If you are upgrading your Sitecore version and using the approach of setting up a new, clean instance and migrating your code and content to it, you may also need to migrate your user accounts. If you only have a few author accounts setup in Sitecore, a migration might not be needed. You can simply recreate the accounts in the new Sitecore instance and re-provision the user accounts. There are 3 simple steps required to migrate Sitecore users. The approach I will cover works well for large numbers of users.
However, I recently had to migrate a Sitecore instance with 5000+ accounts. Why so many? Well, the site I moved, is a portal site and it uses Sitecore to manage portal accounts. Everyone in the company logs into the portal with a Sitecore “Extranet” account. At some point I will be integrating the portal with the company’s Azure AD to enable SSO, but that will happen after the upgrade.
If you upgrade Sitecore in place, the Core database will be updated leaving the user accounts intact. Most minor version upgrades can be done this way. In my case I was upgrading from Sitecore 6.5 to 8.2. There is no direct upgrade path for such a large version difference. The incremental path is very long and complicated, so I decided to jump straight to 8.2.
Sitecore stores user accounts in the Core database.
Because I am moving the passwords from the old database to the new one I have both Sitecore 6.5 and 8.2 running on one server. I am using an Azure VM (B2ms) running Windows Server 2016 and SQL Server 2017 Developer Edition. My Sitecore 6.5 Core database has all the domains, roles and user accounts that I am migrating.
Log in to the Sitecore 6.5 instance as admin to complete this step.
Initially I opened the Account Manager and serialized the user accounts from there, but this was not including the domains and roles. You’ll need to use the Domain Manager to get domains and roles.
Select a domain and click the “Serialize Domain Users&Roles” menu to serialize the roles and users in that domain. I did this for all of the domains.
After serializing, you can check the “Data/Serialization/Security” folder. There should be a folder for each domain with a Roles and a Users folder inside. Each Role and User is serialized into a “.item” file.
We are done with Sitecore 6.5 at this point.
Copy the serialization folder into the Data folder of the Sitecore 8.2 instance. The deserializer expects the security data in the same location as Sitecore 6.5 (thankfully).
Once the serialized files are copied, log into the Sitecore 8.2 instance as admin. Open the Domain Manager and select Revert Users and Roles. Remember that your admin account will be replaced the admin account from Sitecore 6.5 when the deserialize is completed.
You have now completed the steps to migrate Sitecore Users from an old Sitecore to an upgrade target. In the Account Manager a quick look at the user count helps verify that all users were migrated.
This is the query I used to move passwords.
BEGIN TRANSACTION
UPDATE [sc-prod_core].dbo.aspnet_membership
SET [password] = scSourceMembership.[password],
[passwordsalt] = scSourceMembership.[passwordsalt],
[islockedout] = scSourceMembership.[islockedout],
[isapproved] = scSourceMembership.[isapproved]
FROM [sc-prod_core].dbo.aspnet_membership scTargetMembership
INNER JOIN [sc-prod_core].dbo.aspnet_users scTargetUsers
ON scTargetMembership.userid = scTargetUsers.userid
INNER JOIN [Sitecore_Core].dbo.aspnet_users scSourceUsers
ON scSourceUsers.username COLLATE DATABASE_DEFAULT=scTargetUsers.username COLLATE DATABASE_DEFAULT
INNER JOIN [Sitecore_Core].dbo.aspnet_membership scSourceMembership
ON scSourceUsers.userid = scSourceMembership.userid
ROLLBACK TRANSACTIONI used SSMS to run this query as the sysadmin account. For my application sc-prod-core is the target core database and Sitecore_Core is the source core database. To use this query just replace those database names.
I’ve also added a transaction to this query to give me an opportunity to check the output before committing this change. I also advise backing up both the source and destination databases in case you accidentally reverse the target and source databases and wipe out all your passwords.
Once this query succeeds, you should be able to login to the same accounts as the source instance.
In my case I have a few test accounts with different roles that I use for automated testing that I can check to ensure the passwords work.
The procedure to migrate Sitecore users in Sitecore 9+ is similar to 8.
The “Data” folder is deprecated in Sitecore 9. All the steps are the same to move users, except Sitecore 9 will be looking in “App_Data/Serialization/Security” for the domains. I haven’t used the password sync query in Sitecore 9, but I assume that the user accounts database structure hasn’t changed since Sitecore 8.
Looking for more Sitecore? Read my post on Must Have Sitecore Modules
Photo by Barth Bailey on Unsplash