Migrating Local Group Membership

Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic

   Hello, we are testing a co-op version provided by your sales team.

Everything works perfectly. We can successfully migrate the computer to AzureAD and the profile is migrated successfully.

But we ran into a problem. Many users have membership in local groups on workstations (administrators, remote desktop users).

After the migration, we must manually add the AzureAD user to the local group. Is it possible to use the User Profile Wizard so that it adds AzureAD users to local groups as it did for on-prem AD?

Thank you.

Author	Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic
dpasternak Members Profile Send Private Message Find Members Posts Add to Buddy List Newbie Joined: 27 Apr 2023 Status: Offline Points: 5	Post Options Post Reply Quote dpasternak Report Post Thanks(0) Quote Reply Topic: Migrating Local Group Membership Posted: 27 Apr 2023 at 1:50pm
	Hello, we are testing a co-op version provided by your sales team. Everything works perfectly. We can successfully migrate the computer to AzureAD and the profile is migrated successfully. But we ran into a problem. Many users have membership in local groups on workstations (administrators, remote desktop users). After the migration, we must manually add the AzureAD user to the local group. Is it possible to use the User Profile Wizard so that it adds AzureAD users to local groups as it did for on-prem AD? Thank you.

dpasternak Members Profile Send Private Message Find Members Posts Add to Buddy List Newbie Joined: 27 Apr 2023 Status: Offline Points: 5	Post Options Post Reply Quote dpasternak Report Post Thanks(0) Quote Reply Posted: 27 Apr 2023 at 2:45pm
	We can write a script and add it to the script that runs during the Migrate-All.ps1 migration. So he would add the AzureAD SID of the user who is currently in the local admin group. Those. improve the script so that it does the same as with profiles, but in relation to local groups.

Support Members Profile Send Private Message Find Members Posts Add to Buddy List Moderator Group Joined: 09 Nov 2006 Location: United Kingdom Status: Offline Points: 1809	Post Options Post Reply Quote Support Report Post Thanks(0) Quote Reply Posted: 28 Apr 2023 at 9:29am
	Hi, User Profile Wizard will always add the new user account to the same local groups that the original user account is individually a member of. The original user must be individually a member of the local group – it will not work if they are in a group that is a member of the local group – for example “Domain Admins”. If you still have a problem, please can you email support with more information and your log file. Many thanks, Support

dpasternak Members Profile Send Private Message Find Members Posts Add to Buddy List Newbie Joined: 27 Apr 2023 Status: Offline Points: 5	Post Options Post Reply Quote dpasternak Report Post Thanks(0) Quote Reply Posted: 28 Apr 2023 at 3:37pm
	Thanks, I figured out the reason why it didn't work for me yesterday. There was a user in the local administrator group whose profile did not exist on the local system. Those. there must be a local profile, and in this case, if the user is explicitly (directly) added to the administrators group or another local group, in this case group membership migration will work. Thank you.

dpasternak Members Profile Send Private Message Find Members Posts Add to Buddy List Newbie Joined: 27 Apr 2023 Status: Offline Points: 5	Post Options Post Reply Quote dpasternak Report Post Thanks(0) Quote Reply Posted: 28 Apr 2023 at 3:40pm
	I also wanted to ask a question. Here is the script Migrate-All.ps1 I specify to run during the migration. If I modify it and recreate the config file. Will my code work or not?

Support Members Profile Send Private Message Find Members Posts Add to Buddy List Moderator Group Joined: 09 Nov 2006 Location: United Kingdom Status: Offline Points: 1809	Post Options Post Reply Quote Support Report Post Thanks(0) Quote Reply Posted: 04 May 2023 at 9:43am
	Hi, Yes, you can modify the Migrate-All.ps1 script, the scripts are provided as examples for common scenarios (migrate all, migrate last logged on user etc). If you are using a Single Deployment File, after you have modified the PowerShell script, you will need to run through the Deployment Kit in order to recreate the Single Deployment File (exe) with the updated Migration Script. Support.