Builtin Groups migration issue during synchronization

Hello,

If you used an import file during a migration to rename groups from src > trg, make sure to skip the SamAccountName for Group on the DirSync job.

Cheers

Thanks for the reply...if we skip the SamAccountName for group, won't it affect other migrated groups.

Also one more query...Members of the migrated groups are not sync'd in the target.group. I mean...Migrated group still doesn't populate with the members fully even after the full sync.

ajithsmin said:

we skip the SamAccountName for group, won't it affect other migrated groups.

If you skip samaccountname it applies to all groups. 

so let’s back up. The thread title is built-in groups issue during sync.  Your issue is migrated groups are being renamed. What attribute is being renamed? Just the samaccountname? If the group already exists with the same name, say domain users when it tries to rename your source domain users it will fails as there is a collision. 

Can you list the built in groups are migrating and the header to your import file? 

Samaccountname remains the same as per the import file during synchronization but the Name attribute changes during sync. 

But now the security group (default AD group - "domain Users " which we migrated are not sync'ng fully after synchronization still the member tab is showing very less number of users.

Not a straight forward process:

As Jeff indicated

Jeff Shahan said:

Can you list the built in groups are migrating and the header to your import file

• On the Domain pair make sure that on the skip objects you allow well known groups (Active Directory default objects and Domain Users)
• On the DirSync make sure to skip SamAccountname & Name  attributes for the group
• On the DirSync make sure you skip all well known groups in (Built in OU & Users), except Domain Users
• On the migration session make sure not to migrate the group with SidHistory

There is more to it then this also, do you want your users in the source to have this migrated "Domain Users Target" as their primary group? in the target  or do you want to have the Default Domain Users?

https://support.quest.com/migration-manager-for-ad/kb/25519/is-it-possible-to-migrate-built-in-groups-like-domain-admins-and-domain-users-

Test in a lab

Cheers

If we skip SamAccount name in dir sync, whether it  will affect any other existing or any upcoming migration groups other than builtin . ..

One good thing...after this activity ,when we re-ACL using RUM the name is getting exactly what it has to be ( as we required for eq: "Domain Users -Users XXX"

Hope this is not an issue now...Only thing it still shows the display name as Domain Users and Sam ACCOunt name Attribute it's Domain USers-XXXX

One querry now is : Users are not replicating from the source to this migrated group. Do you find any odd here

If we skip SamAccount name in dir sync, whether it  will affect any other existing or any upcoming migration groups other than builtin . ..

One good thing...after this activity ,when we re-ACL using RUM the name is getting exactly what it has to be ( as we required for eq: "Domain Users -Users XXX"

Hope this is not an issue now...Only thing it still shows the display name as Domain Users and Sam ACCOunt name Attribute it's Domain USers-XXXX

One querry now is : Users are not replicating from the source to this migrated group. Do you find any odd here

Finally...we have decided to add the users manually to the migrated group.

Reason for getting the issue why the users not getting added is .mentioned here in the article.