Google Drive to OneDrive for Business Migration Guide

This articles outlines the complete task flow for migrating folders and documents from Google Drive to OneDrive for Business. This migration requires an Azure subscription, which maximizes migration speed and bypasses throttling.

This migration guide contains the necessary steps to perform the actual migration, but there are many steps to preparing for migration. If this is your first time performing a migration, we have created a Migration Planning & Strategy Guide to walk you through planning, set-up, and general migration best practices. If you have never performed a migration before, we suggest reading that before beginning the steps outlined in this scenario.

Some item types are not migrated. Click the bar below to expand the full list of what item types are and are not migrated. We are constantly working to create a better migration experience for you, so these items may change.

MigrationWiz is a migration tool, not a syncing tool. If changes are made at the source after migration, they will not sync to the destination, nor will changes made at the destination sync to the source. We do not have “live” monitoring of changes (as with a sync agent) and we cannot handle scenarios such as conflict resolution without user interaction.

Items and folders in "Shared with Me" will not be migrated. Only items in "My Drive" will be migrated. To migrate "Shared with Me" items, they must be added to "My Drive".

We are not able to support migrations with two-factor or multifactor authentication. 

Endpoint Change Notification

For Government or Google Drive to OneDrive for Business (China) migrations, select OneDrive GCC/China endpoint types instead of OneDrive in your destination endpoint selection. 

Set up the Azure Environment

If using Microsoft provided Azure storage, you can skip this section.

  1. Estimate Azure storage costs. This step is optional but is useful in providing the customer with upfront storage costs ahead of time.
  2. Buy an Azure subscription or use the free one-month trial (this option is only viable if you are performing a very small migration).
  3. Create an Azure storage account. You will need to set up a STORAGE (General Purpose v1 or v2) account rather than a storage blob. Take note of the storage account name and the primary access key. We recommend that you create an Azure Storage Account in the same Microsoft data center as the Destination Office 365 tenant. You do not need to create any Azure containers for this migration.
    1. Log in to https://manage.windowsazure.com
    2. Click Storage
    3. Click Manage Access Keys at the bottom of the screen. The access keys need to be entered when creating the MSPComplete Source endpoint. We recommend that you create an Azure Storage Account in the same Microsoft data center as the Destination Office 365 tenant. 
    4. Take note of the Storage Account Name and the Primary Access Key as follows:
    5. -accesskey – This is the Storage account name for the Blob – example “accountname”
    6. -secretkey - This is the access key for the Storage account – example “W1RrDfkPNkfYfdVqizMNJjn5mXchwMP5uYBY8MsMqWTA7EubG911+4fZlki0Gag==”

Prepare the Source

Source Endpoint: Google Drive (Own Service Account) Endpoint 

This endpoint requires your tenant service account to be set up and Google APIs be enabled. Follow the steps below to set up your environment for this endpoint. 

Prerequisites:

  • Subscription to Google Cloud Platform

  • Google Super Administrator account

  • Ability to set up a service account on the G Suite tenant

  • Service account must be set up before the MigrationWiz project is created

 Create a Google Project:

  1. Go to the Google Cloud Platform (GCP) Console and sign in as a super administrator. Choose one of the options below:

    • If you haven't used the Google Cloud Platform Console before, agree to the Terms of Service and click Create Project.

    • If you have used Google Cloud Platform Console before, at the top of the screen next to your most recent project name, click Down to open your projects list. Then, click New Project.

  2. Enter a project name and click Create.

  3. When the new project creation completes, at the top of the screen next to current project name, click Down icon and select the newly created project name from the list.

Enable APIs for Service Account

  1. From the Google Cloud Platform Console, click Menu > APIs & Services > Library.

  2. Enable the following APIs by selecting the specific API and clicking Enable.
    Repeat for each API listed below:

    • Google Drive API

    • Admin SDK

Make sure that the respective services are enabled within the Google tenant. You can control services for your users using the instructions on this page: Control who can access G Suite and Google Services.

Create Customer Tenant Service Account

  1. From the Google Cloud Platform Console, click Menu > IAM & Admin > Service accounts.

  2. Click + Create Service Account at the top middle of the screen and enter a name.

  3. Click Create.

  4. Assign the role of Owner to the new Service Account by selecting Owner from the Role drop down menu.

  5. Click Continue to move to the next step, then click the Done button.

  6. You will now be returned to the "Service Accounts" page. 
  7. On ‘Service accounts' page, click vertical ellipsis under 'Actions’ column for the service account created above.
  8. Click Create key.

