Google Drive to OneDrive for Business (Private Cloud) Migration Guide

Introduction

This articles outlines the complete task flow for migrating folders and documents from Google Drive to OneDrive for Business. This migration requires an Azure subscription, which maximizes migration speed and bypasses throttling.

The Source must be a paid version of Google Drive. Free Google Drive accounts are not a supported Source.

Items and folders in "Shared with Me" will not be migrated.  Only items in "My Drive" will be migrated. To migrate "Shared with Me" items, they must be added to "My Drive".

Endpoint Change Notification

For Government or Private Cloud migrations, select OneDrive (Private Cloud) endpoint types instead of OneDrive in your destination endpoint selection. 

Set up the Azure Environment

Note: If using Microsoft-provided Azure storage, you can skip this section.

  1. Estimate Azure storage costs. This step is optional but is useful in order to provide the customer with upfront storage costs ahead of time. Microsoft Azure Pricing Calculator
  2. Buy an Azure subscription (or use the free one-month trial, and be aware that this option is only viable if you are performing a very small migration). 
  3. Visit Azure Portal to create your storage account. You will need to set up a STORAGE (General Purpose v1 or v2) account rather than a storage blob. Take note of the storage account name and the primary access key. (In Azure, from the storage screen, click Manage Access Keys at the bottom of the screen.) These need to be entered into the MigrationWiz migration project when specifying the Destination settings. We recommend that you create your Azure storage account in the same Microsoft data center as the Destination Office 365 tenant. There is no need to create any Azure containers for this migration.
  4. Access key information:
    • -accesskey – This is the Storage account name for the Blob – example “accountname”
    • -secretkey - This is the access key for the Storage account – example “W1RrDfkPNkfYfdVqizMNJjn5mXchwMP5uYBY8MsMqWTA7EubG911+4fZlki0Gag==”

Prepare the Source

Google Drive (Own Service Account) Endpoint 

This endpoint requires your tenant service account to be set up and Google APIs be enabled. Follow the steps below to set up your environment for this endpoint. 

Prerequisites:

  • Subscription to Google Cloud Platform.

  • Google Super Administrator account.

  • Ability to set up a service account on the G Suite tenant.

  • Service account must be set up before the MigrationWiz project is created.

 Step 1: Create a Google Project:

  1. Go to the Google Cloud Platform (GCP) Console and sign in as a super administrator. Choose one of the options below:

    • If you haven't used the Google Cloud Platform Console before, agree to the Terms of Service and click Create Project.

    • If you have used Google Cloud Platform Console before, at the top of the screen next to your most recent project name, click Down to open your projects list. Then, click New Project.

  2. Enter a project name and click Create.

 Step 2: Enable APIs for Service Account

  1. From the Google Cloud Platform Console, click Menu > APIs & Services > Library.

  2. Enable the following APIs by selecting the specific API and clicking Enable.
    Repeat for each API listed below:

    • Google Drive API

    • Admin SDK

Make sure that the respective services are enabled within the Google tenant. You can control services for your users using the instructions on this page: Control who can access G Suite and Google Services.

 Step 3: Create Customer Tenant Service Account

  1. From the Google Cloud Platform Console, click Menu > IAM & Admin > Service accounts.

  2. Click Create Service Account and enter a name.

  3. Click Create.

  4. Assign the role of Owner to the new Service Account by selecting Owner from the Role drop down menu.

  5. Click Done.

  6. You will now be returned to the "Service Accounts" page. 
  7. On ‘Service accounts' page, click vertical ellipsis under 'Actions’ column for the service account created above.
  8. Click + Add Key.

  9. Click Create New Key.

  10. Make sure that JSON is selected as "Key Type."

  11. Click Create.

  12. Click Close.
    Notes:

    • Make sure that you download the key as a JSON file and make a note of the name and location of the file. This JSON file will be used when setting up the migration endpoint in the Mailbox Migration project.

    • The JSON file must contain information in the following fields: “type”, “private key”, and “client email”. If these mandatory fields are empty the file upload during endpoint creation will fail.

