Overriding the Version of the Metalogix Extensions Web Service (MEWS) When Making a SharePoint Connection
|
Navigation: Connecting to SharePoint > Connecting to SharePoint On Premises > Connecting to a SharePoint On Premises Site or Server > Overriding the Version of the Metalogix Extensions Web Service (MEWS) When Making a SharePoint Connection |
It is strongly recommended that when you select Remote Connection (Metalogix SharePoint Extensions Web Service) to connect to SharePoint, the version of MEWS is installed on the remote server is the same as the installed version of Content Matrix Console. However, when you select MEWS as the connection type, you will have the option to Override the MEWS Version and specify an earlier MEWS Version (in the format n.n.n.n) when making a connection. Note that you will receive a warning message that the installed version of MEWS may be incompatible.
You can hide the warning message for any new connections and re-connections made during the current session by checking the Do not show this message until application restarts box.
IMPORTANT: You cannot update the MEWS version once the connection has been created.
If the MEWS version is overridden, the job log will display the warning message. (If both the source and target connections use an older version of MEWS, an entry will display for each.)
Connecting to SharePoint Online
|
Navigation: Connecting to SharePoint > Connecting to SharePoint Online |
Metalogix Content Matrix Console can make a tenant or site level connection to a SharePoint Online environment. While a tenant connection is similar to the connection type, the process of creating the connection is slightly different, and also involves some prerequisite steps to set up permissions.
Requirements for Making a Tenant-level Connection
NOTE: A tenant level connection works the same as a CSOM connection to an O365 environment, except that the tenant connection can also migrate Site Collections, MySites, and Managed Metadata.
·In order for users to make a SharePoint Online tenant-level connection, the connecting user must have the SharePoint Administrator permissions, as well as Site Collection Administrator permissions for each site collection being migrated.
Refer to the Office Support article Assigning admin roles in Office 365 for details.
If the connecting user does not have sufficient permissions, the connection will not be completed and the following connection error will display:
·The SharePoint Administration URL must be used in order for a tenant-level connection to be completed; that is:
"https://<CompanyTenantName>-admin.sharepoint.com"
If an incorrect URL, such as a specific site or Site Collection URL is used, then the connection will not be completed and the following connection error will display:
To connect to SharePoint Online:
In the Metalogix Content Matrix ribbon, choose Connection > Connect to SharePoint.
To complete the Connection Options tab:
1.For Address, enter either the URL or IP address of the SharePoint site or tenant to which you want to connect.
Note that the drop-down menu displays a list of previous connections.
2.For Target Type, select the connection type. Use the information in the following table for guidance.
|
If you want to connect |
Select |
Notes |
|---|---|---|
|
directly to a SharePoint site |
Site.
|
This option must be used for a site-level connection to an Office 365 tenant NOTE: If you want to connect to an Office 365 tenant root node, use the Office 365 Tenant connection type. |
|
to the root of an O365 Tenant environment (comparable to a farm-level connection in an on premises environment) |
Office 365 Tenant. |
This connection type has most of the limitations of the CSOM connection adapter, but can run Site Collection migrations. |
3.For Connection Type, select Remote Connection (SharePoint Client Side Object Model O365).
NOTE: If you accept the default (Auto Detect), this option will be detected automatically.
4.For Authentication Type, select the method to use when trying to connect to the specified SharePoint instance. When connecting to Office 365, the two main Authentication Types will be Office 365 OAuth/Standard/ADFS Authentication and Office 365 Web Browser Authentication (Not Auto Detected). Use the information in the following table for guidance.
For a SharePoint Online connection that uses"modern" (not "legacy") authentication, you must select one of the O365 OAuth Authentication options or Office 365 Web Browser. If the account is also part of a SharePoint Online Multi-Factor Authentication Policy, Office 365 Web Browser or O365 OAuth with MFA Authentication must be used.
