Need Help - Flaw with stsadm migrateuser command

Question

We have a SharePoint farm with a mixed set of users from two domains (Let's say A and B). Some of the users are being added with their A domain accounts and some with their B domain identity. We now now need to decommission one of the domain (B) and need all the B domain users to be replaced with their A domain accounts.

The problem lies here is if I run, STSADM -o Migrateuser B\UserName A\Username -includeSIDHistory what this command does is it first marks the user A\Username as deleted in the UserInfo table (meaning all their access will be gone from all sites) and then replaces B\UserName with A\Username. This leaves us in a very bad situation where people who are added with A\Username to anywhere in sharepoint will loose access.

I'm stuck on this for almost a week. Can the experts please suggest a possible resolution here?

Answer 1

We were in a similar situation. What we ended up doing is writing a custom console application to iterate over our entire SharePoint farm and replace every instance of B\Username with A\Username.

This is definitely the brute force approach, but we couldn't figure out any other way to do it. We limited our scope to replacing permissions for sites, groups, and lists (not items in lists/libraries). At some point, people may have to redo some of their permissions.