OneDrive for Business to OneDrive for Business Migration Guide

This migration guide explains the process of migrating a OneDrive for Business instance to another OneDrive for Business instance.

The Source and Destination must be OneDrive for Business - not the personal OneDrive version. This guide contains steps for both normal and GCC/China migrations. If you are performing a GCC/China migration, simply skip the Azure step as noted below. 

OneDrive migrations

Note that OneDrive data may not be accessible for a few days after migration, due to OneDrive's crawling and indexing process. We suggest having your users log in immediately after migration, but warn them that their data may not be available immediately. For this reason, it may be best to complete the migration on a Friday so the indexing can happen over the weekend.

If you are migrating to an Microsoft 365 Small Business Tenant account, the processes will be very similar. However, you will not be able to use admin credentials for your Destination endpoint and will instead be using end user credentials. 

Due to versioning, storage usage in OneDrive may be increased when migrating with permissions.

Due to limitations on connections allowed by GoDaddy, we do not support migrating to or from GoDaddy using this migration type.

First migration?

We’ve created a guide on scoping, planning, and managing the migration process for your use. If this is your first migration, we recommend reading this guide carefully.

MigrationWiz

MigrationWiz is a migration tool, not a syncing tool. If changes are made at the source after migration, they will not sync to the destination, nor will changes made at the destination sync to the source. We do not have “live” monitoring of changes (as with a sync agent) and we cannot handle scenarios such as conflict resolution without user interaction.

MigrationWiz supports the capability to share migration projects across a Workgroup. When the Project Sharing feature is turned on, all Agents besides those who are Inactive can view all migrations projects. 

We are not able to support migrations with two-factor or multifactor authentication. 

Preparing the Source

When setting up the source environment there are two authentication options to choose from. 

  • Delegated admin rights or
  • App-based authentication is the preferred method as it is more secure and avoids throttling

Create an Administrator Account using Delegated administrator rights

The easiest approach to follow is to use the global administrator account that was set up at the time of tenant creation. However, if you do not wish to use this global admin account during migration, then a new user account can be created instead. This will then need to have a license assigned that includes OneDrive for Business and be granted Site Collection Administrator privileges. 

Important: We strongly recommend that you use an administrator account that isn’t one of the users being migrated, as it can cause issues with missing shared permissions.

Process:

  1. Create a user in Microsoft 365 and assign a license that includes OneDrive for Business. For step by step instructions, see the Microsoft article Add users individually or in bulk to Office 365.
  2. Set the administrator privileges. Grant one of the permission levels listed below. 

After you perform these steps, the specified user will be visible in the Microsoft 365 administrator center. Full provisioning of the user account can take up to 24 hours.

Export Users

Export the list of OneDrive for Business user accounts to a CSV file. This can be used when adding users on the Destination, and when adding the users to the project in MigrationWiz. 

Set up the app-based authentication in both Microsoft 365 tenants

You can elect to use an authentication app instead of delegated admin access. BitTitan uses app-based authentication for SharePoint, OneDrive for Business, Microsoft 365 Groups (Documents) migrations, and Teams migrations. This provides greater security and reduces the potential of Microsoft throttling. It replaces the previous Microsoft 365 authentication, which has been subject to increased throttling by Microsoft. This app-based authentication method is specific for Microsoft 365 tenants.

Important: If you opt to use app-based authentication, this app must be added in both .microsoftonline.com tenants (Source and Destination) to reduce the throttling and failures due to Microsoft throttling policy changes.

If this app is not added on both tenants, MigrationWiz will attempt to create a temporary substitute app in the tenants to be used for authentication. We do not recommend relying on this substitute app creation, as this behavior will only be a temporary transitional behavior within MigrationWiz. To avoid potential interruptions or failures in migrations, it is strongly recommended to set the app up in the tenants.

Note: GCC High tenants are not currently supported, delegated rights will be needed instead.

Add the App to the tenant

These are the steps to enable permission level at the source only. This authentication process gives you control over who is entitled to use the source.

