Great to have an option to move a SharePoint Server to the different domain (or different farm) instead of recreating new farm / merging multiple Active Directories (AD) and migrating contents from old farm to new one is a common expectation of every user. As this expectation is more common in case of merging of companies with different ADs in terms of time and manual effort to check the data integrity.
My answer to such user’s expectation is YES!!!
In this blog, I will give you some techniques to move SharePoint from one domain (AD) to another. You can choose the technique based on your farm architecture (either single server farm or multi servers farm).
Technique#1 – For single server farm configuration
Step #1: Preparations before migrating servers
- Check if the SharePoint Central Administration’s Application Pool is running under Network Service or using a Domain Account
- Open IIS manager –>Expand Web Sites –> Right Click on SharePoint Central Administration –> Properties –> Home Directory Tab and then locate the Application Pool mapped
- Right click on the Application Pool and then Click on then Identity Tab.
Note: If the Application Pool is running under Network Service then we can skip the next step.
- Create a new service account in the new domain
- Open SQL Management Studio and backup all the SharePoint related databases including configuration database.
Step #2: Making SharePoint Server a member of a new Domain
- Right click on My Computer
- Click on Properties
- Under Computer Name click on Change…
- Set it to Workgroup (Restart)
After the restart of the server, join the server back to the domain following 1 – 3 section however, pointing it as a member of new domain.
Step #3: Setting up Service Account Rights
Add the newly created service account to the Local Administrator, WSS_WPG, WSS_ADMIN & IIS_WPG group by,
- Right click on My Computer
- Click on Manage
- Expand Configuration and then expand Local Users and Groups
- Click on Groups and then from the right pane double click on the appropriate group as mentioned above and add the service account.
Step #4: SQL Permissions
Setup appropriate permission for the new service account in order to make SharePoint Work.
- Open SQL Management Studio and then connect to the server
- Expand Security
- Right click on Logins and select new login
- Under Login name specify the new service account
- Click on Server Roles and Check (DBCreator & SecurityAdmin)
- Click on User Mapping and then Check the SharePoint related databases one at a time giving DB_Owner Rights.
Step #5: Updating Service Account
Update SharePoint with the new service account by executing the following commands (one by one) on all the SharePoint Servers.
cd %commonprogramfiles%\Microsoft Shared\Web server extensions\12\Binstsadm -o updatefarmcredentials -userlogin CONTOSO\ServiceAccount -password NewPassword
stsadm -o updateaccountpassword -userlogin CONTOSO\ServiceAccount -password NewPassword -noadmin
stsadm.exe -o spsearch -farmserviceaccount CONTOSO\ServiceAccount -farmservicepassword NewPassword
stsadm.exe -o spsearch -farmcontentaccessaccount CONTOSO\ServiceAccount –farmcontentaccesspassword NewPassword
stsadm.exe -o editssp -title SharedServicesProviderName -ssplogin CONTOSO\ServiceAccount -ssppassword NewPassword
stsadm.exe -o osearch -farmserviceaccount CONTOSO\ServiceAccount -farmservicepassword NewPassword
Step #6: Confirm Site loads
Using the new farm service account attempt to load the SharePoint Central Administration, once it loads successfully attempt to load the Portal Site using the same account.
Step #7: Migrate User Accounts and Groups
Refer the below Migrating User Accounts & Groups section
Technique #2 – For Single Server and Multi-Server Farm
- Backup SharePoint farm completely.
Navigate to Central Administration -> Operations -> Perform a Backup and backup the entire farm. If there is any problem with UI then use command line option and enter the following command:
stsadm -o backup -directory c:\backup – backupmethod full
- Run the products and configuration wizard to break the configuration.
- Remove from existing domain.
- Join to New domain.
- Run the products and Configuration wizard and configure the new SharePoint environment.
- Restore the web applications (that was backup in step#1) and also please ensure that you don’t restore the configuration wizard and Administration Content Database.
- Perform the user account migration as stated below.
- Migrate User Accounts and Groups as explained below.
Migrating User Accounts & Groups:
Before you begin, please ensure that you have migrated all the AD user accounts to the new domain.
Note: When a user is migrated in Active Directory, the Security Identifier (SID) changes for the user. Additionally, the logon information for the user might be changed. SharePoint stores the user information based on both the user SID and the user logon information. When the user SID or the user logon information changes in Active Directory, the same must be updated in the SharePoint before the user can access.
In order to map the old domain account to the new domain account in SharePoint execute the following command in CMD in sequence.
cd %commonprogramfiles%\Microsoft Shared\Web server extensions\16\Bin
For User Accounts
stsadm -o migrateuser -oldlogin DOMAIN\user -newlogin DOMAIN\user -ignoresidhistory
For Security Group
stsadm –o migrategroup –oldlogin Domain\group –newlogin Domain\group