Moving from a domain authentication between ADFS authentication and on premise AD authentication is becoming a not uncommon activity these days, partly because incorporating ADFS into your on-premises farm is the first step in moving either completely or partially into SharePoint Online.
Step 1. You need to move the content db to the target farm and attach it. users wont be able to access until you do the user migration.
Step 2. User Migration - Script is given below for getting list of users and migrate.
Set-PSDebug -Strict
add-pssnapin microsoft.sharepoint.powershell -erroraction 0
# Select Options
Write-Host -ForegroundColor Yellow "'Document' will create a CSV dump of users to convert. 'Convert' will use the data in the CSV to perform the migrations."
Write-Host -ForegroundColor Cyan "1. Document"
Write-Host -ForegroundColor Cyan "2. Convert"
Write-Host -ForegroundColor Cyan " "
[int]$Choice = Read-Host "Select an option 1-2: "
1 {[bool]$convert = $false}
2 {[bool]$convert = $true}
default {Write-Host "Invalid selection! Exiting... "; exit}
Write-Host ""
$objCSV = @()
[string]$csvPath = Read-Host "Please enter the path to save the .csv file to. (Ex. C:\migration)"
if ((Test-Path -LiteralPath $csvPath) -eq $false) {
Write-Host "Invalid path specified! Exiting..."; exit
if($convert-eq $true)
$objCSV = Import-CSV "$csvPath\MigrateUsers.csv"
foreach ($object in $objCSV)
$user = Get-SPUser -identity $object.OldLogin -web $object.SiteCollection
write-host "Moving user:" $user "to:" $object.NewLogin "in site:" $object.SiteCollection
move-spuser -identity $user -newalias $object.NewLogin -ignoresid -Confirm:$false
[string]$oldprovider = Read-Host "Enter the Old Provider Name (Example -> Domain\ or i:0#.f|MembershipProvider|) "
[string]$newprovider = Read-Host "Enter the New User Provider Name (Example -> Domain\ or i:0e.t|MembershipProvider|) "
[string]$newsuffix = Read-Host "Enter the UPN suffix for the new provider, if desired (Example -> "
[string]$newGroupProvider = Read-Host "Enter the New Group Provider Name (Example -> Domain\ or c:0-.t|MembershipProvider|\) "
# Select Options
Write-Host -ForegroundColor Yellow "Choose the scope of the migration - Farm, Web App, or Site Collection"
Write-Host -ForegroundColor Cyan "1. Entire Farm"
Write-Host -ForegroundColor Cyan "2. Web Application"
Write-Host -ForegroundColor Cyan "3. Site Collection"
Write-Host -ForegroundColor Cyan " "
[int]$scopeChoice = Read-Host "Select an option 1-3: "
1 {[string]$scope = "Farm"}
2 {[string]$scope = "WebApp"}
3 {[string]$scope = "SiteColl"}
default {Write-Host "Invalid selection! Exiting... "; exit}
Write-Host ""
if($scope -eq "Farm")
$sites = @()
$sites = get-spsite -Limit All
elseif($scope -eq "WebApp")
$url = Read-Host "Enter the Url of the Web Application: "
$sites = @()
$sites = get-spsite -WebApplication $url -Limit All
elseif($scope -eq "SiteColl")
$url = Read-Host "Enter the Url of the Site Collection: "
$sites = @()
$sites = get-spsite $url
foreach($site in $sites)
$webs = @() #needed to prevent the next foreach from attempting to loop a non-array variable
$webs = $site.AllWebs
foreach($web in $webs)
# Get all of the users in a site
$users = @()
$users = get-spuser -web $web -Limit All #added "-limit" since some webs may have large user lists.
# Loop through each of the users in the site
foreach($user in $users)
# Create an array that will be used to split the user name from the domain/membership provider
$displayname = $user.DisplayName
$userlogin = $user.UserLogin
if(($userlogin -like "$oldprovider*") -and ($objCSV.OldLogin -notcontains $userlogin))
# Separate the user name from the domain/membership provider
$a = $userlogin.split("|")
$username = $a[1]
$a = $username.split("\")
$username = $a[1]
$a = $userlogin.split("\")
$username = $a[1]
# Create the new username based on the given input
if ($user.IsDomainGroup) {
[string]$newalias = $newGroupProvider + $username
} else {
[string]$newalias = $newprovider + $username + $newsuffix
$objUser = "" | select OldLogin,NewLogin,SiteCollection
$objUser.OldLogin = $userLogin
$objUser.NewLogin = $newAlias
$objUser.SiteCollection = $site.Url
$objCSV += $objUser
$objCSV | Export-Csv "$csvPath\MigrateUsers.csv" -NoTypeInformation -Force
add-pssnapin microsoft.sharepoint.powershell -erroraction 0
# Select Options
Write-Host -ForegroundColor Yellow "'Document' will create a CSV dump of users to convert. 'Convert' will use the data in the CSV to perform the migrations."
