One of the wins for Office 365 customers who have OneDrive for Business included in their licensing is to migrate users’ personal files to OneDrive.
For files that are stored in home drives on traditional file servers, the reduction in server and storage costs is a benefit. For other personal files stored on local computers, moving the files to OneDrive so that they are safely stored in the cloud is also a benefit.
Generally speaking, OneDrive for Business works well for:
- “My documents” scenarios
- Simple sharing of documents between small groups of collaborators
- Storing data in the cloud where compliance and security can be enforced
- Syncing files to mobile computers and devices for working offline or remotely
The OneDrive sync client can also synchronize files from SharePoint libraries for offline access to team files. So having it configure and ready to go is useful to end users who travel or work in places with poor connectivity.
In this article I’m going to demonstrate a simple migration scenario for migrating home drives to OneDrive for Business. For the purposes of this demonstration the environment consists of:
- Office 365 E3 licensed users.
- Office 2016 (via Office 365 ProPlus) client installations on Windows 10 computers.
- The “Next Gen Sync Client” (NGSC), also generally referred to as OneDrive.exe, as opposed to the old Groove.exe sync client that has fewer features, slower performance, and less reliability.
- User home drives located on a file server
- Folder redirection for Documents and other well known folders to the home drives
Reviewing Home Drive Data
OneDrive for Business has some limitations for synchronizing files, which includes things like:
- Invalid characters in file names (e.g. *, :, ?)
- Specific strings of characters in file names (e.g. COM1)
- Specific strings in folder names
- Maximum of number of documents per library
- 15GB file size limit
- Files names or paths with more than 400 characters
Those limitations may change over time, so my list above could be out of date. You should always review the latest information on Microsoft’s support site. There’s a variety of other limits and user experience caveats to be aware of as well.
But for the file limitations, an analysis of the data your planning to migrate would be advisable. This could be as simple as a PowerShell script that recursively scans the file server to look for the issues above. If you qualify for FastTrack support from Microsoft, that service includes analysis and remediation as part of the process (and you can use them for the entire migration, so you don’t need to read this article at all if you don’t want to).
Reviewing OneDrive for Business Admin Settings
The OneDrive for Business Admin portal allows you to control a variety of settings for OneDrive users, such as whether they are able to share content external to the organization, sync with non-domain joined computers, how files can be used from mobile devices, DLP policies, and more. Before you proceed with your OneDrive migration, it’s worth reviewing the settings to make sure they align with your expectations and security policies.
For example, you might consider it necessary to disable sharing of SharePoint and OneDrive content with external users, or limit syncing of files to domain-joined computers only.
Configuring a Group Policy
OneDrive has a Group Policy template available from Microsoft. At one time the GPO template could be downloaded from Microsoft, but right now it is only available by navigating to the %localappdata%\Microsoft\OneDrive\BuildNumber\adm\ folder on a computer that has OneDrive installed. An up to date Windows 10 PC should be sufficient. It’s a bit awkward not being able to simply download the latest GPO directly from Microsoft. Perhaps in future they will add it back to the download center.
The OneDrive GPO can be used to set the default location for the OneDrive folder, among other useful settings. That particular setting, in combination with a standard folder redirection policy, is how I’ll be handling the migration in this environment.
The objective of the Group Policy is to:
- Create an environment variable representing the OneDrive sync location, so that the variable can be used in the Group Policy folder redirection settings. I’ve used Microsoft’s guidance here. The variable in this example is set to “%userprofile%\OneDrive – Exchange Server Pro”, matching the default path that OneDrive will sync to on the local PC.
- Create a new folder in the %OneDriveSync% location. This can be achieved with a Group Policy preference.
- Preventing users from choosing a different OneDrive location on the user’s computer. In previous versions of the GPO template this requires editing the Group Policy template (ADMX file) in the Central Store with your tenant ID. Now the setting can be configured through the Group Policy Management console instead.
- Apply a new folder redirection policy that directs Documents and other folders to the %OneDriveSync% location instead of the home drive on the file server (the policy will move existing files as well).
