This guide provides the procedures for migrating home directories from Windows File Servers to OneDrive for Business. The personal version of OneDrive that is included with Outlook.com/Hotmail.com is not supported.
Note that OneDrive data may not be accessible for a few days after migration, due to OneDrive's crawling and indexing process. We suggest having your users log in immediately after migration but warn them that their data may not be available immediately. For this reason, it may be best to complete the migration on a Friday so the indexing can happen over the weekend.
First migration?
We’ve created a guide on scoping, planning, and managing the migration process for your use. If this is your first migration, we recommend reading this guide carefully.
MigrationWiz
MigrationWiz is a migration tool, not a syncing tool. If changes are made at the source after migration, they will not sync to the destination, nor will changes made at the destination sync to the source. We do not have “live” monitoring of changes (as with a sync agent) and we cannot handle scenarios such as conflict resolution without user interaction.
MigrationWiz supports the capability to share migration projects across a Workgroup. When the Project Sharing feature is turned on, all Agents besides those who are Inactive can view all migrations projects.
Limitations
- We are not able to support migrations with two-factor or multifactor authentication.
- The maximum file size for migration through MigrationWiz varies by migration type and environment, but may never exceed 60GB.
Prepare the Azure Environment
- Estimate Azure storage costs. This step is optional but is useful in providing the customer with upfront storage costs ahead of time.
- Buy an Azure subscription, or use the free one-month trial ( this option is only viable if you are performing a very small migration).
- Create an Azure storage account. We recommend that you create an Azure Storage Account in the same Microsoft data center as the Destination Microsoft 365 tenant.
- Visit https://portal.azure.com
- Click Storage accounts
- Click Storage Create
- Select the subscription in which you want to create the new storage account.
- Select your Resource group. Create a new one if one doesn't exist.
- Enter a name for your storage account.
- Choose your datacenter Location.
- Choose Standard performance.
- In the Redundancy field, select Locally Redundant Storage (LRS).
- Click Review.
- Click Create.
- Once the deployment shows as complete, click on Go to resource.
- Select Access keys under "Security + Networking".
- Copy the Storage account name and the key 1. You will use this when running UploaderWiz and within the migration project.
You do not need to create any Azure containers for this migration. Separate containers are created on a per-home directory basis as they are uploaded. During migration, MigrationWiz will create two separate metadata files (with the extensions: -directory.metadata and -files.metadata), which will be added to each container. These are used during migration by MigrationWiz, to build the folder structure in OneDrive for Business and to migrate the permissions. They should not be deleted until after the migration.
Prepare Machine(s) for PowerShell and UploaderWiz
We recommend that you perform these steps from a domain-joined computer when logged in with local admin rights.
- Install BitTitan PowerShell by downloading and installing BitTitan SDK.
- Create the C:\apps\uploaderwiz directory and then download and extract the UploaderWiz utility into that directory.
- Create the C:\scripts directory, download the mw_homedir_powershell_scripts.zip file and extract its contents into that directory. The folder name must be a single word, with no spaces or special characters. The files that are extracted into that folder are Log_Functions.ps1, ProjectImport.ps1, RunSubmission.ps1, and authorizationsettings.csv.
- Map a network drive to the home directory root folder on the file server if you are not running this from the machine the files are stored on.
Prepare the Destination Environment
Please consider the following information when preparing your source environment.
- Users being migrated need to be licensed to use OneDrive in the source tenant.
- Users being migrated must not be blocked from signing into the source tenant.
- Source OneDrives must not be set to read-only. This is initially for setup. Steps for setting up for read-only can be found under the Run Verify Credentials section later in the guide.
OneDrive Prerequisites
- Create an admin account in Microsoft 365 for the migration, or use the global admin account for the tenant.
- The easiest approach to follow is to use the global admin account. This was set up at the time of tenant creation. However, if you do not wish to use this global admin account during migration, then a new user account can be created instead. This will then need to be granted full access rights to each user.
- The admin account must have a full license assigned to it, to provision OneDrive for Business profiles for each user during the migration process.
Application Permissions for OneDrive
Continue configuring your destination environment by selecting one of these application permissions options and following the steps to enable permission levels at the destination.
The easiest approach is to use the global admin account set up at the time of tenant creation. However, if you do not wish to use this global admin account during migration, then a new user account can be created instead. This user account needs to have a license assigned that includes OneDrive and be granted Site Collection Administrator privileges to OneDrive in the project.
- Create a user in Microsoft 365 and assign a license that includes SharePoint. For step-by-step instructions, see the Microsoft article Add users individually or in bulk to Office 365.
- Set the administration privileges. Grant one of the permission levels listed below to the user account to be user as the administrator for the endpoint in the project.
- Global Admin. Microsoft has instructions to set these permissions here: Assign admin roles.
- SharePoint Admin. For specific permissions and project settings to be used with a Site Collection Administrator, see MigrationWiz Permission Requirements.
- Add the admin account, created in step 2, as a Site Collection Admin to the endpoint.
Important
The Global Admin or SharePoint Admin role does not automatically grant Site Collection Administrator rights to a SharePoint or OneDrive site. - Go to MigrationWiz-SharePoint-Delegated and consent to the app access when prompted. Once you click on Accept, you will be redirected to the BitTitan login page. This is normal and the page can be closed.
BitTitan uses app-based authentication for OneDrive, providing greater security and reducing the potential of Microsoft throttling. It replaces the previous Microsoft 365 authentication, which has been subject to increased throttling by Microsoft. This app-based authentication method is specific for Microsoft 365 tenants.
- Ensure you are signed in as a Global Admin.
-
Go to MigrationWiz-SharePoint-FullControl and consent to the app access when prompted.
