Author Archives: rcheing

Introduction to Sharegate and Sharepoint My Sites Migration

I recently had the opportunity to design and implement two Sharepoint migrations.  One was from Sharepoint 3.0 to Office 365 and the other was Sharepoint 2003 to Sharepoint 2013.

For the original project (WSS 3.0 – O365), we originally chose the Dell Sharepoint Migration Suite, however, I encountered a lot of issues with it, mainly the fact that I was having difficulty migrating data because it was very inconsistent, some of it was there and some of it was missing.

In the end, I opted to use a tool called “Sharegate” and I had such good experience with it, that I wanted to write a whole post dedicated to it.  Sharegate’s main feature is the Migrating Tool, but it does include a Sharepoint Management application that can report on anything that you could think of in a customer’s environment.  Need a report for files a certain size?  Got that.  Need a report to audit site collection permissions?  Got that too  Need a report to list the content of every site collection and subsites?  Check that one off too.  It even has a nice tool to find obsolete permissions in your environment and automatically clean them up in preparation to a migration.  Sweet!

The migration interface is pretty easy to use, you just connect to the source Central Admin (or Site Collection or Subsite) and then connect to the destination Central Admin or Sharepoint Administrator in Office 365’s case.  You can then drag and drop the content to be copied and choose to overwrite or merge any differences.  This process can be done with Sharepoint, OneDrive and even Google Drive.  I also love the fact that you can run a pre-migration check report and be able to resolve any issues beforehand, so as to have the smoothest possible run.

Where I think this application excels the most, is the ease of use and how easy it is to map user and group permissions for content you are migrating for which a user is no longer active at your organization.  I was also able to script out the migration to save time and make sure any errors due to configuration of the migration minimized.

For those interested in my Sharegate Migration Powershell Script and how to use it for your My Sites migrations, follow these steps:

  1. Map your users and groups in the Sharegate Migration Tool, if you have no users, I would map the unresolved users and groups at the very least.
  2. In Sharegate, you should have the option to export this list into a SGUM file.
  3. Create a CSV file with the following headers, SourceURL, DestinationURL and sAMAccountName.  Populate these fields accordingly.  My CSV and Powershell was tailored specifically to migrate My Sites which is why you see the sAMAccountName field, which should be populated with the username of the person’s My Site who you are migrating.
  4. Put the CSV and SGUM file into the same folder as the below Powershell and run it.  I like to run it in the Powershell ISE.  The script will create a report for each user that it migrates.
#Import the Sharegate Powershell module.
Import-Module Sharegate

#Import CSV file with 3 columns; SourceURL, DestinationURL, sAMAccountName 
$table = Import-Csv -Path "C:\Script\SP2013-MySites-Restart.csv"
#Import user and group mappings from GUI exported file
$usermappings = Import-UserAndGroupMapping -Path "C:\Script\UserAndGroupMappings.sgum"

#Uncomment for incremental copy settings and uncomment copysettings parameter in line 22 "Copy-Site"
$copysettings = New-CopySettings -OnContentItemExists IncrementalUpdate

#Loop through each row in the CSV file
ForEach ($row in $table)
 #Set variables based on CSV columns
 $srcSite = Connect-Site -Url $row.SourceURL
 $dstSite = Connect-Site -Url $row.DestinationURL
 $username = $row.sAMAccountName

 #Copy site and capture migration results
 $result = Copy-Site -Site $srcSite -DestinationSite $dstSite -MappingSettings $usermappings -Merge -Subsites -InsaneMode -CopySettings $copysettings
 #Export results to Excel workbook
 Export-Report $result -Overwrite -Path C:\Script\MySites-Results\$username.xlsx

Cornerstone Technologies

Welcome back!  Whoa!  I haven’t written in this blog for a long time.  I have been very busy doing all sorts of things in the IT world.  I now work for an IT consulting outfit located in San Jose, CA called “Cornerstone Technologies“.  I specialize in the “Next Generation Datacenter” practice area which means that I work with a lot of public and private cloud technologies.  Mainly, Azure, Hyper-V and VMware.

In the past months I have done projects varying from SQL 2014 AlwaysOn Availability Groups to VMware Site Recovery Manager design and implementations to Sharepoint and Exchange to Office 365 migrations.

Though this blog is mainly devoted to System Center, I will also be including some posts in regards to other technologies that I think might help other IT professionals and also for my own reference.

