Microsoft SharePoint Online for Enterprises



Similar documents
Pipeliner CRM Phaenomena Guide Sales Pipeline Management Pipelinersales Inc.

Lab Answer Key for Module 6: Configuring and Managing Windows SharePoint Services 3.0. Table of Contents Lab 1: Configuring and Managing WSS 3.

UPGRADE. Upgrading Microsoft Dynamics Entrepreneur to Microsoft Dynamics NAV. Microsoft Dynamics Entrepreneur Solution.

Pipeliner CRM Phaenomena Guide Getting Started with Pipeliner Pipelinersales Inc.

Pipeliner CRM Phaenomena Guide Add-In for MS Outlook Pipelinersales Inc.

Pipeliner CRM Phaenomena Guide Administration & Setup Pipelinersales Inc.

Deciding When to Deploy Microsoft Windows SharePoint Services and Microsoft Office SharePoint Portal Server White Paper

CRM to Exchange Synchronization

Pipeliner CRM Phaenomena Guide Sales Target Tracking Pipelinersales Inc.

Lab Answer Key for Module 9: Active Directory Domain Services. Table of Contents Lab 1: Exploring Active Directory Domain Services 1

Pipeliner CRM Phaenomena Guide Opportunity Management Pipelinersales Inc.

CRM to Exchange Synchronization

Overview of Microsoft Office 365 Development

Microsoft Lync Server 2010

Microsoft Dynamics NAV

CRM to Exchange Synchronization

CRM Form to Web. Internet Lead Capture. Product Registration Instructions VERSION 1.0 DATE PREPARED: 1/1/2013

Solutions for Microsoft Project Server and Microsoft Dynamics GP Timesheet Integration

System Requirements for Microsoft Dynamics NAV 2013 R2

Redeploying Microsoft CRM 3.0

Windows Azure Pack Installation and Initial Configuration

Integrating Business Portal 3.0 with Microsoft Office SharePoint Portal Server 2003: A Natural Fit

Deploying the Workspace Application for Microsoft SharePoint Online

How to Secure a Groove Manager Web Site

Dell InTrust Preparing for Auditing Microsoft SQL Server

Personal Archiving in Exchange Online

How To Set Up A Load Balancer With Windows 2010 Outlook 2010 On A Server With A Webmux On A Windows Vista V (Windows V2) On A Network With A Server (Windows) On

Enable File and Folder Auditing

Microsoft Windows Server System White Paper

Test Lab Guide: Creating a Windows Azure AD and Windows Server AD Environment using Azure AD Sync

Integration Guide. SafeNet Authentication Service. Using SAS with Web Application Proxy. Technical Manual Template

Best Practices for an Active Directory Migration

BizTalk Server Business Activity Monitoring. Microsoft Corporation Published: April Abstract

MaaS360 Cloud Extender

The Project Management Software for Outlook, Web and Smartphone

Update and Installation Guide for Microsoft Management Reporter 2.0 Feature Pack 1

The 2007 R2 Version of Microsoft Office Communicator Mobile for Windows Mobile: Frequently Asked Questions

White Paper. Software version: 5.0

MaaS360 On-Premises Cloud Extender

Dell One Identity Cloud Access Manager How to Configure Microsoft Office 365

HOTPin Integration Guide: Microsoft Office 365 with Active Directory Federated Services

Google Apps Deployment Guide

Datacenter Management Optimization with Microsoft System Center

Quick Install Guide - Safe AutoLogon For First-time Users - Installing and Running the Software. Published: February 2013 Software version: 5.

Dell One Identity Cloud Access Manager How to Configure for SSO to SAP NetWeaver using SAML 2.0

Active Directory Provider User s Guide

Hands-On Lab: WSUS. Lab Manual Expediting WSUS Service for XP Embedded OS

Project management - integrated into Outlook

Dell One Identity Manager 7.0. Help Desk Module Administration Guide

Getting started with Microsoft SharePoint Server 2010

Special thanks to the following people for reviewing and providing invaluable feedback for this document: Joe Davies, Bill Mathers, Andreas Kjellman

Timesheet audit trail and absence reporting for DCAA. Syed Ali May 2014

Management Reporter Integration Guide for Microsoft Dynamics AX

Integration Guide. SafeNet Authentication Service. SAS Using RADIUS Protocol with Microsoft DirectAccess

Mod 2: User Management

EventTracker: Support to Non English Systems

Feature for India (Third-party invoice)

