Print Page | Close Window

Migrating Local Group Membership

Printed From: ForensiT
Category: ForensiT Support
Forum Name: Domain Migration
Forum Description: User Profile Wizard questions, suggestions, comments and bug reports
URL: https://forum.ForensiT.com/forum_posts.asp?TID=2333
Printed Date: 10 Dec 2023 at 1:07pm
Software Version: Web Wiz Forums 12.03 - http://www.webwizforums.com


Topic: Migrating Local Group Membership
Posted By: dpasternak
Subject: Migrating Local Group Membership
Date Posted: 27 Apr 2023 at 1:50pm
Hello, we are testing a co-op version provided by your sales team.

Everything works perfectly. We can successfully migrate the computer to AzureAD and the profile is migrated successfully.

But we ran into a problem. Many users have membership in local groups on workstations (administrators, remote desktop users).

After the migration, we must manually add the AzureAD user to the local group. Is it possible to use the User Profile Wizard so that it adds AzureAD users to local groups as it did for on-prem AD?

Thank you.



Replies:
Posted By: dpasternak
Date Posted: 27 Apr 2023 at 2:45pm
We can write a script and add it to the script that runs during the Migrate-All.ps1 migration. So he would add the AzureAD SID of the user who is currently in the local admin group. Those. improve the script so that it does the same as with profiles, but in relation to local groups.


Posted By: Support
Date Posted: 28 Apr 2023 at 9:29am
Hi, 

User Profile Wizard will always add the new user account to the same local groups that the original user account is individually a member of. The original user must be individually a member of the local group – it will not work if they are in a group that is a member of the local group – for example “Domain Admins”.

If you still have a problem, please can you email support with more information and your log file. 

Many thanks,

Support


Posted By: dpasternak
Date Posted: 28 Apr 2023 at 3:37pm
Thanks, I figured out the reason why it didn't work for me yesterday. There was a user in the local administrator group whose profile did not exist on the local system.

Those. there must be a local profile, and in this case, if the user is explicitly (directly) added to the administrators group or another local group, in this case group membership migration will work.

Thank you.


Posted By: dpasternak
Date Posted: 28 Apr 2023 at 3:40pm
I also wanted to ask a question. 
Here is the script Migrate-All.ps1 I specify to run during the migration. If I modify it and recreate the config file. Will my code work or not?


Posted By: Support
Date Posted: 04 May 2023 at 9:43am
Hi, 

Yes, you can modify the Migrate-All.ps1 script, the scripts are provided as examples for common scenarios (migrate all, migrate last logged on user etc). 

If you are using a Single Deployment File, after you have modified the PowerShell script, you will need to run through the Deployment Kit in order to recreate the Single Deployment File (exe) with the updated Migration Script.

Support.



Print Page | Close Window

Forum Software by Web Wiz Forums® version 12.03 - http://www.webwizforums.com
Copyright ©2001-2019 Web Wiz Ltd. - https://www.webwiz.net