:
The user information that you specify in the new login name value is a domain group.
The records have not been updated because the original user logon information or the original user SID was not found in the content database.
If the new user account does not have an SID History field, or if none of the SIDs in that field match an SID in the content database, you receive the following error message:
Cannot complete this action. Please try again
Note You also receive this error message if the user information that you specify in the old login name value is corrupted.
If the user information that you specify in the new login name value is corrupted, you receive the following error message:
The user or group ' -newlogin argument ' is unknown.

 

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

 

MORE INFORMATION

Important If you want to migrate a user to SharePoint Portal Server 2003 by using the procedure that is described in the following Microsoft Knowledge Base article, you must first migrate the user to Windows SharePoint Services by using the hotfix that is mentioned in this article:
896161 (http://support.microsoft.com/kb/896161/) A user can no longer access SharePoint Portal Server 2003 after you migrate that user from one Active Directory domain to another Active Directory domain

반응형

'IT 관련 이야기 > SharePoint ' 카테고리의 다른 글

Automatic Updates Must Be Updated  (0) 2008.11.04
How to change service accounts and service account passwords in SharePoint Server 2007 and in Windows SharePoint Services 3.0  (1) 2008.10.30
SQL server 2005 수동 삭제 방법  (0) 2008.10.28
How to change service accounts and service account passwords in SharePoint Server 2007 and in Windows SharePoint Services 3.0  (0) 2008.10.27
Office 클라이언트 응용 프로그램에 게시된 링크 설정법  (0) 2008.10.20

'IT 관련 이야기/SharePoint '의 다른글

  • 현재글After you migrate a user from a different Active Directory domain, the user can no longer access Windows SharePoint Services

관련글

티스토리툴바