Small Business Susan

SBS User migration

A while back I did a blog post that talked about a script to move your users after you migrated them.  I took it off the blog because the script was not complete.  I’ve gotten a few requests for that script and it tells me that the documentation is still confusing.  I know that there is updated documentation in the works but I’m not sure of the ETA.


In the mean time the key thing you do is to use the user account wizards to “migrate” the users and this will plop them into where they need to go.  You want to use this wizard because it will ensure that all of the key elements are as they should be.


 


 


Change user account roles



Note

Before you migrate user accounts, you can create custom roles by using the Add a New User Role Wizard. You can then use the new user role when you migrate the user accounts to the Destination Server.



To migrate user accounts

  1. In the Migration Wizard, on the Migration Wizard Home page, click Migrate users and groups, and then click Next.

  2. On the Migrate groups page, click Next.

  3. On the Migrate user accounts page, click Run the Change User Role Wizard.

  4. On the Select new user role page, select the type of user role that you want the user account to have in Windows SBS 2008, and then choose how you want to apply the permissions and settings.

    1. Either you can replace any permissions or settings that are granted to the user account, or
    2. You can add the Windows SBS 2008 permissions and settings where applicable.
  5. Click Next.

  6. On the Select user accounts page, choose the user accounts to apply the role type to, and then click Next.

    Note

    To view the user accounts that were migrated from the Source Server, in the Users list view, click the Display all the user accounts in the Active Directory check box.

  7. When the wizard finishes, click Finish. The user account role type is changed to the role type that you selected.

  8. Repeat steps 3 through 6 until you apply permissions and settings to all user accounts that were migrated.

  9. When the you finish applying permissions and settings to all user accounts, click Task complete, and then click Next.


Note

By default, user accounts that were migrated from the Source Server do not need to meet the Windows SBS 2008 password policies, which are applied to new user accounts in Windows SBS 2008. When a user with a migrated user account resets or changes their password, they are required to meet the Windows SBS 2008 password policy. If the Windows SBS 2008 password policy is changed to make it stronger (for example, more complex or longer password length), all users, including users with migrated user accounts, are required to reset their passwords to meet the new password policy.


Important

To help secure your network, it is recommended that you delete the STS Worker, SBSBackup, IUSR_SBS, and IWAM_SBS user accounts and any other user account or group that is not used.



Map permitted computers to user accounts


In Windows SBS 2003, if a user connects to Remote Web Workplace, all computers in the network are displayed. This may include computers that the user does not have access rights to. In Windows SBS 2008, a user must be explicitly assigned to a computer for it to be displayed in Remote Web Workplace. Each user account that is migrated from Windows SBS 2003 must be mapped to one or more computers.

To map user accounts to computers
  1. Open the Windows SBS Console.

  2. In the navigation bar, click Users and Groups.

  3. In the list of user accounts, right-click a user account, and then click Edit user account properties.

  4. Click the Computers tab, and then assign one or more client computers to the user account. You can also set the local access rights on each client computer.

  5. Repeat steps 3 and 4 for each user account.

After mapping user accounts to client computers, you can set a default computer for remote access. Go to the Remote Access tab, and then, in the user account properties, set a default client computer for each user who needs to access the network remotely.

Note

You do not need to change the configuration of the client computer. It is configured automatically.