For more information about legacy vs. modern authentication, refer to the Microsoft Support article How modern authentication works for Office 2013 and Office 2016 client apps.)
|
If |
Select . |
Notes |
|---|---|---|
|
you want Metalogix Content Matrix to automatically check against the SharePoint environment |
Auto Detect |
Metalogix Content Matrix will check for authentication types listed in the drop-down (in order), and use the first method that is found. NOTE: At the time you click [OK] to complete the connection, a pop-up box will display that asks if you want to use Office 365 OAuth. See Using Office 365 OAuth Authentication to Connect to SharePoint Online for details. |
|
·you want to connect to Office 365 OAuth, Office 365 Standard editions, or systems with ADFS AND ·MFA is not being used |
Office 365 OAuth/Standard/ADFS Authentication* |
By default the logged in user credentials will be unavailable, since this uses the Windows authentication method, and the Office 365 credentials will need to be entered. NOTE: At the time you click [OK] to complete the connection, a pop-up box will display that asks if you want to use Office 365 OAuth. See Using Office 365 OAuth Authentication to Connect to SharePoint Online for details. |
|
your account requires the use of Multi-Factor Authentication (MFA) |
Office 365 OAuth with MFA Authentication (Not Auto Detected)* |
With this authentication type, you do not have to enter account credentials in Content Matrix, and the Connect As options will be disabled. NOTE: There are some migration limitations with this connection type. See Migration Limitations When Using Office 365 OAuth with MFA Authentication for details. |
|
you want to connect through a Web browser |
Web Browser Authentication (Not Auto Detected) |
This option is not searched for within the Auto Detect option, and needs to be manually set. In order for the Metalogix Content Matrix Console to logon to the system, users must have logged on to the system being connected to through the web browser on that system first (only before the initial connection). Since this is all done using the Web browser for authentication, the credentials section of the window will be grayed out (since it is not needed), and it is limited to the Metalogix Extensions Web Service Connection Type because it authenticates through IIS and not the Active Directory (AD).
NOTES: ·Because this connection method uses cookies from the browser, it may require multiple logins when running a single migration. However, this is only likely if the migration is running for a long session; this is mainly determined by the web browser settings for authentication. In the event that a login is required, a dialog box appears that lets users log in. After the user logs in, the migration will continue from where it left off. ·If you are planning to run a job using a PowerShell script, make sure the PowerShell console is closed before you make the connection using this method. Otherwise, an error will occur when you attempt to run the PowerShell job. |
|
you want to connect through a Web browser using authentication for Office 365 |
Office 365 Web Browser Authentication |
This option works the same as Web Browser Authentication (Not Auto Detected) except: ·it looks for more specific Office 365 cookies ·it requires that users first log into Office 365 through the browser ·instead of allowing multiple logins, only one "request" for data can be made at a time, which ensures that no data is missed or lost due to the system locking from too many requests (but which may result in a slower connection). |
|
you want to make a site-level connection to a GCC High site using O365 User Provided Authentication |
Office 365 User Provided Authentication (hidden by default) |
You must first run a utility provided by Quest Support and enable the setting EnableUserProvidedAuthentication. Refer to the Quest Support Knowledge Base article Enabling User Provided Authentication in Content Matrix for details. |
* If you are connecting to SharePoint Online using OAuth authentication and you used a custom domain as the Address, you will also need to check the Override SharePoint Online Tenant Domain Name and enter the default tenant domain name (which can be found at https://admin.microsoft.com/Adminportal#/Domains) to allow Content Matrix to route the request to the proper region.
5.For Connect As, enter/select the login credentials you want to use to connect to the SharePoint site/server. Use the information in the following table for guidance.
NOTE: This option is disabled if you selected Office 365 OAuth with MFA Authentication, or Web Browser Authentication (Not Auto Detected).
|
If you want to |
Then |
|---|---|
|
use the current Windows user's authentication credential |
Select the (default) <Domain>\<user> radio button. |
|
use different authentication credentials |
·Select the Different User radio button, and ·Enter the applicable user name and Password. In cases where alternate credentials are entered, it is recommended that you select the Remember my password check box so Metalogix Content Matrix will automatically remember that user account password. This is especially important if you chose Web Browser Authentication, as credentials must be stored in the Credential Manager vault before the connection is made. |
6.If you want to Add or Remove certificates to be included when connecting to SharePoint:
a)Select the Included Certificates tab.
