• State Suggested Answer
  • Replies 6 replies
  • Answers 2 answers
  • Subscribers 114 subscribers
  • Views 2099 views
  • Users 0 members are here
Options
Related

On Demand Migration for Active Directory - Group memberships not migrating

derrick fernandez
over 1 year ago

I just completed staging for users and groups and realized the group memberships did not come over from the source. I did the staging of groups first, then users. Is it required to do users first? All objects were created new, by directory sync. I know they match up correctly because SID history is populated with the source SID.

Top Replies

Parents
  • 0 over 1 year ago

    Hello  ,

    Typically, it is best to sync the users first, so that there are objects in our back-end database to add to the groups. However, syncing groups first will not be a problem, it just means you will need to sync the users twice, then run the group sync again for the groups to be populated. The first user sync will create the users, then you would need to run the user sync again, so that we "read-in" the new users we created on the first user sync. Then you can sync the groups again and get the membership populated.

    Regards,

    Trevor Taegder
    Senior Technical Support Engineer
    Quest | Support

  • 0 7 days ago in reply to Trevor Taegder

    This is old, but found it relevant today. To put it shortly: 

    1. User accounts migrate FIRST in the target domain. Via a dedicated, only move users, workflow

    2. Groups migrate SECOND after User accounts exist, again via a dedicated separate workflow than the one used for users. Groups are mapped to their previous reference from the source domain via SID history (basically the migrated group is representing what it was in the source domain).

    3. After this happens in this specific order, the user accounts will 'auto-magically' be placed into their corresponding groups that they previously had if the SID history aligns? 

    #3 is interesting to me, how does this automatically happen. OR is a delta sync or an additional matching workflow on either the user or the group workflow run needed for this matching of user -> group to happen?

Reply
  • 0 7 days ago in reply to Trevor Taegder

    This is old, but found it relevant today. To put it shortly: 

    1. User accounts migrate FIRST in the target domain. Via a dedicated, only move users, workflow

    2. Groups migrate SECOND after User accounts exist, again via a dedicated separate workflow than the one used for users. Groups are mapped to their previous reference from the source domain via SID history (basically the migrated group is representing what it was in the source domain).

    3. After this happens in this specific order, the user accounts will 'auto-magically' be placed into their corresponding groups that they previously had if the SID history aligns? 

    #3 is interesting to me, how does this automatically happen. OR is a delta sync or an additional matching workflow on either the user or the group workflow run needed for this matching of user -> group to happen?

Children
No Data