  1. Ensure you are signed in as a Global Admin.
  2. Go to either MigrationWiz-SharePoint-ReadOnly or to MigrationWiz-SharePoint-FullControl and consent to the app access when prompted.
  3. Create new Security Group named “MigrationWiz” on the Microsoft 365 Admin Portal. 
  4. Create new user.
  5. Add new user to previously created security group as a member.
  6. Create MigrationWiz project.
  7. When creating the endpoints, enter the new user credentials.
  8. Add support option UseApplicationPermission=1 

Preparing the Destination

If you are performing a GCC/China migration, skip this step and navigate to the 'Create an Administrator Account' section. 
Important: While there is an option to use Microsoft-provided Azure storage, we recommend that you use your own Azure storage instead. The security token generated for the Microsoft-provided storage expires after just a couple of days and that expiration will cause the migration to fail.

Prepare Azure Environment

If using Microsoft provided Azure storage, you can skip this section.

Note: We recommend that you create an Azure Storage Account in the same Microsoft data center as the Destination Microsoft 365 tenant. 

  1. Estimate Azure storage costs. This step is optional but is useful in providing the customer with upfront storage costs ahead of time.
  2. Buy an Azure subscription, or use the free one-month trial ( this option is only viable if you are performing a very small migration).
  3. Create an Azure storage account using STORAGEV2 (general purpose v2) as the type and LRS for data redundancy. See the following article for more details, Create an Azure storage account.
    1. Log in to https://manage.windowsazure.com
    2. Click Storage
    3. Click Manage Access Keys at the bottom of the screen. The access keys need to be entered when creating the MSPComplete Source endpoint. We recommend that you create an Azure Storage Account in the same Microsoft data center as the Destination Office 365 tenant. 
    4. Take note of the Storage Account Name and the Primary Access Key as follows:
    5. -accesskey – This is the Storage account name for the Blob – example “accountname”
    6. -secretkey - This is the access key for the Storage account – example “W1RrDfkPNkfYfdVqizMNJjn5mXchwMP5uYBY8MsMqWTA7EubG911+4fZlki0Gag==”

Create an Administrator Account for Delegated Administration rights

When setting up the destination there are two authentication options to choose from. 

  • Delegated admin rights or
  • App-based authentication is the preferred method as it is more secure and avoids throttling

The easiest approach to follow is to use the global administrator account that was set up at the time of tenant creation. However, if you do not wish to use this global admin account during migration, then a new user account can be created instead. This new account will then need to have a license assigned that includes OneDrive for Business and be granted either Global Administrator permissions or SharePoint Administrator privileges.

Important: We strongly recommend that you use an administrator account that isn’t one of the users being migrated, as it can cause issues with missing shared permissions.

Process:

  1. Create a user in Microsoft 365 and assign a license that includes OneDrive for Business. For step by step instructions, see the Microsoft article Add users individually or in bulk to Office 365.
  2. Grant the new user Global Administrator permissions or SharePoint Administrator rights in Microsoft 365.
  3. Ensure that the administrator account is set to use Basic authentication rather than Multi-Factor authentication.

After you perform these steps, the specified user will be visible in the Microsoft 365 administrator center. Full provisioning of the user account can take up to 24 hours.

Using Application permissions, it is a prerequisite that the user OneDrive to be pre-provisioned at Destination before Migration can begin. 

If you elected to use app-based authentication, perform the following steps:

Add the App to the tenant

Steps to enable permission level at the destination:

  1. Ensure you are signed in as a Global Admin.
  2. Go to MigrationWiz-SharePoint-FullControl and consent to the app access when prompted.
  3. Create new Security Group named “MigrationWiz” on the Microsoft 365 Admin Portal.
  4. Create new user.
  5. Add new user to previously created security group as a member.
  6. Create MigrationWiz project.
  7. When creating the endpoints, enter the new user credentials.

MSPComplete Steps

Create Customer

  1. Click the Add button in the top navigation bar
  2. Click the Add Customer button on the All Customers page
  3. In the left navigation pane, select the appropriate workgroup and then click All Customers.
  4. Click Add Customer.
  5. Enter the new customer’s information in the Add Customer form. Primary Email Domain and Company Name are required. The rest are optional.
  6. Click Save.
  7. Repeat steps 1 through 4 for each customer you want to add. 