Migrating Exchange Server to Office 365

Security Explorer 9.5. User Guide

Published April Executive Summary

Lab 00: Configuring the Microsoft Lync Ignite Environment Cloud Hosted Version

Z-Term V4 Administration Guide

Writers: Joanne Hodgins, Omri Bahat, Morgan Oslake, and Matt Hollingsworth

SQL Server 2005 Reporting Services (SSRS)

Microsoft Office Communications Server 2007 R2

Configuration Guide. SafeNet Authentication Service. SAS Agent for Microsoft Outlook Web App. Technical Manual Template

ONE Mail Direct for Desktop Software

2.0. Quick Start Guide

Windows Server Update Services 3.0 SP2 Step By Step Guide

Microsoft Project Server 2010 Administrator's Guide

Administering Group Policy with Group Policy Management Console

File and Printer Sharing with Microsoft Windows

Veeam Backup & Replication. Version 8.0

Helm 4 Windows Event Viewer

AD RMS Step-by-Step Guide

ENHANCE. The Style Sheet Tool for Microsoft Dynamics NAV. Microsoft Dynamics NAV 5.0. User s Guide

Configuration Guide. SafeNet Authentication Service. SAS Agent for Microsoft Outlook Web Access 1.06

Support for Apple Mac and ios Devices

SQL Azure vs. SQL Server

MICROSOFT DYNAMICS CRM Roadmap. Release Preview Guide. Q Service Update. Updated: August, 2011

Veeam Backup & Replication. Version 7.0

Two-Factor Authentication

WINDOWS 7 & HOMEGROUP

Collaboration Technology Support Center Microsoft Collaboration Brief

Synchronization Agent Configuration Guide

Dell One Identity Quick Connect for Cloud Services 3.6.1

Experience Business Success Invest in Microsoft CRM Today

INTEGRATION GUIDE. General Radius Config

Hyper-V Server 2008 Setup and Configuration Tool Guide

HC DYNAMICS CRM MODULE SERVER CONFIGURATION. User Manual. Hosting Controller All Rights Reserved.

INTEGRATION GUIDE. DIGIPASS Authentication for Microsoft Exchange ActiveSync 2007

Integration Guide. SafeNet Authentication Service. Using SAS as an Identity Provider for Salesforce

Integration points: Project management and accounting and other Microsoft Dynamics AX 2012 modules

DIGIPASS Authentication for Windows Logon Getting Started Guide 1.1

Technical Brief for Windows Home Server Remote Access

Transcription:

Microsoft SharePoint Online for Enterprises Domain Migration Planning Template Published: October 2012

The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication. This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. 2012 Microsoft Corporation. All rights reserved. Microsoft, ActiveSync, Active Directory, Entourage, Forefront, Internet Explorer, Lync, Outlook, SharePoint, Windows, Windows Phone, Windows Mobile, Windows PowerShell, and Windows Vista are trademarks of the Microsoft group of companies. All other trademarks are property of their respective owners. 12.3 ii

Contents Chapter 1 Assessment... 1 section 1.1 Project Scope... 1 section 1.2 Migration Plan... 1 section 1.2.1 Tasks... 2 section 1.2.2 Domain List/Data Source... 2 section 1.2.3 Active Directory Trusts... 3 section 1.2.4 Current Environment... 3 Chapter 2 During Migration... 4 section 2.1 User Profiles and Active Directory... 4 section 2.1.1 Active Directory Design... 4 section 2.1.2 Active Directory Synchronization... 5 section 2.1.3 BCS Sync'd... 6 section 2.1.4 User Updated... 7 section 2.2 People... 7 section 2.2.1 Resolve Users... 7 Chapter 3 CR List... 8 Chapter 4 Reports... 9 section 4.1 Orphan Site Report... 9 section 4.2 Active Directory Groups... 9 section 4.3 Broken Inheritance... 9 Chapter 5 Schedule... 10 section 5.1 Active Directory Migration Schedule... 10 section 5.2 DMT Migration Schedule... 10 12.3 iii

Chapter 1 Assessment The purpose of this domain migration plan template is to identify and capture all the known facts regarding domain migrations for Microsoft SharePoint Online for enterprises dedicated plan customers. Based on known information and assumptions, this document is an attempt to identify steps required for a successful completion of domain migrations. Customers must use this template as the basis of a complete domain migration plan. The scope of this document is limited to remediation of user profile and permissions. Active Directory information captured and covered in this document is limited to what is required for the user profile and permission remediation. The purpose of completing this template is to ensure customers are protected from the known failure modes of SharePoint Online domain migration. Important This domain migration plan template must be completed and submitted for approval through the service delivery manager (SDM), along with the requisite configuration requests (CRs). The customer s domain migration plan must be approved by Microsoft before domain migration can occur. Before domain migration planning can begin, customers must read the SharePoint Online Domain Migration Policy, available to customers on the Customer Extranet site. section 1.1 Project Scope In this section, provide an executive summary of what this project is to achieve. What is the scope of the project? What are the business drivers? Include a project description. section 1.2 Migration Plan Insert a screen shot of the project plan here. Include all important dates, including Alpha Pilot, Pilot and production wave schedule. Phase Dates Main Characteristics Notes First Phase Test ` Alpha Pilot Pilot-1 1