  9. Make sure that JSON is selected as "Key Type."
  10. Click Create.

  11. Click Close.

Make sure that you download the key as a JSON file and make a note of the name and location of the file. This JSON file will be used when setting up the migration endpoint in the migration project.

The JSON file must contain information in the following fields: “type”, “private key”, and “client email”. If these mandatory fields are empty the file upload during endpoint creation will fail.

Setting the Scopes for the Migration

  1. From the Google Cloud Platform Console:

      1. Click Menu.
      2. Click IAM & Admin.
      3. Click Service Accounts.
      4. Find the service account that was set up in Step 3: Create Customer Tenant Account.
      5. Find and copy the service accounts Unique ID number. This is the Client ID number that will be used in a later step.
        • This field often needs to be added to the view. Click on the Column display options button and add a checkmark to Unique ID, then click OK.
        • This Client ID should be considered similar to Administrator account passwords and handled securely.
      6. You will now have one of two options, depending on if the Google UI has been updated in your tenant. 
      Classic Google UI New Google UI
      1. Go to the G Suite admin page at admin.google.com.
      2. Click Security.
      3. Click API Controls.
      4. Under 'Domain wide Delegation' click Manage domain-wide delegation.

       Once these steps are complete:

      1. In the Client ID field, paste the Unique ID copied above.
      2. In the OAuth scopes (comma-delimited) field, paste all scopes listed below:
        1. For source endpoint:
          https://www.googleapis.com/auth/admin.directory.group.readonly, https://www.googleapis.com/auth/admin.directory.user.readonly, https://www.googleapis.com/auth/drive.readonly
      3. Click Authorize.

       You should now see your specific Unique ID and the associate scopes listed.

Prepare the Destination Environment

Create an administrator account in Office 365 to be used for migration, or use the global admin account for the tenant.

The easiest approach to follow is to use the global admin account. This was set up at the time of tenant creation. However, if you do not wish to use this global admin account during migration, then a new user account can be created instead. This will then need to be granted full access rights to each user.

The admin account must have a full license assigned to it, in order to be able to provision OneDrive for Business profiles for each user during the migration process. If you encounter the error "Personal Site is not instantiated = PermissionsUserNotLicensed", this means that the OneDrive collection for a user does not exist and the administrator account used for the migration does not have a full license assigned. To resolve this issue, assign a license to the administrator account, and resubmit the migration.

Create an Administrator Account for Delegated Administration rights

The easiest approach to follow is to use the global administrator account that was set up at the time of tenant creation. However, if you do not wish to use this global admin account during migration, then a new user account can be created instead. This new account will then need to have a license assigned that includes OneDrive for Business and be granted either Global Administrator permissions or SharePoint Administrator privileges.

Important: We strongly recommend that you use an administrator account that isn’t one of the users being migrated, as it can cause issues with missing shared permissions.

Process:

  1. Create a user in Office 365 and assign a license that includes OneDrive for Business. For step by step instructions, see the Microsoft article Add users individually or in bulk to Office 365.
  2. Grant the new user Global Administrator permissions or SharePoint Administrator rights in Office 365.
  3. Ensure that the administrator account is set to use Basic authentication rather than Multi-Factor authentication.

After you perform these steps, the specified user will be visible in the Office 365 administrator center. Full provisioning of the user account can take up to 24 hours.

Using App-based Authentication

BitTitan uses app-based authentication for SharePoint, OneDrive for Business, Office 365 Groups (Documents), and Teams migrations. This provides greater security and reduces the potential of Microsoft throttling. It replaces the previous Office 365 authentication, which has been subject to increased throttling by Microsoft. This app-based authentication method is specific for Office 365 tenants.

If you elected to use app-based authentication, perform the following steps:

Add the App to the tenant

Steps to enable permission level at the destination:

  1. Go to MigrationWiz-SharePoint-FullControl and consent to the app access when prompted.
  2. Create new Security Group named “MigrationWiz” on the Office 365 Admin Portal.
  3. Create new user.
  4. Add new user to previously created security group as a member.
  5. Create MigrationWiz project.
  6. When creating the endpoints, enter the new user credentials.

Assign Licenses

Assign an Office 365 license that contains OneDrive for Business to the admin account that will be used for migration.

  • If users have never used OneDrive before, MigrationWiz will provision OneDrive (SharePoint) profiles for each user being migrated, using the admin account credentials that are entered in the MSPComplete Destination endpoint. However, it does not create the user account; the user account needs to have already been created.
  • MigrationWiz cannot provision a OneDrive profile for blocked users. If a user is blocked, there will be a provisioning or access error.