Step 4: Setting the Scopes for the Migration

From the Google Cloud Platform Console:

    1. Click Menu
    2. Click IAM & Admin
    3. Click Service Accounts
    4. Find the service account that was set up in Step 3: Create Customer Tenant Account.
    5. Find the Unique ID field for that service account by clicking the Column Display Options button in the right upper corner above Actions and copy the ID number. This is the Client ID number that will be used in a later step.
      Note:
      • This field often needs to be added to the view. Click on the Column display options button and add a checkmark to Unique ID, then click OK.
      • This Client ID should be considered similar to Administrator account passwords and handled securely.
    6. You will now have one of two options, depending on if the Google UI has been updated in your tenant.

    Old Google Tenant:

    • Go to the G Suite admin page at google.com
    • Click on Security
    • Click on Advanced Settings
    • Click Manage API Client Access.

    OR If your account shows the latest UI updates from Google, as shown below:mceclip0.png

    • Go to the G Suite admin page at google.com
    • Click on Security
    • Click Advanced Settings
    • Under ‘Domain-wide delegation’, click Manage domain-wide delegation
    • On the Manage domain-wide delegation page, click Add new

     Once these steps are complete:

    1. In the Client ID field, paste the Unique ID copied above.
    2. In the OAuth scopes (comma-delimited) field, paste all scopes listed below:
      1. For source endpoint :
        https://www.googleapis.com/auth/admin.directory.group.readonly, https://www.googleapis.com/auth/admin.directory.user.readonly, https://www.googleapis.com/auth/drive.readonly
        OR

      2. For destination endpoint (must include read-write scopes):
        https://www.googleapis.com/auth/admin.directory.group, https://www.googleapis.com/auth/admin.directory.user, https://www.googleapis.com/auth/admin.directory.group.readonly, https://www.googleapis.com/auth/admin.directory.user.readonly, https://www.googleapis.com/auth/drive.readonly,
        https://www.googleapis.com/auth/drive

    3. Click Authorize.

     You should now see your specific Unique ID and the associate scopes listed.

 

Preparing the Destination

  1. Create an administrator account in Office 365 to be used for migration, or use the global admin account for the tenant. Read the How do I create an administrator account in Office 365, and then use this during migration? for more information.
    Important: The admin account must have a full license assigned to it, in order to be able to provision OneDrive for Business profiles for each user during the migration process. Read the Personal Site is not instantiated = PermissionsUserNotLicensed article for more information.
  2. Assign an Office 365 license that contains OneDrive for Business to the admin account that will be used for migration.
    • If users have never used OneDrive before, MigrationWiz will provision OneDrive (SharePoint) profiles for each user being migrated, using the admin account credentials that are entered in the MSPComplete Destination endpoint. However, it does not create the user account; the user account needs to have already been created.
    • MigrationWiz cannot provision a OneDrive profile for blocked users. If a user is blocked, there will be a provisioning or access error.
  3. Set up accounts on Office 365 and assign licenses. These can be created in several ways:
    • Manually, one at a time.
    • By bulk import, via CSV file. Read the Add several users at the same time to Office 365 article from Microsoft for more information.
      Note: You can use the CSV file that was created under Step 3 of the Prepare the Source Environment section of this guide.
    • By PowerShell script. Read the Create user accounts with Office 365 PowerShell article from Microsoft for more information.
      Important:
      If you are migrating permissions, the part of the usernames before the "@" sign on Office 365 must match the part of the username on Google Drive before the "@" sign, e.g., john.smith@domain1.com on Google Drive must follow the same format before the @ sign on Office 365, and so must also equal "john.smith" on Office 365. The domain name, however, can be different. Read the How are shared documents handled when migrating documents? article for more information.
  4. Set up groups on Office 365. If permissions were assigned to groups on Google Drive, and you want these to be migrated, the group names on Office 365 must match the group names on Google Drive. Read the How are shared documents handled when migrating documents? article for more information.
  5. Create the required Office 365 CNAME for your domain. Read the Create DNS records at Register365 for Office 365 article from Microsoft for more information.
  6. Set up the app-based authentication in the Office 365 tenant. For specific instructions, see Sharepoint App-based Authentication.

