Question : Looking for tool that automatically generates SharePoint stsadm -migrate user scripts, when renaming a user in Active Directory

Our company frequently renames user accounts in Active Directory. This is a real pain because SharePoint requires the following stadm command be executed each time this done:

"stsadm -o migrateuser -oldlogin <old login name> -newlogin <new login name> -ignoresidhistory"

Currently our help desk renames them in active directory and emails me a spreadsheet with the name changes. I than create a batch file containing the neccessary stsadm commands.

The problem is that this process is error prone. I am considering building a utility to do one of the following.

1. Create a command line utility that reads the usernames from a spreadsheet, updates active directory and generates a file with the stsadm commands needed by SharePoint.

OR

2. Build a windows application for renaming users in active directory. At the same time it would automatically generate a file with the stsadm command.

Does anybody know if such a utility exists or have any other suggestions?

Answer : Looking for tool that automatically generates SharePoint stsadm -migrate user scripts, when renaming a user in Active Directory

Found the code. Here are some of the key pieces of the code/logic.

Again, for every webapplication, I get every site collection. The code starts on a given site collection.

Get the site collection user list.
For each user, check if user exist in AD via LoginName (samAccountName). If user exist skip (migrateuser not needed). If user doesn't exist, get the user's SID and look up AD based on SID.
If found, get the new login name and generate migrate user command to the batch file.
Note that the batch file will have multiple repeating lines for the same user across the site collections. I use a powershell sort command to remove the duplicates in the end (GC C:\migrateUsers.txt| Sort | GU > C:\migrateUsers.bat)

                       
         
           
             1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:
55:
56:
57:
58:
59:
60:
61:
62:
63:
64:
65:
66:

           
           
             [System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint") > $null
$site = new-object Microsoft.SharePoint.SPSite($SiteCollectionURL)
$web = $site.openweb()

$siteCollUsers = $web.SiteUsers

foreach($MyUser in $siteCollUsers)
{
	if(($MyUser.LoginName.ToLower() -ne "sharepoint\system") -and ($MyUser.LoginName.ToLower() -ne "nt authority\authenticated users") -and ($MyUser.LoginName.ToLower() -ne "nt authority\local service"))
	{
		$UserName = $MyUser.LoginName.ToLower()
		$UserNameSplit = $UserName.split("\")
		#Write-Host "User Login: ", $MyUser.LoginName, "SID: ", $MyUser.Sid

		$returncheck = Check_User_In_ActiveDirectory $UserNameSplit[1] $mydomaincnx 
		if($returncheck -eq $False)
		{

			$nameFromSID = ConvertTo-Name $MyUser.Sid
			if ($nameFromSID -ne "User Not Found")
			{
				$command = "stsadm.exe -o migrateuser -oldlogin " + $MyUser.LoginNAme + " -newlogin " + $nameFromSID + " -ignoresidhistory"
				Write-output $command | out-file C:\migrateUsers.txt -append
			}


		}
	}
}

$web.Dispose()
$site.Dispose()

function ConvertTo-Name ($SID) 
{
   trap 
   {
      "User Not Found"; continue
   }
   ((new-object security.principal.securityidentifier $SID).translate([security.principal.ntaccount])).Value
}

function Check_User_In_ActiveDirectory([string]$LoginName, [string]$domaincnx)
{
	$returnValue = $false
	#Filter on User which exists and activated
	$strFilter = "(&(|(objectCategory=user)(objectCategory=group))(samAccountName=$LoginName))"
	$objDomain = New-Object System.DirectoryServices.DirectoryEntry($domaincnx)

	$objSearcher = New-Object System.DirectoryServices.DirectorySearcher
	$objSearcher.SearchRoot = $objDomain
	$objSearcher.PageSize = 1000
	$objSearcher.Filter = $strFilter
	$objSearcher.SearchScope = "Subtree"

	#$objSearcher.PropertiesToLoad.Add("name")

	$colResults = $objSearcher.FindAll()

	if($colResults.Count -gt 0)
	{
		#Write-Host "Account exists and Active: ", $LoginName
		$returnValue = $true
	}
	return $returnValue
}

           
         