Tuesday, June 07, 2011

[SP2007/SP2010] Migrate SharePoint across domains

A while ago I worked on a project where we had to migrate a customer’s SharePoint 2007 environment from another service provider to a newly created environment in our own datacenter. The challenge we had during this project was that the new environment was built from scratch, meaning that the Active Directory would be a different one than the original environment was located in. Unfortunately there were no possibilities to create a trust between the two domains.

The above would mean that since the Active Directory changed, , the domain name would change as well as all user accounts (or SIDs). This meant that all security permissions, alerts and ownerships would become unusable. These had to be migrated to the new accounts in the new AD.

For migrating users, SharePoint offers a stsadm operation called “migrateuser”. However, at the time of the project there was no operation for groups migration, so we needed a solution for that as well.

  • The web application URL's would not change
  • The user account format would not change in the new Active Directory. User1 in the old AD, would be User1 in the new AD.
  • MIIS was used to create the users in the source environment. ILM2007 would be used in the new environment. Any custom code used in MIIS could be migrated to the ILM2007 environment, however some changes and updates would be made in the process.
  • The old environment was based on 32 bit SharePoint 2007 on Windows Server 2003. The new environment would be based on 64 bit SharePoint 2007 on Windows Server 2008.
  • The source SharePoint environment contained a SSP. Unfortunately there is no way to copy the SSP or its settings to the new environment automatically. The SSP had to be recreated manually.
  • The user profiles in the SSP had to be migrated as well. There was no tool available that was able to export the user profiles and import in our new environment. We had to create a tool for this. On Codeplex we found a Profile Import tool (MOSS Profile Importer), but that was unable to export the information from an existing SharePoint farm. We used this code as a starting point for our own tool.
  • The migrategroup command did not exist yet, fortunately only seven different AD groups were used. These needed to be migrated manually.
  • The stsadm operation migrateuser has to be run for each user id. A custom solution is required to generate a script for all users. Running this script consumes much time and needs to be shortened as much as possible.
The preparation steps we took were:
  • Create the custom tooling require to perform the migration (profile export/import, migrateuser script)
  • Perform a test migration in order to validate the migration steps and target environments.
The steps we took to migrate the content were:
Environment setup
  • Setup the new SharePoint 2007 environment and use same patch level as the original farm
  • Install all custom solutions on the target environment
  • Create all users in the new Active Directory
  • Setup the SSP in the target environment and configure it according to the settings of the old environment (user profile properties, profile import, audiences, search, etc)
User profile information
  • Import all users from AD into the SSP
  • Backup all user profile information to file
  • The import tool is using the user id to import the data to the correct profile, so we had to replace the old domain name with the new domain name in the export file
  • Restore all user profile information into the new SSP
  • Create SQL backup of the source content databases (web applications and MySites) to a USB disk
  • Ship the disk to the other datacenter and connect it to the server
  • Restore the SQL backups on the target SQL server from USB disk
  • Connect the content databases to the correct web applications
  • Test the site collections for correct operation of the databases
  • Run the migrateuser script generation tool. This tool created three script files, which we could run on three different servers to speed up the migration process.
  • Run the migration scripts
  • Manually change group membership for each used group (add new group, grant permissions and remove old group) in the entire site structure
  • Test, test, test
  • Since the August 2009 Cumulative Update, SharePoint 2007 stsadm includes the migrategroup operation, which is able to migrate groups the same way migrateuser does for users.

No comments: