ShareGate : Create user mapping file

 User mapping file is essential for migrating user permissions. OneDrive and SharePoint sites can migrate the user permissions, as long as the users are present in both tenants. Below is the script which can be used to create the user mapping file (.sgum). 

• Create a CVS file with two columns, SourceValue and DestinationValue
• Add the user UPNs and save the file
• Change the $csvFile variable to point to your CSV file
• Run the script and get the out file from "C:\Temp\"

import-Module Sharegate

$csvFile = "C:\Temp\usrprmmapping.csv"

$table = Import-CSV $csvFile -Delimiter ","

$mappingSettings = New-MappingSettings

foreach ($row in $table) {

    $results = Set-UserAndGroupMapping -MappingSettings $mappingSettings -Source $row.SourceValue -Destination $row.DestinationValue

    $row.sourcevalue

}

Export-UserAndGroupMapping -MappingSettings $mappingSettings -Path "C:\Temp\usermappingfile"

Restore OneDrive Site

Once a user leaves the organization and the user Id is deactivated, the user OneDrive site is deleted after the retention days are over. However, after the OneDrive site is deleted, the site remains in the recycle bin for 93 days. This recycle bin isn't accessible (as of June 1st 2022) from the UI. So, Microsoft has provided PowerShell capability to restore the OneDrive site.

1. Connect-SPOService - Connect to the SharePoint Online service using your admin center URL
2. Get-SPODeletedSite -Identity {OneDrive Site URL} - This should list the number of days left before the site is permanently deleted. If this doesn't return anything, that means the site isn't deleted.
3. Restore-SPODeletedSite -Identity {OneDrive Site URL} - The cmdlet will restore the Deleted OneDrive site
4.  Set-SPOUser -Site {OneDrive Site URL} -LoginName {UPN of the user needs access} -IsSiteCollectionAdmin $True - This is optional. In case you/someone needs admin access to the OneDrive site
5. Disconnect-SPOService - to close the open connection

Restrict creation of New SharePoint 2013 Workflows in your tenant

Microsoft is planning to deprecate SharePoint 2013 Workflows. The dates aren't finalized yet, however, Microsoft has introduced new parameter for SharePoint Online to disable creation of new SharePoint 2013 workflows. The existing workflows can continue to run and be modified even after this tenant setting is enabled. This will help organizations to reduce/limit their scope of creating workflows using SP Designer 2013.

Spoiler :) - You must be on 16.0.21610.12000 for Microsoft.Online.SharePoint.PowerShell module.

Step1 : Connect-SPOService 

Provide your SharePoint admin URL and SP admin ID/Password to connect to the tenant

Step2: Get-SPOTenant

You should see StopNew2013Workflows as FALSE

Step3: Set-SPOTenant -StopNew2013Workflows $TRUE

This final step will change the status of StopNew2013Workflows to TRUE. Now on your existing SP 2013 workflows will work, can be edited but new workflows cannot be created.

Test Case:

If you try to create a new SP 2013 workflow, while publishing the workflow you should see an error like below.

Azure Storage Container - Get blob/file names using PowerShell

We often create Azure storage containers to store files. These files could be for importing to your Office 365 blob or anything else. Below is a script that will help you generate the names of all files in your container. What you need to provide is the storage account name, container name and sas token of the container.

Connect-AzAccount
$StorageAccountName = 'o365'
$ContainerName = 'dev'
# Creates a storage context
$sasToken = 'Paste SAS token URL here'
$StorageContext = New-AzStorageContext $StorageAccountName -SasToken $sasToken
#listing the file names
$fileNames = Get-AzStorageBlob -Container $ContainerName -Context $StorageContext | select Name
$fileNames | out-file "D:\Raj\Log\FileNames.txt"
Disconnect-AzAccount

OneDrive for Business - Issues and Fix

I have recently completed OneDrive to OneDrive migration and during the migration, there were several issues which I have encountered. I am trying to put together some of them below.

1. Error Code: 0x8004deb4 : There was a problem signing you in. Login was either interrupted or unsuccessful. Please try logging in again. (Error Code: 0x8004deb4)

      

          Solution :

1. Click on run > regedit
2. Navigate to HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive
3. Search for EnableADAL key. If the key is available and the value isn’t 00000002, change it to 00000002.
4. In the case that it is unavailable, create a new DWORD(32-bit value) and set the value to 00000002
5. Close the registry and restart the laptop.

2. Error Code: 0x8004deea : 

1. Click on start Menu > Run
2. Type Regedit > Enter 
3. Navigate to Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\OneDrive|AllowTenantList and Search for your tenant ID. 
4. If the tenant ID isn't available, create a new DWORD key and add your O365 tenant id.
5. The change requires admin rights in the system and post addition, run the below steps.
6. Go to command prompt and run Gpupdate /force
7. Restart the machine.

3. Error Code: 0x8004deef

     The error code appears in the OneDrive client while logging in when OneDrive site isn't provisioned for the user. Please navigate to SharePoint user profile and check if the user has OneDrive site. If there isn't, provision OneDrive for the user.

4. Restrict OneDrive Personal Sync in your organization 

    Many organization do not realize that Microsoft offers OneDrive personal with Microsoft accounts and it is free up to 5 Gb. Users using OneDrive personal can sync their OneDrive personal data in organization devices and legal/security doesn't like that. To prevent OneDrive personal from syncing, we have to add a registry key. Navigate to the below and add a new key DisablePersonalSync and add value 1. 

To add the key in all machines, you need to take help from your SCCM team to update the registry using GPO.

Computer\HKEY_CURRENT_USER\Software\Policies\Microsoft\OneDrive

5. Error code : 0x8004de69

     - Pause syncing the OneDrive

     - Close the OneDrive

     - Navigate to Control Panel -> Credential Manager -> Windows Credentials and delete all Generic Credentials containing OneDrive

     - Navigate to OneDrive website

     - Click Sync - this will open OneDrive in Windows and should resolve the issue

eDiscovery - Put mailboxes On Litigation Hold using PowerShell Script

O365 administrators can use GUI to put SharePoint sites, ODB, mailbox on litigation hold. Microsoft eDiscovery UI helps admins to create a Case and apply Hold to mailboxes. However, there are PowerShell scripts available to put mailboxes On Litigation Hold and you do not need to create Cases for it. 

Below is how we do that  -

1. Connect to Exchange Online

$UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
Import-PSSession $Session –DisableNameChecking

2. Check Litigation Status of the mailbox

Get-Mailbox -identity rajdeepc@onmicrosoft.com |fl Identity, LitigationHold*

3. Put the mailbox on hold

Set-Mailbox -identity rajdeepc@onmicrosoft.com -LitigationHoldEnabled $true

4. (Optional) Use the content search to get collection for your legal team

5. Release the mailbox if it is not needed to be On Litigation Hold

Set-Mailbox -identity rajdeepc@onmicrosoft.com -LitigationHoldEnabled $false

6. Disconnect the session (Must do to ensure the session is not occupied)

Remove-PSSession $Session