You’re offline. This is a read only version of the page.
Hi Everyone,
I have a query about User Management and I would be grateful for any help.
In a short while, our organisation will be moving to a new Active Directory setup with a new domain name. So users will login to their Windows accounts with the id "newdomain\username". Users in NAV are currently authenticating with their Windows accounts, and their User Name in the User table matches their Windows logon.
I have been tasked with finding an automated way of moving the users to the new domain. I am just wondering if anyone has any experience in this area? My current idea, is to run some C-SIDE code from a codeunit to take copies of all the users & permission sets etc, then insert them with their new User Names. Finally set the status of the original User records to "Disabled".
My issue is then trying to match the Windows Security ID's with the new users, is this as simple as copying them from Active Directory? Or is there a way to achieve this in NAV/Powershell/SQL?
*This post is locked for comments
Yes, NAV should pick up the correct SIDs for the new domain.
Also, refer here: forum.mibuso.com/.../moving-nav-server-to-a-different-domain
Thanks, that seems a lot easier. I have just spoken to our Network guys and they have said they will not be enabling SID history (I'm not sure why), so it seems that all I need to do is create the new user records, disable the old ones and then wait for the new Active Directory to be rolled out to each group, theoretically NAV should just pick up the SID and we should be good to go. (fingers crossed).
You're welcome!
HI Nick,
I would suggest looking at the tool: Active Directory Migration Tool.
www.microsoft.com/.../details.aspx
This tool was created to accomplish just what you outlined. It is also a way to query which service accounts are in use, and which security groups that the users belong to so you can move those to the new domain as well. This would be difficult to accomplish with a script alone. If you enable the SID history on the new accounts you have some breathing room during the migration as your NAV users will be recognized with the new login and the old SID attached to their AD account. (As long as the new domain is part of a trusted forest)
We have just completed this migration and are using NAV. It was very useful. Once you have migrated, If NAV causes challenges when the new domain is cut from the old domain, there are posts on the forum on how to insert the new SID on the table "users"
Good luck.
(Definitely read the guide if you are planning on using this tool as it will help stage this migration)
Ok thank you very much!
Hi Nick,
NAV is designed to work in AD environment. When you input Domain\UserName, it will be converted into Windows SID in NAV automatically.
For using Excel to duplicate needed information, a nice article from Olof Simren community.dynamics.com/.../write-c-al-code-in-excel
Hi Khoa,
I have had a look and I understand I can create users with Powershell, and this will be useful. I guess my issue is how to do ensure they match the SID's which are stored in Active Directory (which is a new Active Directory environment). Also, what are you recommending I use Excel for? Many thanks.
Hi Nick,
You should use Powershell and Excel, for example:
New-NavServerUser -WindowsAccount 'domain\user' -ServerInstance InstanceName
You can take a look at below link for detail:
#1
Community Member
8
#2
Sohail Ahmed
5
Super User 2025 Season 2
#3
Kamal Khakhkhar
3
Share
Report
All responses (
Answers (
