Web Application Authentication Providers.
-
Only Web applications with Windows Authentication, Integrated Windows authentication with NTLM enabled can be migrated. This can be checked by doing the following :
- Login to SharePoint ‘Central Administration’
- Click on ‘Application Management’ and then 'Manage web applications'
- Select the web application from the list and click on 'Authentication Providers'
- Click on 'Default' under the 'Zone' header
-
Both 'Enable Windows Authentication' and 'Integrated Windows authentication' should be checked.
-
Enabling Windows Authentication with Integrated Windows Authentication
NOTE : When enabling multiple authentication providers for a web application end users will be presented with the following screen. If you prefer the user's login experience not to change then you will need to extend the web application.
- Login to SharePoint ‘Central Administration’
- Click on ‘Application Management’ and then 'Manage web applications'
- Select the web application from the list and click on 'Authentication Providers'
- Click on 'Default' under the 'Zone' header and check the box next to 'Enable Windows Authentication' and the box next to 'Integrated Windows authentication'
- Click 'Save'
-
Extending existing web application
In the following example the web application to be extended url is 'http://sp-2016:10515' and only uses 'Claims Authentication Types > Enable Forms Based Authentication (FBA)'. This will be extended to 'Claims Authentication Types > Enable Windows Authentication > Integrated Windows Authentication > NTLM' with the following url 'http://SP-2016:48113'.
When populating the 'User/Resources' tab in CloudM Migrate any site collection that resides under 'http:sp2016:10515' will need to be added with 'http://SP-2016:48113' eg 'http:sp2016:10515/site name' would be 'http://SP-2016:48113/site name'
- Login to SharePoint ‘Central Administration’
- Click on ‘Application Management’ and then 'Manage web applications'
- Select the web application to be extended.
- Select 'Create a new IIS Site' and populate the 'Name' with a descriptive title. In this example 'My Sites Extended' and check boxes next to 'Enable Windows Authentication' and 'Integrated Windows Authentication', scroll to the bottom and select 'Custom' for the 'Zone'. As an additional option you can add host header if required otherwise this can be left empty.
- Scroll to the bottom of the dialog box and make a note of the url. This Url will be required to migrate sites from this web application
- Click 'OK'. This will now create an additional IIS website with the required authentication setup. More information can be found here Extend claims-based web applications in SharePoint 2016.
Site Collection Access
Before 'Adding a Policy for a Web Application' you should consult your SharePoint administrator and review any implications for this change.
In order to access data in SharePoint (Team Sites or My Sites/OneDrive) the account configured in CloudM Migrate must be able to access the site collection being migrated. This can be accomplished three ways and is recommended that your consult your SharePoint Administrator :
- Adding a Policy for a Web Application
- Manually adding site collection administrators to each site collection
Adding a Policy for a Web Application
- Login to SharePoint ‘Central Administration’
- Click ‘Application Management > Manage web applications’
- Select the web application from the list and click 'User Policy'
- Select '(All zones)' if not already select from the dropdown and click 'Next >'.
- Enter the administrative user that will be used in CloudM Migrate and check 'Full Control - Has full control' and click 'Finish'
Manually Add Site Collection Administrator
- Login to SharePoint ‘Central Administration’
- Click on ‘Application Management’ and then ‘Change site collection administrators’
- Add the account to the ‘Secondary site collection administrator’ and then click ‘OK’
- To change site collection click on the arrow to the right of ‘Site Collection’ and then ‘Change Site Collection’
- Select the site collection and click ‘OK’ and follow step' c' to add ‘Secondary site collection administrator’
Add Site Collection Administrator using PowerShell
-
- The following script will need to be ran on the SharePoint server with administrative rights to SharePoint. The script will generate a .csv file containing the url each site.
-
Specify a location for outputted .csv file by populating $saveSites or leaving the default 'c:\\sites.csv'
-
-
Review the .csv file and remove any sites you do want to update with the site collection administrator. Populate the following :
-
$userId - SharePoint administrator UserId of the user entered in the CloudM Migrate e.g. "contoso\cloudmmigrate"
-
$userEmail - email address associated to the UserId entered above e.g. "cloudmmigrate@contoso.com"
-
$userName - name of the user e.g."cloudmmigrate"
-
$removeAdmin - remove the above user from specified site collections default "N"
-
$savedSites - location of the file specified in step 1;
-
- The following script will need to be ran on the SharePoint server with administrative rights to SharePoint. The script will generate a .csv file containing the url each site.
Where to find Team Sites Url
-
Login to SharePoint ‘Central Administration’
-
Click on ‘Application Management’ and then ‘View all site collections’ select the web application that contains the sites you would like to migrate. Make a note of the web application as this will be required for the ‘Team Site Url’ in CloudM Migrate.
Where to find My Sites Url
-
-
Login to SharePoint ‘Central Administration’
-
Click on ‘Application Management’ and then ‘Manage Service Applications’’
-
Click on ‘User Profile Service Application’
-
Click ‘Setup My Sites’ under ‘My Site Settings’
-
Make a note of ‘My Site Host location’ as this will be required for ‘My Site Url’ setting in CloudM Migrate.
-
User Profile Service Application
-
SharePoint 2010/2013/2016 may require this extra step. To allow CloudM Migrate to get users with ‘My Sites’ the account entered in ‘Account Details’ requires the following permissions.
-
Login to SharePoint ‘Central Administration’
-
Click on ‘Application Management’ and then ‘Manage Service Applications’’
-
Click to the right ‘User Profile Service Application’ so the row is selected and the menu ‘Administrators’ menu option is enabled.
-
Click on ‘Administrators’ add the account you will be using to perform the migration if the account is not already present.
Generating the Team Sites list
- The 'Central Administration Url' is required for generating a list of Team Sites/Subsites and the details entered in the 'Admin Details' section will need to be an administrator.
-
To generate a list of all Team Sites and Subsites the account in the 'Admin Details' should have already been added as a site collection administrator or given access to each site to be migrated.