Showing posts with label ADFS. Show all posts
Showing posts with label ADFS. Show all posts

Monday, February 20, 2017

Migrate SharePoint Users to/from ADFS

Moving from a domain authentication between ADFS authentication and on premise AD authentication is becoming a not uncommon activity these days, partly because incorporating ADFS into your on-premises farm is the first step in moving either completely or partially into SharePoint Online.
Step 1. You need to move the content db to the target farm and attach it. users wont be able to access until you do the user migration.
Step 2. User Migration - Script is given below for getting list of users and migrate. 
#Start
Set-PSDebug -Strict
add-pssnapin microsoft.sharepoint.powershell -erroraction 0

# Select Options
Write-Host -ForegroundColor Yellow "'Document' will create a CSV dump of users to convert. 'Convert' will use the data in the CSV to perform the migrations."
Write-Host -ForegroundColor Cyan "1. Document"
Write-Host -ForegroundColor Cyan "2. Convert"
Write-Host -ForegroundColor Cyan " "
[int]$Choice = Read-Host "Select an option 1-2: "

switch($Choice)
{
1 {[bool]$convert = $false}
2 {[bool]$convert = $true}
default {Write-Host "Invalid selection! Exiting... "; exit}
}
Write-Host ""

$objCSV = @()
[string]$csvPath = Read-Host "Please enter the path to save the .csv file to. (Ex. C:\migration)"
if ((Test-Path -LiteralPath $csvPath) -eq $false) {
Write-Host "Invalid path specified! Exiting..."; exit
}

if($convert-eq $true)
{
$objCSV = Import-CSV "$csvPath\MigrateUsers.csv"

foreach ($object in $objCSV)
{
$user = Get-SPUser -identity $object.OldLogin -web $object.SiteCollection
write-host "Moving user:" $user "to:" $object.NewLogin "in site:" $object.SiteCollection
move-spuser -identity $user -newalias $object.NewLogin -ignoresid -Confirm:$false
}
}
else
{
[string]$oldprovider = Read-Host "Enter the Old Provider Name (Example -> Domain\ or i:0#.f|MembershipProvider|) "
[string]$newprovider = Read-Host "Enter the New User Provider Name (Example -> Domain\ or i:0e.t|MembershipProvider|) "
[string]$newsuffix = Read-Host "Enter the UPN suffix for the new provider, if desired (Example -> @domain.com) "
[string]$newGroupProvider = Read-Host "Enter the New Group Provider Name (Example -> Domain\ or c:0-.t|MembershipProvider|domain.com\) "


# Select Options
Write-Host -ForegroundColor Yellow "Choose the scope of the migration - Farm, Web App, or Site Collection"
Write-Host -ForegroundColor Cyan "1. Entire Farm"
Write-Host -ForegroundColor Cyan "2. Web Application"
Write-Host -ForegroundColor Cyan "3. Site Collection"
Write-Host -ForegroundColor Cyan " "
[int]$scopeChoice = Read-Host "Select an option 1-3: "

switch($scopeChoice)
{
1 {[string]$scope = "Farm"}
2 {[string]$scope = "WebApp"}
3 {[string]$scope = "SiteColl"}
default {Write-Host "Invalid selection! Exiting... "; exit}
}
Write-Host ""
if($scope -eq "Farm")
{
$sites = @()
$sites = get-spsite -Limit All
}
elseif($scope -eq "WebApp")
{
$url = Read-Host "Enter the Url of the Web Application: "
$sites = @()
$sites = get-spsite -WebApplication $url -Limit All
}
elseif($scope -eq "SiteColl")
{
$url = Read-Host "Enter the Url of the Site Collection: "
$sites = @()
$sites = get-spsite $url
}

foreach($site in $sites)
{
$webs = @() #needed to prevent the next foreach from attempting to loop a non-array variable
$webs = $site.AllWebs

foreach($web in $webs)
{
# Get all of the users in a site
$users = @()
$users = get-spuser -web $web -Limit All #added "-limit" since some webs may have large user lists.

# Loop through each of the users in the site
foreach($user in $users)
{
# Create an array that will be used to split the user name from the domain/membership provider
$a=@()
$displayname = $user.DisplayName
$userlogin = $user.UserLogin

if(($userlogin -like "$oldprovider*") -and ($objCSV.OldLogin -notcontains $userlogin))
{
# Separate the user name from the domain/membership provider
if($userlogin.Contains('|'))
{
$a = $userlogin.split("|")
$username = $a[1]

if($username.Contains('\'))
{
$a = $username.split("\")
$username = $a[1]
}
}
elseif($userlogin.Contains('\'))
{
$a = $userlogin.split("\")
$username = $a[1]
}

# Create the new username based on the given input
if ($user.IsDomainGroup) {
[string]$newalias = $newGroupProvider + $username
} else {
[string]$newalias = $newprovider + $username + $newsuffix
}


$objUser = "" | select OldLogin,NewLogin,SiteCollection
$objUser.OldLogin = $userLogin
$objUser.NewLogin = $newAlias
$objUser.SiteCollection = $site.Url

$objCSV += $objUser
}
}
}
$site.Dispose()
}

$objCSV | Export-Csv "$csvPath\MigrateUsers.csv" -NoTypeInformation -Force
}
#End
csv format is as below.
ADFS to onpremise
OldLoginNewLoginSiteCollection
i:05.t|adfs|explporetest@sp.comi:0#.w|domain\explporetesthttps://exploresharepointfeatures.sharepoint.com/sites/test

onpremise to ADFS
OldLoginNewLoginSiteCollection
i:0#.w|domain\explporetesti:05.t|adfs|explporetest@sp.comhttps://exploresharepointfeatures.sharepoint.com/sites/test