- Create a new Security Group named “MigrationWiz” on the Office 365 Admin Portal.
- Create a new user that is not having data migrated in the project. This account does not require any administrator roles to be assigned. If you already have an existing user, that should be fine. This user must have a SharePoint license applied.
- Add the new (or existing) user to the previously created security group as a Member. Adding it as an Owner does not work here.
- Create MigrationWiz project.
- When creating the source and destination endpoints, enter the user credentials in step 4 that correspond with the endpoint to which the user belongs.
-
Add the support option UseApplicationPermission=1 to the advanced options of the MigrationWiz project under Support Options.
Upload Files to Azure
Steps are performed from a file server, or a computer joined to the domain when logged in with the domain admin account, with local admin rights to the machine. This process utilizes UploaderWiz. Our guides contain information on running, configuring, and troubleshooting UploaderWiz.
- (Optional, but recommended) Set the file share migration batch to read-only access by the user and inform the users that a migration is occurring and that their file shares are now read-only. This will prevent the user from adding files to these file shares during the migration.
- You can restrict users to read-only access to their Home Directories through the Active Directory Users and Computers console on the AD controller, or via PowerShell.
Prerequisites:- Create a CSV file containing all the usernames (SAMAccountName).
- Install the required AD module on the machine that you're running the script from.
- Example script:
Import-Module 'ActiveDirectory'
import-csv E:\usersname.csv | foreach-object{
$homeDrive = (Get-ADUser -Identity $_.name -Properties homedirectory).homedirectory #Query AD for the HomeDirectory attribute
$ACL = Get-Acl $homeDrive
$ACL.setAccessRule((New-Object System.Security.AccessControl.FileSystemAccessRule($_.name, "Read", "ContainerInherit,ObjectInherit", "none", "allow")))
Set-Acl $homeDrive $ACL
} - From the command prompt, running as administrator, from the directory that UploaderWiz was extracted into, run the following command (replace the x's with your own information):
UploaderWiz.exe -accesskey "xxxxxxxx" -secretkey "xxxxxxxxxxxxxxxxxxxxxxx" -type azureblobs -rootpath "xxxxxxxx" -homedrive true
Important
If you are performing these steps from a domain-joined computer, a network drive needs to be mapped from the domain-joined computer to the file server (e.g. x;\File Server).- The AccessKey will be the name of the storage account
- The SecretKey will be the access key for the storage account
- The RootPath will be the path to the files that you want to migrate
The parameter -homedrive true creates separate blob containers for each file share, under your top-level Azure blob container. For example, if you have folders called User1 and User2 under C:\Users and you set the rootpath parameter to "c:\Users" then a container named "User1" and another named "User2" would be created in the Azure storage account and the files within those folders uploaded to each.
Migration Steps
Once all the Homedrives have been uploaded, you will need to create a project for each container that was created. These steps will allow you to use PowerShell to create those. These steps are performed from the machine that was prepared for PowerShell and UploaderWiz
- Fill in all columns in the authorizationsettings.csv file for the user home directories that will be migrated in the migration batch.
- The recommended directory, specified in the Prepare Machine(s) for PowerShell and UploaderWiz section above, was C:\scripts.
- These are the BitTitan data centers that can be set up: Canada, North Europe, North America, Western Europe, Asia Pacific, Australia, Japan, and South America.
- Once you have completed the first entry row, copy the entries for AccessKey, SecretKey, ODFBAdmin, ODFBPwd, BitTitanDatacenter, and CustomerName into each subsequent row.
- Launch Windows PowerShell, and run the following command:
Set-ExecutionPolicy Unrestricted
This allows scripts that are not digitally signed to run in your PowerShell window. - Run the projectimport.ps1 script. This sets up the projects. Upon completion, it will run a verify credentials against every MigrationWiz project that was created by the script.
- This script will set all the necessary Advanced Options. These include:
-
Licensing/Maximum licenses = 5
. Only one User Migration Bundle will be needed per user, however, the script does currently require this to be set. -
ShrinkFoldersMaxLength=300
-
RenameConflictingFiles=1
-
InitializationTimeout=8
- Preferred BitTitan Data Center. This will reflect the entry from the AuthorizationSettings.csv file, under the BitTitanDataCenter column.
-
- Run the script, using Windows PowerShell. Change to the directory that you extracted the scripts into, e.g., C:\scripts:> .\projectimport.ps1
- When prompted for credentials, enter your BitTitan credentials.
- All projects will be created with a name set to destinationemailaddress_ps. The '_ps' is used by the Full migration pass script (RunSubmission.ps1) so that it only starts migrations for those projects matching this name criterion.
- This script will set all the necessary Advanced Options. These include:
- Run the RunSubmission.ps1 script (e.g., c:\scripts:> .\RunSubmission.ps1). This performs a Full migration pass.
- When prompted for credentials, enter your BitTitan credentials. You can set your BitTitan account credentials within this script (but these could then be seen by others who have access to the script). This will avoid being prompted to enter your BitTitan account credentials.
- Once the script completes, log into MigrationWiz and enter one of your projects. You can then monitor the progress of the migration.
Post-Migration Steps
- Remove access to the Source home directories.
- Provide training on OneDrive For Business.
- Delete directories from the staging directory; this is the directory that home directories were copied to prior to uploading them to Azure. Once all home directory batches have been completed, and all file shares and other data have been migrated, the Source file server can be decommissioned.
- Delete all the Azure blob containers that were created during the upload to Azure. This will prevent incurring post-migration Azure costs for these containers. Be careful to only delete the containers created by UploaderWiz; these will be names that match the home directories and have a create date from the date of the upload.