Licensing

 

Create New Project

Google Drive (Own Service Account) Endpoint

To create a new migration project:

    1. Click the Go To My Projects button.
    2. Click the Create Project button.
    3. Click on the type of project that you wish to create. For this scenario, select Document. Document projects are used to migrate document drives from one cloud storage to another. Document migrations will maintain the folder hierarchy from the source to the destination.
    1. Click Next Step.
    2. Enter a Project name and select a Customer.
      Note: If you have not already added the customer into MSPComplete, you will need to click New to create the Customer. For steps on creating customers, see View, Add, and Edit Your Customers.
    3. Click Next Step.
    4. Select a Source Endpoint from the Endpoint dropdown menu or create a new endpoint. 
      Notes:
      • Click Endpoints > Add Endpoint > Enter endpoint name > For endpoint type, select Google Drive (Own Service Account).

      • Click Select File > Navigate to and select the JSON file that contains the Google Service Account key that was saved during the service account setup process.

      • Enter the Google admin account email address. Please note that this admin email should match the end user domain.

    5. Select the OneDrive for Business (Private Cloud) Destination Endpoint from the Endpoint dropdown menu. 
    6. Click Save and Go to Summary.
      Note: If setting up a Tenant to Tenant Coexistence mailbox project, check the box for Enable Tenant to Tenant Coexistence. Otherwise, leave that box unchecked.

Once the project is created:

Run Migration

Support Options for this migration:

  • InitializationTimeout=8 - This increases the initialization timeout window to eight hours. 
  • IncreasePathLengthLimit=1 - Use this Advanced Option in MigrationWiz to enable the use of 400 characters for the file path name. R
  • RemoveExistingPermissionsWhenUnspecified=1 article for more information.
  • ShrinkFoldersMaxLength=200 (optional, but recommended) Read the How do I auto shrink the folder path when migrating to OneDrive for Business or SharePoint Online? article for more information.
  • DocumentBrowsingMode=Moderate (optional, but recommended) Read the How does Google Drive to Microsoft OneDrive for Business with Moderate Mode work? article for more information.
  • RenameConflictingFiles=1 (optional, but recommended). Read the Error: Cannot create 'filename' because another file exists with the same name article for more information.
  • If the migration project is a long-term project, it may be necessary to add an additional Advanced Option for use during the final migration pass to verify the contents of previously migrated items. For more information, contact Support.
    Note: There are no spaces on either side of the "=" sign, and the entries are case-sensitive, so pay special attention to the capital letters in the commands detailed above.
  • MapPermissionEmailByPairsInProject=1Permissions generally cannot be migrated unless the prefix of the mail address is the same in the source and the destination. However, choosing Support Option MapPermissionEmailByPairsInProject=1 will allow permissions to be migrated without identical mail addresses.
  • Set the Advanced Option to send a notification to end users after the migration pass completes. Notifications are not mandatory.
  • Notifications > Send successful migration and notification to: > Source email address (if users are still using G Suite Gmail) or Destination email address (if users are already using Office 365).

 

    • Customize notification email. Checkmark the Customize "successful migration" email box. Add your own customization text and company name to this email.
      Note: Notifications are not mandatory for a successful migration.  Notifications should only be set up before the final pass. If performing a single, Full pass, set this up now. If you are following a Pre-Stage migration strategy, only set this up prior to the final Full (Delta) pass.

 

Remove the Authentication App

Post-Migration Steps To prevent users from inadvertently logging in and using their Google Drive accounts, decommission the Google Drive user accounts, or change their passwords. Notify users once the migration has completed. Note: If you set the MigrationWiz Advanced Option for Notifications, they will receive an email upon migration completion. Assist them with setting up access to their OneDrive for Business accounts, and setting up their synchronization settings. Provide training on OneDrive for Business. Delete all the Azure containers used for this migration. This will prevent incurring post-migration Azure costs for these containers. Be careful to only delete the containers created for this migration.

Was this article helpful?
3 out of 5 found this helpful