Set up accounts on Office 365 and assign licenses. These can be created in several ways:

  • Manually, one at a time.
  • By bulk import, via CSV file. Read the Add several users at the same time to Office 365 article from Microsoft for more information. You can use the CSV file that was created under Step 3 of the Prepare the Source Environment section of this guide.
  • By PowerShell script. Read the Create user accounts with Office 365 PowerShell article from Microsoft for more information.
    Important:
    If you are migrating permissions, the part of the usernames before the "@" sign on Office 365 must match the part of the username on Google Drive before the "@" sign, e.g., john.smith@domain1.com on Google Drive must follow the same format before the @ sign on Office 365, and so must also equal "john.smith" on Office 365. The domain name, however, can be different. For more information see: Set up groups on Office 365. If permissions were assigned to groups on Google Drive, and you want these to be migrated, the group names on Office 365 must match the group names on Google Drive.  Create the required Office 365 CNAME for your domain. Read the Create DNS records at Register365 for Office 365 article from Microsoft for more information. Set up the app-based authentication in the Office 365 tenant. 

Post Migration Steps

To remove the BitTitan Enterprise app, perform the following steps:

  1. Launch PowerShell.
  2. Connect PowerShell to Office 365.
  3. Enter the command:

    Connect-AzureAD

  4. Enter the admin credential in the prompt.
  5. Enter the command:

    Get-AzureADServicePrincipal -SearchString Migration

  6. Look for the ObjectId of the app you want to remove and enter the following command: Remove-AzureADServicePrincipal -objectId <the object id>

MSPC Steps

Licensing

Licenses are required to run a migration project in MigrationWiz. To obtain license pricing information, or to purchase licenses, click the Purchase button in the top of your MSPComplete or MigrationWiz dashboard.

Payment: We accept credit cards, and wire transfer in certain situations.  

  • When purchasing with a credit card, payment is immediately processed during checkout. If successful, licenses are granted to your account instantly.
  • Wire transfers are available for purchases of 100 or more licenses. If you are purchasing at least 100 licenses, you will be presented an option to purchase via wire transfer during checkout. A wire transfer checkout will generate an invoice with wiring information for your accounts payable department and bank. Once the funds are received by our system, the licenses are granted to your account immediately. 

For this project type it is recommended to use our User Migration Bundle licenses. 

To purchase licenses:

      1. Sign in to your BitTitan account. 
      2. In the top navigation bar, click Purchase.
      3. Click the Select button and choose the license type you need.
      4. Enter the number of licenses you want to purchase. Click Buy Now.
      5. Enter a Billing address if applicable.
      6. Click Next.
      7. Review the Order Summary and enter a payment method.
      8. Click Place Your Order.

These licenses enable you to perform multiple migrations of documents and in-place archives.

User Migration Bundle Licenses have unlimited data available per license. User Migration Bundle Licenses are applied to the customer's users, for whom you'll be performing migrations, and are valid for one year.

Read the Licensing FAQ article for more information.

MigrationWiz Steps

Create a Document Migration project

  1. Click the Go to My Projects.
  2. Click the Create Project.
  3. Create a Document project.
  4. Click Next Step.
  5. Enter a Project name and select a Customer.
  6. Click Next Step.

Endpoints

Endpoints are now created through MigrationWiz, rather than through MSPComplete. The steps for this section outline how to create the endpoints in MigrationWiz.

If you are selecting an existing endpoint, keep in mind that only ten endpoints will show in the drop-down. If you have more than ten, you may need to search. Endpoint search is case and character specific. For example, Cust0mer will not show up if the search is customer. We recommend keeping a list of endpoints you have created, along with any unique spellings or capitalization you may have used.

You may either use existing endpoints, or create new ones. 

To create a new source endpoint:

  1. Click Endpoints.
  2. Click Add Endpoint.
  3. Select Google Drive (own service account).
  4. Select the JSON file created in the steps above and enter the Super Admin username and password for the source.
  5. Enter the Google admin account email address and domain name in the appropriate fields. This is the account that has admin access level to the Google admin portal. Please note that this admin email should match the end user domain.
  6. Click Add.

To create a new destination endpoint:

  1. Click Endpoints.
  2. Click Add Endpoint.
  3. Select OneDrive for Business.
  4. Enter requested information.
  5. Click Add.

Add Users

Add the user accounts that will be migrated to the project. MigrationWiz allows you to bulk import users into the system. (Note: For OneDrive endpoints, the email address must match the current User Principal Name of the user in the tenant)

Use the Bulk Add option for large migrations, or the Quick Add for smaller migrations. 

