SaaS CMS has officially launched! Learn more now.

Migrate user accounts after AD change


The company I work for uses AD authentication on their Intranet built with EPiServer 6.  All 35 000 users are in the process of being migrated to a new AD, which means a new profile is being created for them in aspnet_Users when they access the Intranet with their new AD credentials.  I am trying to modify their original account with their new account name.  I am having issues with their content edition permissions.  I think everything is set in the tblAccess table, but when I update the Name field with the new AD\username value, permissions don't seem to be transferred to the new account when the user is logged in.  Can anyone think of anything I might be missing?  Here is my current process:

1. Trigger on aspnet_Users insert checks if user is using new domain.  If so, there is a search for the same user name with a different domain.  If found, a record is added to a migration table (originalUserId, originalUserName, newUserId, newUserName).

2. A job runs every few minutes to process the migration table.

* aspnet_Users: Switch UserName/LoweredUserName values between original and new user (originalUserId record has UserName updated to newUserName, newUserId gets originalUserName)

* tblWindowsUser: Update UserName/LoweredUserName to newUserName

* tblAccess:Update Name to newUserName

* tblChangeLog: Update ChangedBy to newUserName

* tblPage: Update CreatorName to newUserName

* tblXFormData: Update UserName to newUserName

* tblWorkPage: Update ChangeByName/NewStatusByName to newUserName

Dec 22, 2016 20:01

Do you see the correct data after restarting the application so that the cache is emptied?

Dec 28, 2016 17:08


I will have to do a few more tests, but it seems you are correct, an application restart (iisreset) is required for the changes to take effect.  This is rather inconvenient in my case, as the AD migration and user logins are gradual, and I can't do regular app restarts.

Thank you for the tip.

Jan 03, 2017 14:40
This thread is locked and should be used for reference only. Please use the Episerver CMS 7 and earlier versions forum to open new discussions.
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.