Purchase licenses

We recommend that you purchase the User Migration Bundle license for this migration scenario. User Migration Bundle licenses allow multiple types of migrations to be performed with a single license. They also allow DeploymentPro to be used to configure Outlook email profiles. For questions on licensing, visit MigrationWiz Licenses

To purchase licenses:

  1. Sign in to your BitTitan account. 
  2. In the top navigation bar, click Purchase.
  3. Click the Select button and choose User Migration Bundle licenses.
  4. Enter the number of licenses you want to purchase. Click Buy Now.
  5. Enter a Billing address if applicable.
  6. Click Next.
  7. Review the Order Summary and enter a payment method.
  8. Click Place Your Order.

Apply licenses

  1. Select the correct workgroup on the top of the left navigation pane. This is the workgroup that the customer and migration project were created under. Your account must be part of the workgroup if the project was not created under your account.
  2. On the left navigation pane, click Customers.
  3. Click the customer that employs the user to whom you want to apply a User Migration Bundle license.
  4. Click the Users tab at the top of the page.
  5. Check the box to the left of the email for the user(s) to whom you want to apply a license.
  6. Click the Apply User Migration Bundle License button at the top of the page. It is recommended that users be added to the Customer page with the vanity domain. Then have the User Migration Bundle Licenses applied, before editing to show the .onmicrosoft domain, if the .onmicrosoft domain will be used for the migration.
  7. If there is at least one unassigned User Migration Bundle license available for each selected user, click Confirm.

MigrationWiz Steps

Create a Document Project

  1. Log in to MigrationWiz.
  2. Click the Go to My Projects button.
  3. Click the Create Project button.
  4. Select the Document project type. 
  5. Click Next Step.
  6. Enter a Project name and select a Customer.
  7. Click Next Step.
  8. Select endpoints or follow the steps below to create new endpoints. 

Endpoints

Endpoints are now created through MigrationWiz, rather than through MSPComplete. The steps for this section outline how to create the endpoints in MigrationWiz.

If you are selecting an existing endpoint, keep in mind that only ten endpoints will show in the drop-down. If you have more than ten, you may need to search. Endpoint search is case and character specific. For example, Cust0mer will not show up if the search is customer. We recommend keeping a list of endpoints you have created, along with any unique spellings or capitalization you may have used.

You may either use existing endpoints, or create new ones. 

To create a new source endpoint:

  1. Click Endpoints
  2. Click Add Endpoint
  3. Select OneDrive for Business. 
  4. Enter the administrator username and password in the proper fields.
  5. Click Add Endpoint. 

To create a new destination endpoint:

  1. Click Endpoints
  2. Click Add Endpoint
  3. Select OneDrive for Business. 
  4. Enter the administrator username and password in the proper fields.
  5. Enter the Azure Storage Account Name and Azure Access Key or select Microsoft provided Azure Storage.
  6. Click Add Endpoint. 

Add Items To Project

To add the user accounts (also called "Line Items") that will be migrated into the project using the CSV file created in the Prepare Source section, click "Add" in the menu dashboard and select "Bulk-Add". 

  • If you're also running a Mailbox Project for the users that will be migrated here, you can use the "Add from MSPComplete" option. Verify the users are licensed in MSPComplete or in the Mailbox project before adding them.

Important: The users Source and Destination address must be entered as the current username (User Principal Name) for their account in the Microsoft 365 tenant or authentication errors may result. It may be necessary to edit the addresses in your MigrationWiz  project after you have imported your users. This will be required  if you have already applied the User Migration Bundle to an address that is not the User Principal Name. Read the Cannot Authenticate article for more information.

Advanced & Support Options

Add the following options in the Advanced Options and Support Options tabs. 

