Forum Discussion

Unnie's avatar
Unnie
Iron Contributor
Dec 12, 2016

SharePoint Extranet & intranet migration to SPO

I am trying to understand the possible appraches I can take for migrating my company's extranet & intranet  to SharePoint online. Below are some keys facts about existing extranet:   1. Identity p...
SharePoint Online
Fromelard's avatar
Fromelard
Iron Contributor
Jun 14, 2018

Dear all,
We had the same challenge internally to migrate around 3000 On Premise SharePoint Site collections dispatched across 17 SP2007 farms.

In those farm one was dedicated to Extranet usage with Extranet dedicated AD (B2B domain) joined to our internal AD forest.

We evaluated the 2 options you specified and the second case is too complex to manage at the end, so we decided to migrate all the site collections (excluding the non used) to only one Tenant URL https://xxx.sharepoint.com

To separate the 2 kind of sites we created a dedicated masterpage (oslo based) with horizontal menu focused on the Doc Library for the Extranet and the standard for the Intranet sites. We also defined a clear naming convention for the Site Collection URL similar to:
- Intranet = https://xxx.sharepoint.com/sites/[geoscope]-[businessorFunction]-[ShortSiteName]
- Extranet = https://xxx.sharepoint.com/sites/ext-[geoscope]-[businessorFunction]-[ShortSiteName]

Finally we used the Sharegate tool with a mapping XML file (based on a created script) for the Users accounts to migrate all the sites to SPO and the Extranet sites was migrated without the External user accounts
After the migration, the site owners had to invite the External user via the standard external Sharing process (mapped to MS Identity).
If you need technical details, feel free to contact me

Fab

PS1: This MS identity invitation process also help us to prepare the GPDR process because we gave back the Identity ownership to the invited external user, we don't maintain anymore the external user password or account for SharePoint Online

PS2: That also help us to switch some intranet site to extranet site without big technical issue, we only have to enable the External Sharing option for the site collection. By default, all the created site are Intranet mode with external sharing disable

PS3: the migration project required us for this volume around 1 year of work, so it's possible to and except few number of case, no big issue observed. The main challenge is the SPlist with huge number of items (more than 20'000), and you have to detect that before the migration execution.

Unnie's avatar
Unnie
Iron Contributor
Jun 14, 2018
Thanks for sharing these info. Did you have any issue with people picker? Did the external users end up in people picker for internal sites, since they are in the same AAD?
  • Fromelard's avatar
    Fromelard
    Iron Contributor
    Jun 14, 2018

    There is only one AAD in our case, but when you invite an external user, the system will create a mapped user into your internal AAD pointing the MS Identity system he/she used.

    You can filter that when you go into the AAD portal and select the GUEST user type.

     

    So the people Picker is using that AAD list as source when you add someone into and work quite well.

    The main issue observed is related with the invitation sent to someone "USERA" who (for any personal reason) decided to transfer the invitation email to someone else "USERB" (his/her assistant, colleague, …), that will create a mapping into the AAD and SharePoint with a name displayed with "USERA" but with the USERB email address.

     

    That create a mess internally and we have many support case related to that cleanup task, because the only solution is to remove totally that account from our SharePoint and AAD.

     

    I detailed that case issue here (in French):

     - http://blogs.developpeur.org/fabrice69/archive/2018/05/11/office-365-comment-supprimer-un-compte-externe-d-un-site-sharepoint-online-en-mode-extranet.aspx

     

    Fab

     

    • Unnie's avatar
      Unnie
      Iron Contributor
      Jun 14, 2018
      You can prevent USERA transfer invites to USERB , by enabling the setting "External users must accept sharing invitations using the same account that the invitations were sent to" . But coming back to my question regarding people picker. Since you have a single tenant , all external users will be present in your AAD as Guest accounts. So, these users will end up in people picker of the internal sites as well. How did you solve this problem? Since in my case external users are like 50k+ , so finding some common name users will be tricky as there can be multiple people with the same names. Yes, it does show the email in the people picker , but did you find any solution to avoid showing the external users in internal site people picker?
      • Fromelard's avatar
        Fromelard
        Iron Contributor
        Jun 14, 2018

        This is a real good question, and to be honest I did not evaluate that question.

        I never took attention for that people picker question in Intranet site calling the Guest accounts

         

        But for your question I tested our case to call someone in our AAD from an Intranet site and that is not working

         

        So did you observed that issue or it's only a risk you imagine to have ?

         

        Fab

Resources