Sharepoint 2010 Foundation SP2 is supported on Windows Server 2012!

Recently, I built out a Windows Azure System Center “cloud lab” environment.  I needed to install the Service Manager 2012 R2 Self-Service Portal which according to Kevin Holman’s SCSM 2012 R2 Quick Deployment Guide is supported on a Windows Server 2008 R2 and Sharepoint 2010 platform.

Well….it still requires either a full blown Sharepoint 2010 or Foundations installation.  However, Windows Server 2012 R2 is supported using the Sharepoint 2010 Service Pack 2 update.

Go ahead and grab Sharepoint 2010 Foundations SP2 and install away on your Windows Server 2012 R2 servers!

PowerShell: Creating a Cloud Service Azure Virtual Machine

While creating my Azure System Center cloud lab, I found it too cumbersome to provision new virtual machines.  Below is a powershell script I created to provision a new server, either Windows Server 2012 Datacenter or Windows Server 2008 R2.  The script also handles assigning a virtual network subnet, VM name, static IP and also joining the server to Active Directory.

I will go over how my lab is setup on Azure in a separate post, but in summary you will need to have a virtual network assigned to a region and have associated a cloud service to the virtual network.  You will also need to have already provisioned a storage account.

Now without further delay….the powershell code:

#Set Azure Subscription and Storage Container

$Subscription = "Pay-As-You-Go"
$Storage = "Storage Account Name"

Set-AzureSubscription -SubscriptionName $Subscription -CurrentStorageAccount $Storage

#Image Name - "Windows Server 2012 R2 Datacenter" or "Windows Server 2008 R2 SP1"
$Image = (Get-AzureVMImage |
Where { $_.ImageFamily -eq "Windows Server 2012 R2 Datacenter" } |
sort PublishedDate -Descending | Select-Object -First 1).ImageName

#VM Details
$VM = "VM Name"
$ServiceName = "Cloud Service Name"
$Location = "East US"
$VMSize = "Medium"
#Extra Small (A0) Shared 768 MB $0.02 (~$15/month)
#Small (A1) 1 1.75 GB $0.09 (~$67/month)
#Medium (A2) 2 3.5 GB $0.18 (~$134/month)
#Large (A3) 4 7 GB $0.36 (~$268/month)
#Extra Large (A4) 8 14 GB $0.72 (~$536/month)
$Domain = ""
$IP = "X.X.X.X"
$Subnet = "Subnet-1"
$TimeZone = "Eastern Standard Time"
$OU = 'CN=Computers,DC=ddomain,DC=com'

#Domain Join Credential
$AdminUser = "ADJoinAccount"
$AdminPasswd = "StrongPassword"

#Local Administrator Credential
$UserID = "LocalAdmin"
$Passwd = "StrongPassword"

#Create VM
New-AzureVMConfig -Name $VM -InstanceSize $VMSize -Image $Image -DiskLabel "OS" |
Add-AzureProvisioningConfig -WindowsDomain -AdminUserName $UserID -Password $Passwd -Domain $Domain -DomainPassword $AdminPasswd -DomainUserName $AdminUser -JoinDomain $Domain -TimeZone $TimeZone -MachineObjectOU $OU |
Set-AzureSubnet -SubnetNames $Subnet |
Set-AzureStaticVNetIP -IPAddress $IP |
New-AzureVM -ServiceName $ServiceName -Location $Location

System Center Universe 2015! Secure your spot! (Microsoft – Ft. Lauderdale, FL)


One Day. One Universe. One Cosmic Event. Back for its FOURTH year, it’s SCU 2015! 

Join us for this globally-available interactive experience spanning 6 continents, hosted by Catatpult Systems. This year, SCU will feature TWO FULL breakout tracks, allowing for more speakers, content and subject matter deep dives. Hear from an all-star cast of presenters including Microsoft technical visionaries and MVPs while interacting with worldwide user group
communities such as myITforum during the live event. At SCU 2015, you will gain insider knowledge around System Center, Microsoft Azure, Enterprise Mobility Suite, Windows Server and more!

Post event, continue your worldwide engagement with SCU-sponsored communities and user groups as well as SCU Network broadcasts. Don’t miss your chance to get in on the action!

View the live simulcast and engage in the conversation. Breakfast, lunch and snacks will be provided throughout the day for all attendees. 


