Migrate SharePoint Users to/from ADFS

Moving from a domain authentication between ADFS authentication and on premise AD authentication is becoming a not uncommon activity these days, partly because incorporating ADFS into your on-premises farm is the first step in moving either completely or partially into SharePoint Online.

Step 1. You need to move the content db to the target farm and attach it. users wont be able to access until you do the user migration.

Step 2. User Migration – Script is given below for getting list of users and migrate.

#Start

Set-PSDebug -Strict
add-pssnapin microsoft.sharepoint.powershell -erroraction 0

# Select Options
Write-Host -ForegroundColor Yellow “‘Document’ will create a CSV dump of users to convert. ‘Convert’ will use the data in the CSV to perform the migrations.”
Write-Host -ForegroundColor Cyan “1. Document”
Write-Host -ForegroundColor Cyan “2. Convert”
Write-Host -ForegroundColor Cyan ” ”
[int]$Choice = Read-Host “Select an option 1-2: ”

switch($Choice)
{
1 {[bool]$convert = $false}
2 {[bool]$convert = $true}
default {Write-Host “Invalid selection! Exiting… “; exit}
}
Write-Host “”

$objCSV = @()
[string]$csvPath = Read-Host “Please enter the path to save the .csv file to. (Ex. C:\migration)”
if ((Test-Path -LiteralPath $csvPath) -eq $false) {
Write-Host “Invalid path specified! Exiting…”; exit
}

if($convert-eq $true)
{
$objCSV = Import-CSV “$csvPath\MigrateUsers.csv”

foreach ($object in $objCSV)
{
$user = Get-SPUser -identity $object.OldLogin -web $object.SiteCollection
write-host “Moving user:” $user “to:” $object.NewLogin “in site:” $object.SiteCollection
move-spuser -identity $user -newalias $object.NewLogin -ignoresid -Confirm:$false
}
}
else
{
[string]$oldprovider = Read-Host “Enter the Old Provider Name (Example -> Domain\ or i:0#.f|MembershipProvider|) ”
[string]$newprovider = Read-Host “Enter the New User Provider Name (Example -> Domain\ or i:0e.t|MembershipProvider|) ”
[string]$newsuffix = Read-Host “Enter the UPN suffix for the new provider, if desired (Example -> @domain.com) ”
[string]$newGroupProvider = Read-Host “Enter the New Group Provider Name (Example -> Domain\ or c:0-.t|MembershipProvider|domain.com\) ”

# Select Options
Write-Host -ForegroundColor Yellow “Choose the scope of the migration – Farm, Web App, or Site Collection”
Write-Host -ForegroundColor Cyan “1. Entire Farm”
Write-Host -ForegroundColor Cyan “2. Web Application”
Write-Host -ForegroundColor Cyan “3. Site Collection”
Write-Host -ForegroundColor Cyan ” ”
[int]$scopeChoice = Read-Host “Select an option 1-3: ”

switch($scopeChoice)
{
1 {[string]$scope = “Farm”}
2 {[string]$scope = “WebApp”}
3 {[string]$scope = “SiteColl”}
default {Write-Host “Invalid selection! Exiting… “; exit}
}
Write-Host “”
if($scope -eq “Farm”)
{
$sites = @()
$sites = get-spsite -Limit All
}
elseif($scope -eq “WebApp”)
{
$url = Read-Host “Enter the Url of the Web Application: ”
$sites = @()
$sites = get-spsite -WebApplication $url -Limit All
}
elseif($scope -eq “SiteColl”)
{
$url = Read-Host “Enter the Url of the Site Collection: ”
$sites = @()
$sites = get-spsite $url
}

foreach($site in $sites)
{
$webs = @() #needed to prevent the next foreach from attempting to loop a non-array variable
$webs = $site.AllWebs

foreach($web in $webs)
{
# Get all of the users in a site
$users = @()
$users = get-spuser -web $web -Limit All #added “-limit” since some webs may have large user lists.

# Loop through each of the users in the site
foreach($user in $users)
{
# Create an array that will be used to split the user name from the domain/membership provider
$a=@()
$displayname = $user.DisplayName
$userlogin = $user.UserLogin

if(($userlogin -like “$oldprovider*”) -and ($objCSV.OldLogin -notcontains $userlogin))
{
# Separate the user name from the domain/membership provider
if($userlogin.Contains(‘|’))
{
$a = $userlogin.split(“|”)
$username = $a[1]

if($username.Contains(‘\’))
{
$a = $username.split(“\”)
$username = $a[1]
}
}
elseif($userlogin.Contains(‘\’))
{
$a = $userlogin.split(“\”)
$username = $a[1]
}

# Create the new username based on the given input
if ($user.IsDomainGroup) {
[string]$newalias = $newGroupProvider + $username
} else {
[string]$newalias = $newprovider + $username + $newsuffix
}

$objUser = “” | select OldLogin,NewLogin,SiteCollection
$objUser.OldLogin = $userLogin
$objUser.NewLogin = $newAlias
$objUser.SiteCollection = $site.Url

$objCSV += $objUser
}
}
}
$site.Dispose()
}

$objCSV | Export-Csv “$csvPath\MigrateUsers.csv” -NoTypeInformation -Force
}

#End

csv format is as below.

ADFS to onpremise
OldLogin NewLogin SiteCollection
i:05.t|adfs|explporetest@sp.com i:0#.w|domain\explporetest https://exploresharepointfeatures.sharepoint.com/sites/test

 

onpremise to ADFS
OldLogin NewLogin SiteCollection
i:0#.w|domain\explporetest i:05.t|adfs|explporetest@sp.com https://exploresharepointfeatures.sharepoint.com/sites/test
Advertisements

About jollsam

10 years of experience in SharePoint Development, Administration and Solution/Infrastructure Architecture.
This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s