Users or user groups do not appear in the Windows SBS 2011 Standard console after migration

  • Article

Applies To: Windows Small Business Server 2011 Standard

Problem   Users or user groups are not showing in the Windows SBS Console after migration.

Features affected   You cannot manage these users and groups in the console:

Solution   Run the Group Convertor Wizard and the Change Role Wizard

All users, security groups and distribution lists are migrated during the initial migration of Active Directory Domain Services (AD DS). However, the migrated users, security groups and distribution lists are not automatically displayed in the Windows SBS Console. To make users and groups manageable from the Windows SBS Console, perform the steps in the following procedures.

Migrate security groups and distribution lists

To manage these security groups and distribution lists, you must assign the Created value to the msSBSCreationState attribute for each group—either automatically, using the Windows SBS 2011 Standard Active Directory Group Converter tool, or manually, by using the Active Directory Security Interface (ADSI) edit tool.

To automatically assign attribute values to a migrated group

  1. Open Windows Explorer, navigate to c:\Program Files\Windows Small Business Server\bin, and then double click GroupConverter to run the Windows SBS 2011 Active Directory Group Converter Wizard.

  2. Follow the instructions in the wizard to select and convert the security groups and distribution lists that you want to use in Windows SBS 2011 Standard.

    Note

    You can convert groups that were created by using the Windows SBS 2003 or Windows SBS 2008 Administration Console, or the Active Directory Users and Groups console. To convert the groups, the wizard adds some necessary Active Directory attributes to them.

  3. After you convert groups and distribution lists to Windows SBS 2011 Standard compatible items, you can manage them by using the Windows SBS Console.

To manually assign attribute values to a migrated group using the ADSI Edit tool

  1. On the Destination Server, click Start, click Administrative Tools, and then click ADSI Edit.

    Note

    If ADSI Edit is not available on the Administrative Tools menu after you run the Support Tools setup, click Start, type Adsiedit.msc, and then click OK.

  2. On the toolbar, click Action, click Connect to, and then click OK to accept the default settings.

  3. In the navigation pane, expand Default naming context, right-click the object that you want to convert, and then click Properties.

  4. On the Properties page, click the msSBSCreationState attribute, and then click Edit.

  5. In the String Attribute Editor dialog box, in the Value text box, type Created, and then click OK. Make sure that you capitalize “C” in “Created.”

  6. On the Properties page of the group that you are editing, click the groupType attribute, and then click Edit.

  7. In the Integer Attribute Editor dialog box, do the following:

    1. For a security group, type -2147483640 in the Value text box.

    2. For a distribution list, type 8 in the Value text box.

  8. Click OK to save your changes and to close the Properties page.

  9. Repeat steps 3 through 8 for each migrated group that you want to manage in the Windows SBS 2011 Standard Console.

  10. When you restart or refresh the ADSI Edit console, the groups are displayed in the appropriate distribution list or security group lists.

    Note

    If you want a group to appear as a distribution list, the group must have a valid email address.

Migrate user accounts

Note

Before you migrate user accounts, you can create custom roles by using the Add a New User Role Wizard. You can then use the new user role when you migrate the user accounts to the Destination Server.

To migrate user accounts

  1. In the Migration Wizard, on the Migration Wizard Home page, click Migrate users and groups, and then click Next.

  2. On the Migrate groups page, click Next.

  3. On the Migrate user accounts page, click Run the Change User Role Wizard.

  4. On the Select new user role page, select the type of user role that you want the user account to have in Windows SBS 2011 Standard, and then choose how you want to apply the permissions and settings.

    • Either you can replace any permissions or settings that are granted to the user account, or

    • You can add the Windows SBS 2011 Standard permissions and settings where applicable.

  5. Click Next.

  6. On the Select user accounts page, choose the user accounts to apply the role type to, and then click Next.

    Note

    To view the user accounts that were migrated from the Source Server, in the Users list view, select the Display all the user accounts in the Active Directory check box.

  7. When the wizard finishes, click Finish. The user account role type is changed to the role type that you selected.

  8. Repeat steps 3 through 6 until you apply permissions and settings to all user accounts that were migrated.

  9. When you finish applying permissions and settings to all user accounts, click Task complete, and then click Next.

Note

By default, user accounts that were migrated from the Source Server do not need to meet the Windows SBS 2011 Standard password policies, which are applied to new user accounts in Windows SBS 2011 Standard. When a user with a migrated user account resets or changes their password, they are required to meet the Windows SBS 2011 Standard password policy. If the Windows SBS 2011 Standard password policy is changed to make it stronger (for example, more complex or longer password length), all users, including users with migrated user accounts, are required to reset their passwords to meet the new password policy.