SharePoint : Migrating SharePoint Server from one domain to another

You have a Single Server farm and would like to migrate SharePoint server to a new domain



Step 1: Preparations before migrating servers:

1.Check if the SharePoint Central Administration’s Application Pool is running under Network Service or using a Domain Account

To verify:

a. Open IIS manager –>Expand Web Sites –> Right Click on SharePoint Central Administration –> Properties –> Home Directory Tab and then locate the Application Pool mapped

b. Right click on the Application Pool and then Click on then Identity Tab.

Note: If the Application Pool is running under Network Service then we can skip the next step.

2. Create a new service account in the new domain (CONTOSO.COM)

3. Open SQL Management Studio and backup all the SharePoint related databases including configuration database.

Step 2: Making SharePoint Server a member server of a Different Domain

1. Right click on My Computer

2. Click on Properties

3. Under Computer Name click on Change…

4. Set it to Workgroup (Restart)

After the restart of the server, join the server back to the domain following 1 – 3 section however, pointing it as a member of new domain (CONTOSO.COM).

Step 3: Setting up Service Account Rights:

Add the newly created service account to the Local Administrator, WSS_WPG, WSS_ADMIN & IIS_WPG group

To do so follow:

1. Right click on My Computer

2. Click on Manage

3. Expand Configuration and then expand Local Users and Groups

4. Click on Groups and then from the right pane double click on the appropriate group as mentioned above and add the service account.

Step 4: SQL Permissions:

We have to setup appropriate permission for the new service account in order to make SharePoint Work.


1. Open SQL Management Studio and then connect to the server

2. Expand Security

3. Right click on Logins and select new login

4. Under Login name specify the new service account

5. Click on Server Roles and Check (DBCreator & SecurityAdmin)

6. Click on User Mapping and then Check the SharePoint related databases one at a time giving DB_Owner Rights.

Step 5: Updating Service Account:

To update SharePoint with the new service account we have to execute following commands on all the SharePoint Servers.

Open CMD and navigate to cd %commonprogramfiles%\Microsoft Shared\Web server extensions\12\Bin

1. stsadm -o updatefarmcredentials -userlogin CONTOSO\ServiceAccount -password NewPassword

2. stsadm -o updateaccountpassword -userlogin CONTOSO\ServiceAccount -password NewPassword -noadmin

3. stsadm.exe -o spsearch -farmserviceaccount CONTOSO\ServiceAccount -farmservicepassword NewPassword

4. stsadm.exe -o spsearch -farmcontentaccessaccount CONTOSO\ServiceAccount –farmcontentaccesspassword NewPassword

5.stsadm.exe -o editssp -title SharedServicesProviderName -ssplogin CONTOSO\ServiceAccount -ssppassword NewPassword

6. stsadm.exe -o osearch -farmserviceaccount CONTOSO\ServiceAccount -farmservicepassword NewPassword

Note: In case of WSS v3 point no. 5 & 6 is not applicable.


Step 6: Confirm Site loads:

Using the new farm service account attempt to load the SharePoint Central Administration, once it loads successfully attempt to load the Portal Site using the same account.

Step 7: Migrating User Accounts:

Warning: Before you begin ensure that we have migrated all the AD user accounts to the new domain.

Note: When a user is migrated in Active Directory, the Security Identifier (SID) changes for the user. Additionally, the logon information for the user might be changed. Windows SharePoint Services and Microsoft SharePoint Portal Server 2003 store user information based on both the user SID and the user logon information. When the user SID or the user logon information changes in Active Directory, Windows SharePoint Services must be updated with the new user information before the user can access Windows SharePoint Services successfully.

In order to map the old domain account to the new domain account in SharePoint execute following.

Open CMD and navigate to cd %commonprogramfiles%\Microsoft Shared\Web server extensions\12\Bin

Execute: stsadm -o migrateuser -oldlogin DOMAIN\user -newlogin DOMAIN\user -ignoresidhistory

Where OldLogin = User account from the old domain for e.g., FABRIKAM\SUSHRAO

And the Newlogin = Migrated user account CONTOSO\SUSHRAO


To migrate the Security Group

stsadm –o migrategroup –oldlogin Domain\group –newlogin Domain\group

Where OldLogin = security group from the old domain for e.g., FABRIKAM\HR

And the Newlogin = Migrated group CONTOSO\HR