SharePoint Migration Identity Mapping Tool: Azure Active Directory Identity Scan

Overview

The Azure Active Directory scan will look up identities that were found in the source SharePoint environment in the Azure Active Directory that you authenticate to.

When performing look-ups, this is the pattern used for matching:

Users

ExactMatch

Source Identity is a Windows user with a Security Identifier [SID]. The target is the OnPremisesSecurityIdentifier in Azure Active Directory.

Non-Windows accounts will never be able to have an ExactMatch.

PartialMatch

Source identity claim value equals the UserPrincipalName or Mail value in Azure Active Directory.

or

Source Identity Display Name equals the Display Name in Azure Active Directory.

NoMatch

Unable to perform neither ExactMatch or PartialMatch.

Groups

ExactMatch

Source Identity is a Windows group with a Security Identifier [SID]. The target is the OnPremisesSecurityIdentifier in Azure Active Directory.

Non-Windows accounts will never be able to have an ExactMatch.

PartialMatch

Source Identity Display Name equals the Display Name in Azure Active Directory.

NoMatch

Unable to perform neither ExactMatch or PartialMatch.

We use ADAL to authenticate the operator to Azure Active Directory. This requires consent for the application to read the Azure Active Directory. In order to ensure there is consent prior to running the scans, the tool will perform a pre-flight validation check which involves authenticating to Azure. This will enable the operator to avoid running a long scan process if all the prerequisites have not been met. See <Link to consent info> for more information.

Expand your skills
Explore training
Get new features first
Join Office Insiders

Was this information helpful?

Thank you for your feedback!

Thank you for your feedback! It sounds like it might be helpful to connect you to one of our Office support agents.

×