Brad Anderson | Wally Mead | Anders Bengtsson | Cameron Fuller (MVP)

Dieter Wijckmans (MVP) | Jason Sandys (MVP) | Johan Arwidmark (MVP)

John Savill (MVP) | Kent Agerlund (MVP) | Kirk Munro (MVP) | Maarten Goet (MVP)

Marc van Eijk (MVP) | Pete Zerger (MVP) | Roman Yuferev | Symon Perriman

Travis Wright (MVP)


Troubleshooting SCEP Anti-Malware Policies on Clients.

Today I want to talk about how to troubleshoot System Center Endpoint Protection (SCEP) anti-malware policies on your client PCs.  Since the introduction of SCCM 2012 SP1, a new feature called “Client Side Merge” was introduced.  Basically, if multiple anti-malware policies are targeted to the same collection, the policy with the highest priority wins when there are conflicting settings.

For a quick overview of which policies are being applied, you can open the log at C:\Windows\CCM\Logs\EndpointProtectionAgent.log or you can open the SCEP client, click on the drop down arrow next to the “Help” menu and choose “About”.  This will bring up a window with a list of all policies being applied, however, this will not tell you which one has the highest priority.


SCEP Client:

So, how do you figure out which policies are being applied to the client PCs and which one has the highest priority and its settings are being merged?

Method 1:  Check the Windows Registry

  1. Open regedit.exe on the client PC.
  2. Navigate to the following key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CCM\EPAgent\LastAppliedPolicy
  3. You will see a list of all anti-malware policies along with all merged settings which are shown with a value of “0x00000002”.  In the screenshot below, you can see that “SWS EP VIP Policy” has all its settings merged into the other two policies.  This is because this policy has the highest priority among the other two policies; causing its settings to be merged with the others.

Method 2:  Command-line Windows Registry query

  1. Open a command-prompt in administrative mode.
  2. Run the following command:
    reg query HKLM\SOFTWARE\Microsoft\CCM\EPAgent\LastAppliedPolicy /f 2 /d
  3. You will see the below output showing the merged settings from the policy with the highest priority:

References:  Niall Brady

Simple ways to test SQL connectivity

While installing Configuration Manager 2012 R2, you may have a problem connecting to the remote SQL server.  Here are some ways you can use to test remote SQL connectivity from your Primary SCCM server:

  1. Telnet to the SQL server’s listening port on 1433.  This approach will require a telnet client.  To install the native telnet client on Windows 7/8.1, run the command "OptionalFeatures.exe" and then place a checkmark next to “Telnet Client” and click on OK.
    To use telnet.exe to connect to the SQL server’s port 1433, open a command prompt and type "telnet.exe <sqlserverhostname_or_ip> 1433".  If connection fails, troubleshoot your SQL server accordingly.  A successful connection will appear as a blank screen:
  2. Create an ODBC System DSN to see if connection is successful.  To add a “System DSN” open the ODBC Data Source Administrator by running the following command "C:\Windows\System32\odbcad32.exe" (64-bit) or "C:\Windows\SysWOW64\odbcad32.exe" (32-bit).  Then click on the “System DSN” tab and click on “Add…”.
    Select “SQL Server” and click on Finish.
    In the “Create a New Data Source to SQL Server” window, name the data source anything you want as we won’t be saving this connection – it’s just a connectivity test.  In the “Server” field enter your SQL server’s hostname or IP.
    Leave the next screen on defaults and continue.
    Again, leave the next screen on defaults and continue.
    The next screen you can also leave on defaults and click on Finish.
    In the configuration summary window, click on “Test Data Source…”.
    If test was successfull, you will see the below message.
  3. Last but not least and probably the less intrusive way of testing SQL connectivity is by use of Universal Data Link files (.UDL).  This method does not require the installation of a telnet client or has as many steps as the “System DSN” method and support for this method is built into every windows version.  You can delete the file afterwards to “clean-up” the system.  Right-click anywhere on your desktop and select “New”, then “Text Document”.
    Name the text document anything but make sure to change the “.TXT” to “.UDL”.  Then double-click on the resulting file.
    Double-click on the .UDL file and type the hostname or IP of your SQL server, then select a user account with permission to the SQL server and select a database.  Then click on “Test Connection”.
    If connectivity test was successful, you will receive the below message:

This isn’t an exhaustive guide to testing SQL connectivity.  Your mileage may vary depending on what the root cause of your connectivity issue, but these steps will certaintly start you off in the right direction.