Phase Dates Main Characteristics Notes Pilot-2 Wave-1 Second Phase (if applicable) Test Alpha Pilot Pilot-1 Pilot-2 Wave-1 section 1.2.1 Tasks The following table lists the tasks to be performed before, during, and after the migration. The scope of these tasks is limited to user migration in SharePoint Online only. The template below has examples of the required tasks. Task Order Task Owner Dependency 1 Prepare CR s Customer 2 Submit CR s Customer/SDM 4 Plan Active Directory migration waves Customer section 1.2.2 Domain List/Data Source Please list these details. Active Directory domains User profile data sources Domain synchronization Active Directory OU structure 2

Active Directory trust relationships User log on account/domain section 1.2.3 Active Directory Trusts Clearly define and illustrate the current trust relations in SharePoint Online. Also include the trust relationships planned. In certain scenarios, the customer will gradually decompose the existing trust once the migration is complete. Please include those as well. Divide this section into Current Scenario, During Migration, and Final Scenario. Scenario Trust relationship in SharePoint Online Current Scenario During Migration Final Scenario Please use a visual illustration to show various states of Active Directory trusts. section 1.2.4 Current Environment This section is important to the understanding of how domains are configured and designed. Details in this section help the customer identify how user profiles and authentication work in the current environment. Provide specifics of domain trusts and how SharePoint Online is configured to various domains. As a result of this section, you will able to answer these questions: Is sufficient trust is in place to authenticate a user? Is there a trust to a domain from the cloud, which would allow users to use login credentials that they should not be using once migration starts? Apart from Active Directory trust, you will also start collecting information on how your SharePoint Online environment is configured. If you are not sure how to get specific information, please contact the SDM. In most cases a service request (SR) is required. Typically, you will look for the following information: FIM filters in place (on your existing Active Directory connection) People Picker search custom filter OU scope that your current user profile connection crawls Any web application permission policy in place Any audience targeting to an Active Directory security group 3

Chapter 2 During Migration Based on the current Active Directory trust and user profile connection discovered above, what additional configuration will be needed during the transition? The following sections address the collection of detailed information for the following: Authentication User profiles Resolving users in People Picker FIM filters should be put in place People picker custom filter User profile property list and binding section 2.1 User Profiles and Active Directory Important For information about failure modes and remediation for handling user profiles during migrations, see the SharePoint Online Domain Migration Policy, available to customers on the Customer Extranet site. section 2.1.1 Active Directory Design In this section, describe how the user migration is managed and controlled in Active Directory. Include these specific details: 1. Migration method There are various methods that can be adopted in order to migrate users in Active Directory: o o o The user objects are copied into the target directory prior to their logon migration. The user objects are copied but disabled in the target domain prior to actual user logon migration. The user objects are not copied into target domain, but migrated along with their logon migration. Item User State Migration State Copy all user objects into Target domain User objects are copied to a different OU (rest) in the target (and are disabled / enabled) Pre-migration 4

Item User State Migration State User Logon migration Delete user in the source domain Users are moved from rest OU into the employee OU and are enables Users account is disabled or deleted in the source domain During migration Post migration 2. Extension attributes and other attributes Attribute Currently in all the domains Will be added / removed Manager Yes Deleted in target domain Awards No Added: To all the domain schema 3. Filter users: How will the SG groups be created to block and unblock users in old and new domains from accessing SharePoint Online? Specify the synchronization with relationship to the domain migration stages. Stage current During migration After Migration Block user in source domain Block user in destination domain section 2.1.2 Active Directory Synchronization Identify the user profile properties in this section that are being synchronized from the current Active Directory. This will help ensure that source Active Directory attribute schema and the target domain attribute schema are in sync. Note any additional attributes that are being included in the schema and that all the domains that are used to build user profiles during migration conform to the schema. User Profile properties Current Active Directory attr. Schema Source Active Directory attr. Schema 5