Write-Host -ForegroundColor Cyan "1. Document"
Write-Host -ForegroundColor Cyan "2. Convert"
Write-Host -ForegroundColor Cyan " "
[int]$Choice = Read-Host "Select an option 1-2: "
1 {[bool]$convert = $false}
2 {[bool]$convert = $true}
default {Write-Host "Invalid selection! Exiting... "; exit}
Write-Host ""
$objCSV = @()
[string]$csvPath = Read-Host "Please enter the path to save the .csv file to. (Ex. C:\migration)"
if ((Test-Path -LiteralPath $csvPath) -eq $false) {
Write-Host "Invalid path specified! Exiting..."; exit
if($convert-eq $true)
$objCSV = Import-CSV "$csvPath\MigrateUsers.csv"
foreach ($object in $objCSV)
$user = Get-SPUser -identity $object.OldLogin -web $object.SiteCollection
write-host "Moving user:" $user "to:" $object.NewLogin "in site:" $object.SiteCollection
move-spuser -identity $user -newalias $object.NewLogin -ignoresid -Confirm:$false
[string]$oldprovider = Read-Host "Enter the Old Provider Name (Example -> Domain\ or i:0#.f|MembershipProvider|) "
[string]$newprovider = Read-Host "Enter the New User Provider Name (Example -> Domain\ or i:0e.t|MembershipProvider|) "
[string]$newsuffix = Read-Host "Enter the UPN suffix for the new provider, if desired (Example -> "
[string]$newGroupProvider = Read-Host "Enter the New Group Provider Name (Example -> Domain\ or c:0-.t|MembershipProvider|\) "
# Select Options
Write-Host -ForegroundColor Yellow "Choose the scope of the migration - Farm, Web App, or Site Collection"
Write-Host -ForegroundColor Cyan "1. Entire Farm"
Write-Host -ForegroundColor Cyan "2. Web Application"
Write-Host -ForegroundColor Cyan "3. Site Collection"
Write-Host -ForegroundColor Cyan " "
[int]$scopeChoice = Read-Host "Select an option 1-3: "
1 {[string]$scope = "Farm"}
2 {[string]$scope = "WebApp"}
3 {[string]$scope = "SiteColl"}
default {Write-Host "Invalid selection! Exiting... "; exit}
Write-Host ""
if($scope -eq "Farm")
$sites = @()
$sites = get-spsite -Limit All
elseif($scope -eq "WebApp")
$url = Read-Host "Enter the Url of the Web Application: "
$sites = @()
$sites = get-spsite -WebApplication $url -Limit All
elseif($scope -eq "SiteColl")
$url = Read-Host "Enter the Url of the Site Collection: "
$sites = @()
$sites = get-spsite $url
foreach($site in $sites)
$webs = @() #needed to prevent the next foreach from attempting to loop a non-array variable
$webs = $site.AllWebs
foreach($web in $webs)
# Get all of the users in a site
$users = @()
$users = get-spuser -web $web -Limit All #added "-limit" since some webs may have large user lists.
# Loop through each of the users in the site
foreach($user in $users)
# Create an array that will be used to split the user name from the domain/membership provider
$displayname = $user.DisplayName
$userlogin = $user.UserLogin
if(($userlogin -like "$oldprovider*") -and ($objCSV.OldLogin -notcontains $userlogin))
# Separate the user name from the domain/membership provider
$a = $userlogin.split("|")
$username = $a[1]
$a = $username.split("\")
$username = $a[1]
$a = $userlogin.split("\")
$username = $a[1]
# Create the new username based on the given input
if ($user.IsDomainGroup) {
[string]$newalias = $newGroupProvider + $username
} else {
[string]$newalias = $newprovider + $username + $newsuffix
$objUser = "" | select OldLogin,NewLogin,SiteCollection
$objUser.OldLogin = $userLogin
$objUser.NewLogin = $newAlias
$objUser.SiteCollection = $site.Url
$objCSV += $objUser
$objCSV | Export-Csv "$csvPath\MigrateUsers.csv" -NoTypeInformation -Force
csv format is as below.
ADFS to onpremise | ||
OldLogin | NewLogin | SiteCollection |
i:05.t|adfs| | i:0#.w|domain\explporetest | |
onpremise to ADFS | ||
OldLogin | NewLogin | SiteCollection |
i:0#.w|domain\explporetest | i:05.t|adfs| | |
No comments:
Post a Comment