Please see the Connecting with Certificates for more details on connecting to SharePoint instances that require certificates.
b)After all of the desired connection options have been set, for all options tabs, click [OK] to establish the connection.
If you are making a tenant-level connection, the Limit Site Collections dialog displays, giving you the option to limit the site collections to include in your connection (which by importing an xml file with the list of URLs you want to include). This is useful if the environment you are connecting to includes a very large number of site collections. In this case, limiting displayed site collections can improve performance. Additionally, the Include Office 365 tenant my site host connection allows MySites to display under their own top-level connection node (alongside the main tenant node) with the following URL format: http://[Tenant URL]-my.sharepoint.com. It is selected by default, but if you want to exclude them from the connection, uncheck this box.
NOTE: If you want to View Sample xml, click the link on the dialog. The xml file you import must follow the same format as this sample.
7.Either:
§Click [Yes Import from XML] to specify the URLs of the sites you want to include in the connection, then browse/upload the file
OR
§Click [No Continue with Connection] to add all sites within the selected scope to the connection.
If Metalogix Content Matrix successfully makes the connection, a new node will appear in the Explorer View, and you can expand this node and navigate through the SharePoint objects.
NOTE: Should the log file ever show a "could not find site on remote SharePoint server" exception message when working with CSOM connections, simply restart the CSOM service on all machines running the Metalogix Content Matrix console and then rerun the action.
Using Office 365 OAuth Authentication to Connect to SharePoint Online
|
Navigation: Connecting to SharePoint > Connecting to SharePoint Online > Using Office 365 OAuth Authentication to Connect to SharePoint Online |
Office 365 OAuth Authentication is a token-based authentication method that can be used as an alternative to Standard/ADFS Authentication to reduce throttling.
If Multi-Factor Authentication is set up for the tenant and enabled for the account (as described in the Microsoft TechNet article SharePoint Online - O365: Set up Multi-Factor Authentication), you can connect using Office 365 OAuth with MFA Authentication as an alternative to Office 365 Web Browser authentication.
NOTE: If you are using the Office 365 OAuth with MFA Authentication type, be aware that some migration limitations apply.
Registering the Metalogix Content Matrix SharePoint Client Application for OAuth Authentication
|
Navigation: Connecting to SharePoint > Connecting to SharePoint Online > Using Office 365 OAuth Authentication to Connect to SharePoint Online > ing the Metalogix Application for OAuth Authentication |
The very first time OAuth Authentication is selected, the application Metalogix Content Matrix SharePoint Client must be registered for the tenant.
IMPORTANT: Prior to version 9.2, the Metalogix SharePoint Migration Client application was used for OAuth Authentication. Jobs created before version 9.2 (including those that use PowerShell or Distributed Migration) will continue to use this application (as long as it is still registered in Azure Active Directory). Starting with version 9.2, all jobs using OAuth Authentication will use the Metalogix Content Matrix SharePoint Client application.
Required Permissions
At a minimum, the following permissions are required to register and provide consent for the Metalogix Content Matrix SharePoint Client application.
·For a site-level connection, the account must have a minimum of Site Administrator and Application Administrator permission roles.
·For a tenant-level connection, the account must have a minimum of Application Administrator permission role.
Providing Consent to Grant the Application Requested Permissions
The first time a Content Matrix user attempts to connect to SharePoint Online using Office 365 OAuth Authentication, a dialog displays requesting that you grant the permissions that the application needs to perform migrations.
A Global Administrator can check the Consent on behalf of your organization box, which will prevent this dialog from displaying for other users. If the account is not a Global Administrator, the Consent on behalf of your organization option will be hidden.
IMPORTANT: If a Global Administrator does not consent on behalf of the organization, each Content Matrix user who attempts to connect using Office 365 OAuth Authentication for the first time must sign in with an account that has the Application Administrator and SharePoint Administrator permission role.
After [Accept] is clicked, the connection is created (and the application will be registered if it does not already exist in Azure Active Directory). In addition, the token cache file ConnectionsTokenCache.dat is created in the AppData/Roaming/Metalogix folder. (Note, if you have used OAuth Authentication in an earlier version of Content Matrix, this file will already exist.)