  • Required for Multi-Geo migrations: For non-standard URL endpoints, add OneDriveProExportAdminUrl=<non standard URL> and OneDriveProImportAdminUrl=<non standard URL>. (Replace "<non standard URL>" with your custom URL.) 
  • InitializationTimeout=8 - This increases the initialization timeout window to eight hours. This is especially useful for large migrations.
  • IncreasePathLengthLimit=1 - Use this Advanced Option in MigrationWiz to enable the use of 400 characters for the file path name. OneDrive limits characters in file path names, which can cause errors when migrating folder structures.
    • BitTitan has no limitations to the number of folders per migration. Any folder limits will be set by Microsoft.
    • There are no spaces on either side of the "=" sign, and the entries are case-sensitive, so pay special attention to the capital letters in the commands above.
  • If migrating from a GCC High US Government Tenant, add:
    OneDriveProExportEnvironment=AzureUSGovernment

    If migrating to a GCC High US Government Tenant, add:
    OneDriveProImportEnvironment=AzureUSGovernment

  • If App Based Authentication is in use at the Destination, add DestPersonalSiteIsProvisioned=1
  • Set the Advanced Option to send a notification to end users after the migration pass completes. (This is optional.)
    1. Notifications
    2. Send successful migration and notification to:
    3. Source email address (if users are still using the original Source Microsoft 365 tenant) or Destination email address (if users are already using the Destination Microsoft 365 tenant).
    4. Customize notification email. Checkmark the Customize "successful migration" email Add your own customization text and company name to this email.
    5. Notifications should only be set up before the final pass. If performing a single, Full pass, set this up now. If you are following a Pre-Stage migration strategy, only set this up prior to the final Full (Delta) pass.
  • If the migration project is a long-term project, it may be necessary to add an additional Advanced Option for use during the final migration pass to verify the contents of previously migrated items. For more information, contact Support.

Map Permission Email by Pairs

In scenarios where usernames change during a migration, you will need to run the following command to ensure permissions map to the new username:

Option Command: MapPermissionEmailByPairsInProject=1

Environment(s): OneDrive/Google Drive (Destination)

Migration Type(s): OneDrive/Google Drive as destination only.

Important: Permissions generally cannot be migrated unless the prefix of the mail address is the same in the source and the destination. However, choosing Support Option MapPermissionEmailByPairsInProject=1 will allow permissions to be migrated without identical mail addresses.

Description: When OneDrive/Google Drive is the destination, this option can be used to map permissions by pairs in the project. user@domain.com to firstinitial.lastname@domain.com.

Run Verify Credentials

  1. Open the Project containing items you wish to validate​.
  2. Select the items you wish to validate.
  3. Click on the Start button in your dashboard.
  4. Select Verify Credentials from the drop-down list.
  5. Once complete, the results of the verification will be shown in the Status section.

Notify Users

Send out the final notification that the migration is beginning. Include when the migration will start, expected duration, any usage instructions during migration, and any expected steps or notifications for the post-migration timeline. Remind them to avoid modifying any documents at the Source, as this may cause corrupt data or and incomplete migration.

Run Migration

From the MigrationWiz interface:

Pre-Stage pass

  1. Select the users you wish to migrate
  2. Click the Start button from the top
  3. Select Pre-Stage Migration
  4. Under the Migration Scheduling section, from the drop-down list, select 90 days ago
  5. Click Start Migration.

Full pass

  1. Select the users
  2. Click the Start button from the top
  3. Select Full Migration
  4. Click Start Migration

Run Retry Errors

Look through the user list and click any red "failed migration" errors. Review the information and act accordingly.

If problems persist, contact Support.

Request Statistics

Click the pie chart icon in the MigrationWiz dashboard to receive an email containing all the project migration statistics.

Post Migration Steps

Remove the Authentication App

To remove the BitTitan Enterprise app, perform the following steps:

  1. Launch PowerShell.
  2. Connect PowerShell to Microsoft 365.
  3. Enter the command: Connect-AzureAD
  4. Enter the admin credential in the prompt.
  5. Enter the command: Get-AzureADServicePrincipal -SearchString Migration
  6. Look for the ObjectId of the app you want to remove and enter the following command: Remove-AzureADServicePrincipal -objectId <the object id>

Click the bar chart icon in the MigrationWiz dashboard to receive an email containing all the project migration statistics. Read the How do I request statistics for my migration project? article for more information.

Decommission source accounts

To prevent users from inadvertently logging in and using their Source accounts, decommission their Source OneDrive for Business user accounts, or change their passwords.

Notify users

Notify users once the migration has completed. If you set the MigrationWiz Advanced Option for Notifications, they will receive an email upon migration completion. Assist them with setting up access to their OneDrive for Business accounts, and setting up their synchronization settings.

Was this article helpful?
3 out of 6 found this helpful