Users and groups association (automatic mapping)

Users are automatically associated between your source and destination. This association affects permissions, and Person or Group metadata fields, such as Modified by.

Note: You can map users and groups manually. The users and groups you do not specify in your mappings are mapped automatically.

Index

• How the application resolves users from the source to the destination
• How the application resolves groups from the source to the destination

How the application resolves users from the source to the destination

ShareGate Desktop extracts the following information for each user account in the source:

• Account name
• Display name
• Email

Once the information is extracted, the application goes through the user accounts in the destination and looks for complete matches with the properties below, in the specified order. These properties are:

1. Exact same account name
2. Same normalized account name (without claims header)
3. Same login and domain
4. Same login
5. Same login and domain (source login read from display name - this can happen when importing from file system because the account name is set as the display name)
6. Same login (source login read from display name - this can happen when importing from file system because the account name is set as the display name)
7. Same email address
8. Same display name
9. PrincipalType is not set or is a Security Group and same display name without domain

The moment a matching property is found, the destination user account is considered a match and is mapped to the source user account.

If no complete match is found, an algorithm is used to look for partial matches of these properties.

Note: If you're using any kind of redundant word in the account name, or if you have certain users that have multiple matching names, you could get user mismatches with the algorithm. You can create a company-wide user mapping file to resolve that problem. You can extract the user information from your Active Directory, and use that data to generate a mapping file with PowerShell.

How the application resolves groups from the source to the destination

SharePoint Group

The application searches for a SharePoint Group of the same name at the destination. If a matching group is found, that group is used.

If no SharePoint Group is found, the application looks for an Active Directory Security Group of the same name. If a matching Active Directory Security Group is found, that group is used in the destination.

Using Copy Structure, if no matching Active Directory Security Group is found, ShareGate Desktop migrates the SharePoint Group with its members, as long as the users are available in the destination.

Active Directory Security Group

ShareGate Desktop does not migrate Active Directory Security Groups, instead the app searches for an Active Directory Security Group of the same name in the destination. If a matching group is found, that group is used. ShareGate Desktop will then copy the permissions from the source group to the destination group. 

If no Active Directory Security Group is found, the application looks for a SharePoint Group of the same name. If a matching SharePoint Group is found, ShareGate Desktop will then copy the permissions from the source group to the destination group. 

Note: If an Active Directory Security Group is already nested in SharePoint Group, the mapping option with fail since a SharePoint Group cannot be added within another SharePoint Group.