To import one or more users:

  1. Sign in to your MigrationWiz account.
  2. Select the Project for which you want to perform the bulk import.
  3. Click on Add.
  4. Click on Quick Add or Bulk Add.
  5. Follow the instructions on the page.

Add Advanced Options

Under Support/Support options:

There are no spaces on either side of the "=" sign, and the entries are case-sensitive, so pay special attention to the capital letters in the commands detailed below.

  • InitializationTimeout=8
    • This increases the initialization timeout window to eight hours. 
  • IncreasePathLengthLimit=1
    • Use this Advanced Option in MigrationWiz to enable the use of 400 characters for the file path name.
  • RemoveExistingPermissionsWhenUnspecified=1
  • ShrinkFoldersMaxLength=200 (optional but recommended)
    • See this article. We recommend that you set this Advanced Option as ShrinkFoldersMaxLength=200
    • This option can be set to a higher or lower value, depending upon what is acceptable to the customer.  The value is dependent upon the following criteria: the file system data, the email address that is a part of the folder path (collection root), and the domain name for permissions, etc. However, using 200 should keep a good security range to manage all edge cases, and it provides a very reasonable limit. This option should be enabled on a case-by-case basis.
    • We recommend that you create a project specifically for when this option is required. Within this project, add the Advanced Option: ShrinkFoldersMaxLength=200 and then move files that get "path too long" errors into this project.
    • If a former migration has been performed without the option on, then the storage will need to be reset at the Destination, otherwise, both file system structures will appear at the Destination. If a user modifies the Source file system folder structure (for example, by renaming, removing, or creating a new folder) between two passes using this Advanced Option, the dynamic mapping may be totally different and the Destination may have two different file systems represented. If multiple folders are truncated at 10 characters in the same parent folder, they may end up being merged into a single one if the first ten (10) characters are identical.
  • DocumentBrowsingMode=Moderate
    • Scans “My Drive” for the source address in your migration project.
    • Migrates only folders that are owned by that account, but migrates all files in those folders regardless of ownership.
    • Unowned folders with sub-folders that are owned by this account are mimicked to maintain functional integrity post migration. No files in those unowned folders are migrated.
    • Sharing permissions for folders and documents are also migrated.
    • No folder or files owned by another user are migrated.
    • See Google Drive Migration FAQ for more details
  • RenameConflictingFiles=1
  • If App Based Authentication is in use at the Destination, add DestPersonalSiteIsProvisioned=1
  • MapPermissionEmailByPairsInProject=1
    • Permissions generally cannot be migrated unless the prefix of the mail address is the same in the source and the destination. However, choosing Support Option MapPermissionEmailByPairsInProject=1 will allow permissions to be migrated without identical mail addresses.
    • If you have split all the Google Drive accounts across different MigrationWiz project, use the Support Option MapPermissionEmailByPairsInCustomer=1 instead to use the mapping of all users across all projects.

If the migration project is a long-term project, it may be necessary to add an additional Advanced Option for use during the final migration pass to verify the contents of previously migrated items. For more information, contact Support.

Notifications

  • Send successful migration and notification to: > Source email address (if users are still using G Suite Gmail) or Destination email address (if users are already using Office 365).
  • Customize notification email: Checkmark the Customize "successful migration" email Add your own customization text and company name to this email.
  • Notifications are not mandatory for a successful migration.  Notifications should only be set up before the final pass. If performing a single, Full pass, set this up now. If you are following a Pre-Stage migration strategy, only set this up prior to the final Full (Delta) pass.

Run Verify Credentials

  1. ​Sign in to your MigrationWiz account​.
  2. Open the Project containing items you wish to validate​.
  3. Select the items you wish to validate.
  4. Click the Start button in your dashboard.
  5. Select Verify Credentials from the drop-down list.

Once complete, the results of the verification will be shown in the Status section.​ 

Notify Users

Notify users that a migration is occurring. Send email to all users telling them the time and date of the migration.

Run Migration

Pre-Stage pass

  1. Select the users you wish to migrate.
  2. Click the Start button from the top.
  3. Select Pre-Stage Migration.
  4. Under the Migration Scheduling section, from the drop-down list, select 90 days ago.
  5. Click Start Migration.

Full (Delta) pass

  1. Select the users.
  2. Click the Start button from the top.
  3. Select Full Migration.
  4. Click Start Migration.

Run Retry Errors

Look through the user list and click any red "failed migration" errors. Review the information and act accordingly.

If problems persist, contact Support.

Request Statistics

  • Click the pie chart icon in the MigrationWiz dashboard to receive an email containing all the project migration statistics.
Was this article helpful?
3 out of 5 found this helpful