When you create a policy and look at the OneDrive settings, nothing is configured by default.
To prevent users from changing the location of their OneDrive, you need to know the tenant ID for your Office 365 tenant. To retrieve your tenant ID, connect to Azure AD with PowerShell and run the Get-AzureADTenantDetail cmdlet.
PS C:\> Connect-AzureAD Account Environment TenantId TenantDomain AccountType ------- ----------- -------- ------------ ----------- admin@exchangeserver... AzureCloud 2b9bca49-687e-4e5f-8... exchangeserverpro.net User PS C:\> Get-AzureADTenantDetail ObjectId DisplayName VerifiedDomain -------- ----------- -------------- 2b9bca49-687e-4e5f-8a52-21350b719b06 Exchange Server Pro exchangeserverpro.net
Once you have the tenant ID you can configure the GPO to prevent users changing the OneDrive sync location on their local PC. Add one or more tenant IDs, and set the value to 1 to prevent the sync location from being changed.
For this environment I’ve placed the OneDrive GPO as a higher priority than the existing folder redirection GPO. I’ve also scoped the OneDrive GPO only to members of the “OneDrive for Business Users” security group, and denied the “Apply” permission for the previous folder redirection GPO for the “OneDrive for Business Users” group. Note that after removing Authenticated Users from the scope of the new policy, you then need to go to the Delegation tab and delegate the “Read” permission for the GPO to Authenticated Users, or you may find it does not process at all.
So in effect this all means I can roll out OneDrive to users by adding them to that security group. There is also some end user communication involved in the whole process. You’ll want to make sure your users are expecting the change so there’s no surprises or confusion.
Something to be aware of is that the folder redirection will overwrite any existing data in the destination location that has the same file name and path. If any of your users have already begun using OneDrive and storing files, you should manually deal with those to avoid conflicts. You can find active OneDrive users in the usage reports in the Office 365 admin portal.
Configuring the OneDrive for Business Sync Client
After the GPO has applied, when the user signs in to OneDrive, it will begin syncing that existing data in the local path to the cloud. For environments without any SCCM or other systems in place to initiate a program running in the context of the user, a workaround is to email the user a link to odopen://, which will trigger the OneDrive client to launch. Since you likely want to send them some login instructions and other general adoption advice for OneDrive, you can simply bundle all that up into a single email.
When the user opens OneDrive they’ll be able to walk through the setup process. You should ensure that the instructions you provide are clear about what they should do at each step of the initial configuration wizard.
Monitoring the Deployment
The initial synchronization of files to OneDrive may have a detrimental impact on your network performance. Monitor your network utilization so that you don’t roll out too many users simultaneously.
You can continue to use the OneDrive usage reports in the Office 365 admin portal to track the adoption of OneDrive by your users.
It’s also possible to quickly pull a report of OneDrive usage by using PowerShell.
PS C:\> Connect-SPOService -Url https://exchangeserverpro-admin.sharepoint.com PS C:\> Connect-MsolService PS C:\> $urlbase = "https://exchangeserverpro-my.sharepoint.com/personal/" PS C:\> $users = Get-MsolUser -All | Where {$_.IsLicensed -eq $true} PS C:\> $odusage = $users | Foreach-Object {Get-SPOSite ($($urlbase)+$($_.UserPrincipalName.Replace(".","_"))).Replace("@","_") | Select Owner,StorageUsageCurrent} PS C:\> $odusage Owner StorageUsageCurrent ----- ------------------- tom.jarvis@exchangeserverpro.net 1 alannah.shaw@exchangeserverpro.net 1 john.dorey@exchangeserverpro.net 1 admin@exchangeserverpro.onmicrosoft.com 1 jane.tulley@exchangeserverpro.net 278 mike.ryan@exchangeserverpro.net 130 dave.bedrat@exchangeserverpro.net 1
Completing the Migration
Once you’re satisfied that user home drives have been migrated to OneDrive for Business, you can do a scan of your file server to confirm that the home drives for users are empty, and then start decommissioning those shares so that the storage can be reclaimed. For any users who have not logged on and completed their migration you can manually assist them, or back up their home drive files elsewhere, or even upload the files to their OneDrive in the cloud yourself so that they’re waiting for initial sync to the client.
