T2T Migrations – Relinking OneDrive for Business
In short, the user must unlink their OneDrive for Business client and relink it – but there will be remnants…
How smooth that is, depends on good upfront communications, the end-user IT maturity, when and how you decommission the users’ access to the source tenant data, and what their identity is set to in the target.
As yet, we have not come across a publicly available tool that a user can run that will fix / migrate their OneDrive for Business profile yet. We’re currently investigating writing a tool for this purpose. A potential automation option is listed at the bottom of this document.
Notes on unlinking OneDrive for Business
ALL business accounts are unlinked including any other organisations users may be connected as part of ongoing collaboration.
Any files that were set as “Always keep on this device” (locally available) will remain on the Workstation after unlinking. Meaning the user will inevitably have two copies of the same data when they link up OneDrive again. This could lead to the users’ working in the wrong files, or dragging the whole lot to their new OneDrive “just in case”
After unlinking, if they had been set as “Clear space” then they will disappear from the Workstation
Typical cutover event:
SMPT Domain Name: remove and re-add
OneDrive client updates UPN changes
If you are taking over the SMTP Domain name(s) and keeping those same UPNs in the target, then you will also be removing those values from users in the source and updating them with another UPN suffix, probably the MOERA value – email@example.com At least for a small time whilst you are in post-migration hyper-care period.
When you change a UPN in Office 365, OneDrive for Business client is aware of this and automatically updates itself to reflect this change and continues to work seamlessly for the user.
So before the users’ even get to the point where they will unlink and relink their OneDrive for Business Desktop App, ODfB will actually recognise that the source UPN has changed.
If you change a UPN look carefully you will see that the username settings have been updated in the App. (Just like the URL endpoint gets updated at some point)
Figure 1 UPN Change flows through
Business as usual right?
So on the Monday morning when the users come in, if they don’t immediately unlink their ODfB, and why would they it’s just sitting in the system tray looking normal so the users don’t believe there is anything to do, they will just continue to use the legacy OneDrive data.
If they double click the icon in the system tray etc or go to Windows Explorer they will open their normal cached local folder data. If they choose view online, it will work perfectly (in their eyes) but they will be taken back to the SOURCE tenant. Same on mobile devices.
For Mobile Devices we always recommend deleting the Outlook and OneDrive App completely and re-installing from the respective App Store
How to stop this (working as designed) behaviour?
Block Users is the best way.
Remove the Office 365 ODfB Licence
Well you can just remove the licenses, right? Well actually no. What we have seen is that once a user has ever been granted a SharePoint / OneDrive licence they can always get back to that data, assuming they were permissioned for it in the first place. The URL still exists for 30 days (and longer for lithold)
Change the password and block sign-on
Change the password and block the users is your best bet. The downside to this is that you will need to ensure that you are no longer syncing identities (as the blocked user and password details will flow unless you are doing some good attribute re-writes or filtering). Also, if you need / want users to have the ability to go back and check old data (a common workaround post migration), then you can’t.
Unlinking OneDrive for blocked users
Timing is everything.
If you block the user for sign in, BEFORE they unlink their OneDrive, then previously they could not actually get to the settings because they can’t actually load OneDrive.
This seems to have been resolved now though with later versions of OneDrive thankfully, otherwise an uninstall and reinstall was required.
So, you may have to time the blocking appropriately, if you
are to use this method.
We’re assuming here that the users will sign out of all Office Apps as well, like Word etc, and will be creating a new Outlook Profile. Ideally both of those things should happen first.
- Open Word and go to File \ Accounts and Sign Out
- Go to Windows Account Settings (Windows Key + I) \ Accounts \ Access work or school find your username and Disconnect
- There may be other Credential type clean-up activities
Unlinking ODfB is as easy as accessing the settings from the task bar. Right click, More, Settings
Once a user has successfully unlinked their account, their normally BLUE OneDrive folders remain and become normal YELLOW Windows Folders.
This is important if the user is taking over the same UPN otherwise the cached credentials from the previous log on and some other Registry information are attempted to be used.
Often it does not go well, and *CAN* you get into a kind of hybrid messed up state that is hard to recover from for the users because they can’t actually get logged on with those creds, and now they can’t unlink again.
This can require and uninstall and reinstall.
Re-Linking OneDrive for Business
Literally after rebooting the user should just be able to start OneDrive for Business in the normal way.
If they had a Personal OneDrive connected, then simply typing “OneDrive” from the start button will just take them to the personal area. In this case the users might need to right click the white personal OneDrive icon on the task bar, go to settings and add account to activate OneDrive for Business.
After unlinking and relinking
Jane Smith was previously logged into Blanco Nero organisation, and is migrated to Zwarte Witte.
Now you can see the new folder structure and the new organisation name in the Blue Folder for the migrated user “Jane Smith”.
On the cutover weekend her Mailbox and ODfB files were migrated to Zwarte Witte. On Monday morning she logged in, unlinked her OneDrive, rebooted and logged in with here firstname.lastname@example.org credentials.
Obviously the downside here is the remaining Yellow Folders from the previous Source tenant.
Users need to be sure to work in the NEW files and folders, not the old ones.
Ideally you really want to steer the users away from “dragging and dropping” “cut or copy / paste” these files into their migrated OneDrive, as that might literally double the size.
Right now though, that has to be delta with by comms.
Root Folder Name
You will probably know by now, or note that the bit after the OneDrive – is in fact your tenant Organisation name:
Interestingly a cheeky little fudge is that you can set the target tenant Organization Name to the identical one from the Source – assuming that is even possible. When you do this, and end users unlink and relink their ODfB client, then the folder data is merged.
Path of Least Resistance
Assign users new UPNs
Interestingly the path of least resistance and least chance of unexpected / unwanted behaviour is having your users assigned a brand-new identity (UPN) with a new password and the organisation name being completely different from the last.
Why? Because then
there is categorically no way of confusing legacy identity and data from new
data. The Workstation and cached
credentials don’t get in a pickle trying to connect to the legacy tenant with
legacy credentials. A new folder in
Explorer is presented and the reconfiguration that the end user has to do is
clear and straight forward and easily documented.
Potential Automation Options
You can delete the reg key “Business1” under Computer\HKEY_CURRENT_USER\Software\Microsoft\OneDrive\Accounts\
This has worked successfully on the few workstations where this has been tested. However this solution has had very limited testing, and we would strongly urge thorough testing before attempting to roll this out wide scale.
A logon script to run attrib.exe, kill OneDrive process, purge
these registry keys entries and then rename
folder to the new tenant organisation name on cutover so that the directories
merge could be possible.
Set all files and folders to Clear Space (online)
You can run the attrib command can set them all to either local or online.
Attrib.exe enables two core scenarios.
“attrib -U +P /S”
Makes a set of files or folders always available and
“attrib +U -P /S”
Makes a set of files or folders online only
- /S Processes matching files in the current folder and all subfolder
- /D Processes folders as well
- /L Work on the attributes of the Symbolic Link versus the target of the Symbolic Link
e.g. to set my whole OneDrive to NOT be on my local machine I can run
PS C:\Users\[myusername]\OneDrive - Nero Blanco IT Ltd> attrib.exe *.* +U -P /S /D /L