User Profile properties Current Active Directory attr. Schema Source Active Directory attr. Schema section 2.1.2.1 Account block/unblock activities When a user logs into SharePoint 2010, authentication is done by the Operation System and the IIS. Since there will be various trust relationships between domains, if users are not disabled in the source domain as they are migrated, in theory users can log into SharePoint using the old login (sign in as). If the domain migration tool (DMT) is executed for that user in SharePoint Online, the user will generally see an access denied error from the SharePoint authorization process. But the user will be served pages that have All authenticated user permissions defined. This may create confusion and an undesired user experience. If the DMT is not executed for the user in SharePoint Online, logging in using the new log-in will cause the DMT to fail for that user. Migration Stage Current During After Not Migrated user in Source Not Migrated user in target You can use a web application policy in combination with an Active Directory security group to deny access to SharePoint Online by placing users in the Active Directory security group. Please describe here how this is being addressed. section 2.1.3 BCS Sync'd Many organizations use a BCS layer to populate certain user profile properties. Please identify profile properties, if any. This may call for some remediation of BCS layer as the users are being migrated. LANID is almost always used as a primary key when using BCS to synch user profile properties. Ensure that backend attribute data source switches to the new LANID as users are being migrated. Information Yes / No Plan to remediate Do you use BCS to sync data in profile properties? Are you planning to modify you BCS solution for migrated users? 6

Information Yes / No Plan to remediate Are there any custom applications that may be using the BCS sync d data? section 2.1.4 User Updated Because user-updated properties are managed by the users and are stored in the profile database, when the user is migrated, these properties are lost. SharePoint builds new profiles. Depending on the number of user updateable properties and how critical they are, have a plan to automate populating these properties by leveraging the user profile service API. This is not a required step. But depending on the business requirement, include the decision and plan to handle the user-updated profile properties. Property Any change in the target domain Dependency if this not remediated section 2.2 People section 2.2.1 Resolve Users Since People Picker and user profile are two completely separate features, People Picker executes in real time against Active Directory. For this to work correctly, ensure that People Picker is configured to resolve users from the appropriate domain. Ensure that the new domains are reachable from the SharePoint Online data center. In this section, please list the FQDN s of domains that will now be used to resolve the users. FQDN list 7

Chapter 3 CR List Purpose (Jon Doe is migrated to newdomain) CR CR Number SharePoint Online template links New account profiles are not imported in SharePoint online farm before running DMT. After this CR is run, NewDomain\Jon Doe profile will be marked for deletion. 1. Standard CR: Update FIM Filter to exclude NewDomain\Jon Doe SPOD-10-143: Modify Forefront Identity Manager Filter To delete the users old profile after the domain migration, the customer must go to SPSites to manage user profile deletion. 1. Managed in SPSites. Below are the details on the user profile deletion in SPSites. 2010: Click Here for documentation 2013: Click Here for documentation If the user accesses a SharePoint Online site with new domain account, the migration will FAIL. These CRs are to ensure that NewDomain\Jon Doe CANNOT access any SharePoint Online sites. 2. Standard CR: update People Picker Filter to exclude NewDomain\Jon Doe (only be able to choose users in CURRENT domain) 3. Standard CR: implement a DENY ALL web application policy for SG that contains NewDomain\Jon Doe SPOD-10-135: People Picker Filter SPOD-10-023: Update User Policy for Web Application 8

Chapter 4 Reports section 4.1 Orphan Site Report Orphan sites are a failure scenario in SharePoint 2010. Submit the appropriate SR to get a report on users impacted by orphan sites (config orphan) and to clean up orphan sites. section 4.2 Active Directory Groups As of the writing of this document, DMT does not re-permission the security in SharePoint Online directly given to Active Directory groups. Describe the remediation in place to re-permission Active Directory groups in SharePoint Online. Typically this is a manual remediation. section 4.3 Broken Inheritance This is a POC/test scenario. Please perform adequate testing in the pre-production environment (PPE) to ensure the DMT tool is able to remediate the sub sites permissions that do not inherit permission from the parent. 9

Chapter 5 Schedule section 5.1 Active Directory Migration Schedule Phase Date User count Environment Test 10 On premises Alpha Pilot 10 Production Pilot-1 50 Production Pilot-2 50 Production Wave-1 1000 Production End Migration Production section 5.2 DMT Migration Schedule DMT execution Phase Date Max user count/dmt run DMT frequency per day Environment Test 10 On premises Alpha Pilot 10 Production Pilot-1 50 Production Pilot-2 50 Production Wave-1 1000 Production End Migration Production Note: The DMT can be schedule hourly and up to 1,000 user records/if the DMT is scheduled to run once a day, the.csv file can contain 10,000 user records. 10

11

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information