Do not use Move-SPUser (and also "stsadm -o migrateuser") on a SharePoint Farm with multiple web application mapped to different identity provider.
This because this PowerShell command acts over all Content Database.
For example assume that you have a Claims Based Web Application using NTLM schema, a second web application Claims Based but using ADFS a Trusted identity provider and a third Web Application using NTLM.
If you perform a Move-SPUser for a NTLM user to ADFS IDP this will impact all webapplication, even if SPUser parameter you pass to the command was build using a specific web application / site collection.
If you want to migrate from NTLM to a different identity provider only a webapplication, what I suggest you is to detach temporary all content databse you don't want to migrate.
Perform Move-SPUser and then reattach all detached content db.
Remember to check Policy for Web Application after user migration.
Thursday, June 12, 2014
How to Install ActiveDirectory Powershell Module on a Windows 2008R2 or 2012 member Server
If you want to install ActiveDirectory PowerShell on a member server in order to use ps1 for manage users not only on Active Directory Server, you need to execute this simple PowerShell script.
Import-Module ServerManager
Add-WindowsFeature RSAT-AD-PowerShell
This will add ActiveDirectory Module so finally you can use for example Get-ADUser command to get specific user against Active Directory.
Import-Module ServerManager
Add-WindowsFeature RSAT-AD-PowerShell
This will add ActiveDirectory Module so finally you can use for example Get-ADUser command to get specific user against Active Directory.
Labels:
Active Directory,
Get-ADUser,
PowerShell,
Windows Server
Subscribe to:
Posts (Atom)