If you haven’t yet started the migration process, the Email Migration to Office 365 white paper will be essential reading. Download your free copy to learn how to overcome unforeseen obstacles.
Pingback: Migração para o Office 365: Parte 06 - Conceitos sobre uso de arquivos no Office 365
Question about the GPO – did you create one GPO for user setting and one for PC settings? Or did you do one for both? Assign GPO to PC OU and then Users OU? I am having little issues with getting users GPO to populate for testing on user. I can get the PC settings to populate.
For the PC GPO – i have it set for security filtering for 2 testing computer and the GPO linked to Testing OU (for pcs) – The computers pick it up.
For User GPO – I have it set for security filtering – test user – and the GPO linked to another testing OU (for users) – this is where the GPO does not seem to get picked up.
Oi.
Gostaria de configurar as politicas de uma só vez pelo gerenciador de politicas de grupos do AD, onde ja temos todas as politicas da organização. A forma de usar, por exemplo, a politica que restringe configurar conta particular apenas fazendo esta configuração em cada computador? Pois só visualizo esta opção quando edito as politicas localmente, no servidor, não mostra esta opção.
Hi
How to configure policies at one time by the AD Group Policy Manager, where all the organization’s policies already exist, a way to use, for example, a policy that restricts setting up a specific account by making this setting on each computer? this option is only when edited as Local Policy, on the server it does not display this option.
HEy Paul I read this thread and I am in the early stages of doing User home folders to One Drive for biz. However I didnt see how you actually got the data to the cloud. I dont want to leave this part up to the user and I want to sync all the data and force a cut off date.
I am trying to figure out how you are able to redirect the user’s file server based home folder data to OneDrive. This example just syncs the local default documents folder under the profile. I need to be able to migrate the user’s file server based home folder data to OneDrive using this method above.
Hi Paul!
We use ADFS and AADConnect with O365 E3. I was trying to deploy OD4B using GPO to a test OU. I customized the GPO to redirect the folders, use our Tenant ID, etc, and ensured the GPO applied in GPresult; however, the folder redirection would not occur. O365 support said the GPO can’t work for us because we don’t use ‘SSO’, because we still log into our O365 portal while on our internal domain. I’m assuming it means we should use Azure AD. Thoughts?
Hi.. I have plan to migrate 3k users from home drive to one Drive soon. can someone please suggest me best tool for this.
Also looking for a tool for my company for the migration. Is there away to migrate from the network share strait to their Onedrive ? Because some of our computers don’t have enough space on the disk for the move to network drive to local PC to then sync to the cloud. We would utilise the one demand feature of Onedrive
Hi Paul,
So we are getting ready to do this same migration process and one thing I was curious about was if the metadata that exists currently in the homedrives data carries over with the GPO/Sync migration or if file creation and modify dates will be changed to the date of sync?
Thanks
One additional question, is this process assuming that we already have folder redirection happening from Documents to the HomeDrives cause we currently do not have that setup. I do not see any reference to the actual DFS File Share location. Sorry if I’m a totally missing something.
Thanks
“For environments without any SCCM or other systems in place to initiate a program running in the context of the user, a workaround is to email the user a link to odopen://, which will trigger the OneDrive client to launch. ”
I have SCCM. Any guidance on how to automate the initial sign-in to ODfB short of the odopen links?
I’m having good luck with Group Policy on Windows 10 but my organization still has a lot of Windows 7. I’d like to automate those users initial experience as well.
No tricks up my sleeve, sorry. I manage zero Windows 7 boxes now.
use robocopy..GREAT APP
use robocopy…..n a situation where Documents is currently redirected to a network drive, this redirection policy would MOVE items OFF the server to the local ODB folder? THEN when the customer signs in to OneDrive the sync process would start up.
Hi Paul,
Can you redirect my documents to one drive using Azure and Intune? Since GPO are not that easy to do using Intune and AAD?
