Forum Discussion

Sajith G H's avatar
Sajith G H
Brass Contributor
Oct 28, 2019

Active Directory security groups migration from SharePoint 2013 to SharePoint Online

Sites which has Active Directory security groups in their SharePoint permission groups cannot be migrated from SharePoint 2013 to SharePoint Online.   What are the alternative options for AD Securi...
SharePoint Online
sharepoint server
Trevor Seward's avatar
Trevor Seward
MVP
Oct 28, 2019
You should be able to replicate those security groups to Azure AD and migrate the site as-is.

You can use Azure AD Security groups, but keep in mind this will increase the burden on IT to manage them versus allowing specified site owners to manage their own access.
Sajith G H's avatar
Sajith G H
Brass Contributor
Oct 29, 2019

Trevor Seward 

 

When I did a migration from On Premise to SharePoint Online using the ShareGate Desktop Migration tool, these security groups did not added in the People and  Groups of SharePoint Online Site.

 

So the first step is  replicate the AD security groups to Azure AD. Then Migrate the site right.

 

  • Andrew Hodges's avatar
    Andrew Hodges
    Bronze Contributor
    Oct 29, 2019

    Hi Sajith G H ,

     

    Sharegate will not migrate AD groups but if the AD group exists and can be resolved in SharePoint Online it will add it as part of the migration.

     

    I am not expert on AD but when requested in the past the AD group needs to be in an Organisation Unit that is synced to Azure AD for this to work. 

     

    Hope that helps

     

    Andy

     

     

    • Sajith G H's avatar
      Sajith G H
      Brass Contributor
      Oct 30, 2019

      Andrew Hodges

       

      The following are the AD Security Groups in SharePoint 2013.Does the AD security group name will be the same in Azure AD or different ?

      BHC\domain users
      CORPH\bcn group
      CORPH\billing & network applications development
      CORPH\billing & network applications support
      CORPH\business analytics & automation development
      CORPH\business analytics & automation support
      CORPH\customer services development
      CORPH\customer services support
      CORPH\data centers & operations
      CORPH\domain users
      CORPH\enterprise systems
      CORPH\it security
      CORPH\service desk & desktop services
      NT AUTHORITY\authenticated users

       

      • Andrew Hodges's avatar
        Andrew Hodges
        Bronze Contributor
        Oct 30, 2019

        HiSajith G H ,

         

        The domain users and authenticated users don't exist in Office 365 so you will have to use other groups for this. There is a default permission group called "Everyone Except External users" but I am not a fan of using this because at some point it is likely that external users will be given an account such as IT support or contractors. It makes more sense to create an "All Company Users" Azure AD group and add everyone or all departments to that, although that is a fair bit of work if your AD is not up to scratch. 

         

        The rest I would have thought you would be able to sync to Azure AD and then use in the migration. 

         

        Hope that helps

         

        Andy

Resources