Migrating Groups
Although the Commerce Server Profiling System supports groups, the implementation is dependent upon the capability of the Profiles data store. You must use Active Directory to implement groups the same way they were implemented in Site Server 3.0 Membership Directory.
You can use Active Directory to create groups and assign access control lists (ACL) and Access Control Entries (ACE) on files and directories. However, the implementation is not completely compatible with a site as it would be implemented using the Site Server 3.0 Membership Directory. Active Directory limits a group to 5000 objects. This limit is necessary because of the manner in which the contents of the group are replicated between instances of the domain controllers. Although this limitation will be addressed in future versions of Active Directory, it is necessary to perform a work-around to migrate your Membership Directory.
You can use the Directory Migration tools to create subgroups, and then add user profiles to the subgroups. To preserve space for additional growth and subgroups, the tools fill 4500 user profiles per subgroup.
The following table shows how a group with 100,000 user profiles in the Membership Directory would be migrated to Active Directory.
| Membership Directory Structure | Equivalent Active Directory Structure |
| GroupA | GroupA |
| User1 .. User100000 | GroupA_0000 |
| User1 .. User4500 | |
| GroupA_0001 | |
| User4501 .. User9000 | |
| … | |
| GroupA_0023 | |
| User99001.. User100000 |
.gif "Ee823409.caution(en-US,CS.10).gif")
Caution
- You must set up Active Directory in Native mode. Do not set up Active Directory in Mixed mode; if you do, Active Directory will not create the required group hierarchy.
If you use a forest of domains to contain the user profiles, the migration becomes more complex. The following figure shows how to map user profiles and ACLs on content to Active Directory and still enforce site security.
.gif "Ee823409.cs_gs_membershipmigr_dirmigrationgroups(en-US,CS.10).gif")