We don’t have any on prem AD and use AAD and Office365 + Intune
Azure AD doesn’t have a GPO equivalent feature yet, but with Intune you can run PowerShell scripts, so you could use a script to manage the redirection/registry settings.
https://docs.microsoft.com/en-us/intune/intune-management-extension
Hi Paul, I followed your process and once I setup the client on an initial machine it worked as intended…however when I attempted to duplicate the process to simulate a new machine install, the GPO created the initial folder, and then when you ran the OneDrive for Business setup, it actually ignored the existing folder and created it’s own copy with “1” on the end…which in turn doesn’t match up the GPO for Folder redirection.
I am wondering how you got around that with your automated process of setting this up and adding users 1 by 1 with an email for setting up the OneDrive for Business client?
Have not seen that problem, but perhaps the issue is the permissions on that GPO-created folder.
It seems my issue was originally leaving out the item level targeting…this ensures the folder redirection isn’t setup until the proper sync folder is created by the tool.
In a situation where Documents is currently redirected to a network drive, this redirection policy would MOVE items OFF the server to the local ODB folder? THEN when the customer signs in to OneDrive the sync process would start up.
You have the option when setting the group policy folder redirection settings. You can move existing data to the new location, or not. If you move the data automatically then yes, the data will be moved to the local PC where it will then sync to the cloud.
Pingback: Does OneDrive for Business Prevent Ransomware Attacks?
In this example, the home directories on the network were decommissioned but is there still a local copy in OneDrive folder in the user profile that syncs up to OneDrive? My goal is to not use sync at all and redirect straight to OneDrive.
Not going to be possible I think. Group Policy can’t redirect a folder to OneDrive in the cloud. And the OneDrive client is a sync client.
it can but i’m not sure if you always need a 3rd party. We use a 3rd party (IAMCLOUD) but i was talking to another company and their solution uses WebDAV in the redirection policy, they said.
i know IAMCLOUD works.
You forgot to add this:
From: https://support.office.com/en-us/article/Redirect-known-folders-to-OneDrive-for-Business-e1b3963c-7c6c-4694-9f2f-fb8005d9ef12
We’ll use item-level targeting in this environment variable to prevent folders from being redirected until the folder has been created by the sync client.
To create an environment variable for the OneDrive folder
In your domain Group Policy editor, under User Configuration\Preferences\Windows Settings, right-click Environment, click New, and then click Environment Variable.
In the Name box, type OneDriveSync.
In the Value box, type %userprofile%\.
is the name of your default folder. For example, OneDrive – Contoso .
On the Common tab, select the Item-level targeting check box, and then click Targeting.
In the Targeting Editor, click New Item, and then click File Match.
Choose Folder exists from the Match type drop down list.
In the Path box, type %userprofile%\ (the same path that you used in step 3).
Click OK.
Click OK.
I am following https://support.office.com/en-us/article/Upload-on-premises-content-to-SharePoint-Online-555049c6-15ef-45a6-9a1f-a1ef673b867c?ui=en-US&rs=en-US&ad=US#step1installshell. l and am trying to figure out how to do this for multiple users at once. Is that even possible or do I have to create a job for each user?
Im working on this for 180k users globally. There are few other points to mention as well. Folder redirection is interesting option to pre-populate ODB cache and save on initial synchronization. Which of course depends on average size og Home drives but they are usualy are not small.
For completnes I would like to mention the O365 Adoptation Dashboard on powerBI which is great tool for post migration activities like gamification and management reporting https://blogs.office.com/2016/10/10/announcing-the-preview-of-the-office-365-adoption-content-pack-in-power-bi/
Thanks Paul. I’m planning migrating home directories right now so this is really timely and helpful.
One thing we have noticed preservation policy will occupy the storage space of one drive so if we enable preservation policy for the e-discovery then the users will have less quota then actual number
more over it has view limit and version enabled for all the documents. until this issue resolved one drive cannot replace network drive.
Hi
very interesting
do you mean “legal hold”?