Showing posts with label Sharegate. Show all posts
Showing posts with label Sharegate. Show all posts

Saturday 15 December 2018

ShareGate User Migration Gotcha

Problem:  Migrated an Extranet site with a large user base, and multiple users have the same name.  When a user is removed from AD, and running migration to the new farm, the AD automatically picks a different user and gives them the user that lefts permissions.

Example:
John Smith (john.smith@contoso.com) has been added to a site collection.
John Smith (@contoso) is removed from AD but still exists in the site collection permissions.
Ran Sharegate to move the content including user permissions to a new farm.
John Smith is added to the same SharePoint groups however, it has added john_smith@clientA.com

Initial Hypothesis: Sharegate tries to resolve the user and is incorrectly resolving the user's name and not the name in AD.  As the user has left the firm, the other user is being resolved and we end up with permission inconsistency.

I got this reply from Sharegate and can see that my issue happens at step 8.

"How Sharegate resolves users from the source to the destination"

"We look at the whole account name available, for matches to users at the destination through the SharePoint people picker.
Once we have a list of potential matches for your user, we go through the list of values below (in the specified order). We consider the account a match when we find the same values for one of these properties:
1.    Exact same account name
2.    Same normalized account name (without claims header)
3.    Same login and domain
4.    Same login
5.    Same login and domain (source login read from display name - this can happen when importing from file system because the account name is set as the display name)
6.    Same login (source login read from display name - this can happen when importing from file system because the account name is set as the display name)
7.    Same email address
8.    Same display name

9.    PrincipalType is not set or is a Security Group and same display name without domain"

Somewhat related:
https://sharegate.com/blog/unresolved-user-when-preserving-created-modified-sharepoint-migration