Hello,

We are in the middle of an Active Directory Intraforest migration.
How does this relate to Sharepoint? Well we need to keep the user's
permissions.

As part of the process, we used the MS APIs in order to create our own
executable in order to reassign the permissions on the site and area
portion of Sharepoint:

Public Function MigrateUser(ByVal sOldUserLoginName As String,
ByVal sNewUserLoginName As String, ByVal EnforceSidHistory As Boolean,
ByVal PortalOnly As Boolean) As Integer

Dim globalAdmin As SPGlobalAdmin = Nothing

Try
If Not (PortalOnly) Then
globalAdmin = New SPGlobalAdmin()
'launch the user migration of collaboration sites
globalAdmin.MigrateUserAccount(sOldUserLoginName,
sNewUserLoginName, EnforceSidHistory)
End If

'launch user migration for the portal areas

Microsoft.SharePoint.Portal.PortalAccountMigrationManager.MigrateAccount(sOldUserLoginName,
sNewUserLoginName, EnforceSidHistory)

Return 0 'return 0 if everything went fine
Catch ex As Exception
'catch all exceptions and log them for future reference
My.Application.Log.WriteEntry("Usernames OLD: " &
sOldUserLoginName & " NEW: " & sNewUserLoginName & vbCrLf &
ex.ToString, TraceEventType.Error)
Return ex.GetHashCode 'return the error code to use in
calling scripts
Finally
'get rid of the globaladmin object if need be
If globalAdmin IsNot Nothing Then globalAdmin.Close()
End Try
End Function

However, even though the user shows up with their new account
replacing the old one in the access lists, their old permissions do
not work. Removing the user and readding them also does not work.
Users can still be identified as "Authenticated Users" since they
still have read access, however any further access such as posting or
editing does not work.

Anyone have any ideas?