Users and groups association (automatic mapping)

Users are automatically associated between your source and destination. This association affects permissions, and Person or Group metadata fields, such as Modified by.

Note: You can map users and groups manually. The users and groups you do not specify in your mappings are mapped automatically.

Index

• What is matched?
• How the application resolves users from the source to the destination
• How the application resolves groups from the source to the destination

What is matched?

Users and security groups

Users and Active directory (security) groups are matched with what's available in the destination's active directory.

SharePoint groups

SharePoint Groups are copied at the destination and populated with your users as long as the source users can be resolved at the destination.

How the application resolves users from the source to the destination

ShareGate Desktop looks at the whole account name available, for matches to users at the destination through the SharePoint people picker.

The application looks at the account names for strings of matching characters.

Once the app has a list of potential matches for your user, it goes through the list of values below (in the specified order). The app considers the account a match when it finds the same values for one of these properties:

1. Exact same account name
2. Same normalized account name (without claims header)
3. Same login and domain
4. Same login
5. Same login and domain (source login read from display name - this can happen when importing from file system because the account name is set as the display name)
6. Same login (source login read from display name - this can happen when importing from file system because the account name is set as the display name)
7. Same email address
8. Same display name
9. PrincipalType is not set or is a Security Group and same display name without domain

Note: If you're using any kind of redundant word in the account name, or if you have certain users that have multiple matching names, you could get user mismatches. You will have to create a company-wide user mapping file to resolve that problem. You can extract the user information from your Active Directory, and use that data to generate a mapping file with PowerShell.

How the application resolves groups from the source to the destination

SharePoint Group

The application searches for a SharePoint Group of the same name at the destination. If a matching group is found, that group is used.

If no SharePoint Group is found, the application looks for an Active Directory Security Group of the same name. If a matching Active Directory Security Group is found, that group is used in the destination.

Using Copy Structure, if no matching Active Directory Security Group is found, ShareGate Desktop migrates the SharePoint Group with its members, as long as the users are available in the destination.

Active Directory Security Group

ShareGate Desktop does not migrate Active Directory Security Groups, instead the app searches for an Active Directory Security Group of the same name in the destination. If a matching group is found, that group is used. ShareGate Desktop will then copy the permissions from the source group to the destination group. 

If no Active Directory Security Group is found, the application looks for a SharePoint Group of the same name. If a matching SharePoint Group is found, ShareGate Desktop will then copy the permissions from the source group to the destination group. 

Note: If an Active Directory Security Group is already nested in SharePoint Group, the mapping option with fail since a SharePoint Group cannot be added within another SharePoint Group.