Transferring user passwords between Sitecore instances


Sometimes you might need to transfer user accounts between different Sitecore instances that do not use the shared user accounts storage.

You can achieve this either by using Sitecore packages, or by serializing user accounts on one instance and de-serializing them on another instance.

However, after performing these actions, all of the transferred users will have their passwords set either to a random value (when using Sitecore packages), or to the default value "b" (when using serialization).

This happens because Sitecore stores user passwords in the hashed format and their original values cannot be retrieved from the database via the standard membership API. Hence they cannot be properly moved to another storage when generating Sitecore packages or performing serialization.

Therefore, it may be necessary to manually reset user passwords after relocation. This process might be inconvenient when there are many users being transferred, as well as not acceptable in case of the requirement to keep the user passwords unaltered.


It is possible to migrate passwords of the previously transferred user accounts using a solution provided below:

  1. IMPORTANT! Back up your databases.
  2. Copy the TransferUserPasswords.aspx file to the \sitecore\admin folder of your solution.
  3. Request the page using the URL as below:
  4. Enter the connection strings of the source and target Core databases using appropriate text boxes.
  5. Click the Refresh button to get the list of users that exist in both Core databases.
  6. Use the <<< and >>> buttons to select or deselect users for password transferring.
  7. Click the Transfer button.

After performing these steps, passwords of the selected users will be transferred to the target Core database.

Note: This solution applies only to the default SQL Membership Provider provided used by Sitecore.