ForensiT Homepage
Forum Home Forum Home > ForensiT Support > Domain Migration
  New Posts New Posts RSS Feed - AzureAD Migration Troubleshooting Tips
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

AzureAD Migration Troubleshooting Tips

 Post Reply Post Reply
Author
Message
DarrenDK View Drop Down
Newbie
Newbie


Joined: 12 Dec 2020
Status: Offline
Points: 13
Post Options Post Options   Thanks (1) Thanks(1)   Quote DarrenDK Quote  Post ReplyReply Direct Link To This Post Topic: AzureAD Migration Troubleshooting Tips
    Posted: 19 Nov 2021 at 1:57pm
Hey guys, I've probably spent 80+ hours scripting profwiz for AzureAD Migrations and for you guys experiencing the dreaded Error 1317 or Error 1 codes, I wanted to share my observations in hopes it will save you time.
  • Version 24 notes
  • DO NOT PUT QUOTES AROUND ANY PARAMETERS
  • When reading profwiz output, the absense of "A user profile for IMMY-TEST\immy.bot was not found." entry appears to mean it successfully resolved the source user/profile
  • Using /SOURCEACCOUNT $SID appears to be reliable
  • Error 1317 was mitigated by not including the /TARGETACCOUNT switch (This isn't necessary since our config specifies an XML file with only one user)
  • Follow up to this, I ended up including /TARGETACCOUNT user@domain.com and it worked on Version 24
  • Error 1 can be mitigated by using /SOURCEACCOUNT instead of /SOURCEPROFILE (/SOURCEPROFILE is newer and evidently doesn't work)
  • The WorkingDirectory doesn't appear to matter for profwiz.exe it will always find profwiz.config if it's in the same directory as profwiz.exe
  • A CSV Mapping file isn't necessary for AzureAD migrations
  • A local user account with credentials isn't necessary if you're executing from the SYSTEM context (SCCM/RMM/Etc)
  • Error 1 could be because you must specify a non-empty value in profwiz.config for <Domain>Azure AD</Domain> <---This took me 8 hours to figure out since the logs simply say MIGRATION FAILS and profwiz exits with error code 1
  • The more frustrating thing about this error is that it appears that you can put literally any string in here and it will work, so the value obviously isn't necessary. 
  • The bare minimum config file looks like this:
<ForensiTUserProfileWizard xmlns="http://www.ForensiT.com/schemas">
  <Parameters>
    <Azure>True</Azure>
    <AzureObjectIDFile>C:\Temp\Profwiz-20211117-124301\ForensiTAzureID.xml</AzureObjectIDFile>
    <Domain>Azure AD</Domain>
    <Silent>True</Silent>
  </Parameters>
  <licensing>C3C08AE252...</licensing>
</ForensiTUserProfileWizard>
Back to Top
Support View Drop Down
Moderator Group
Moderator Group


Joined: 09 Nov 2006
Location: United Kingdom
Status: Offline
Points: 1541
Post Options Post Options   Thanks (0) Thanks(0)   Quote Support Quote  Post ReplyReply Direct Link To This Post Posted: 19 Nov 2021 at 2:52pm
Hi,

Many thanks for your feedback. It is much appreciated. There are a few points we need to make for anyone coming across this post.

Firstly, this is great advice for anyone running from the command line. It does not apply to if you are running a script generated by the Deployment Kit, or indeed if you are using the GUI. (If you had used the Deployment Kit to configure your Profwiz.config file, you wouldn’t have spent 8 hours trying to find a configuration error! The <Domain> value is there for future use.)

The /SOURCEPROFILE parameter does work.

More crucially, it is true you do not need a Computer CSV Mapping file, but generally you must specify a User CSV Mapping file - a lookup file. User Profile Wizard needs to find the Object ID of the user’s Azure AD user account in the ForensiTAzureID.xml file. It does that by looking for the UPN. The only way it can get the UPN for the user automatically, is by mapping the existing user name to the UPN of the Azure AD user account. This is one of top support issues, and it would be wrong to give the impression that a user lookup file is not normally required.

Can you share the command line you ended up using?


Back to Top
DarrenDK View Drop Down
Newbie
Newbie


Joined: 12 Dec 2020
Status: Offline
Points: 13
Post Options Post Options   Thanks (0) Thanks(0)   Quote DarrenDK Quote  Post ReplyReply Direct Link To This Post Posted: 22 Nov 2021 at 4:09pm
I ended up using 
C:\Temp\Profwiz-20211118-125007\profwiz.exe /SOURCEACCOUNT S-1-5-21-1111111111-11111111111-11111111-12345 /NOREBOOT /LOG C:\WINDOWS\TEMP\ImmyTemp-20211118-125037.log /TARGETACCOUNT immy.bot@domain.com

Regarding /SOURCEPROFILE, I made that note before I realized the absence of an error about not being able to map the user profile meant it was able to map the source profile, so it likely does work.

I'm a bit of a command line purist so I avoid UIs wherever possible, and I understand that this may have made my life a bit harder, but I'm really trying to get down to the bare minimum set of required parameters and I find the GUI adds a lot of unnecessary cruft to the config file. 

If it were up to me I'd add a clientid and clientsecret parameter to the command line and/or profwiz.config file so it can reach out to the Graph API to perform the user mapping real-time like it used to do with the domain credentials instead of having to generate the XML file in PowerShell.
Back to Top
DarrenDK View Drop Down
Newbie
Newbie


Joined: 12 Dec 2020
Status: Offline
Points: 13
Post Options Post Options   Thanks (0) Thanks(0)   Quote DarrenDK Quote  Post ReplyReply Direct Link To This Post Posted: 23 Nov 2021 at 12:40am
Ok, another update:
I re-ran it today and ran into the Error 1 again and this time after 3 more hours learned it was because I wasn't specifying 
<All>False</All>
<OldDomain>DOMAIN</OldDomain>

Honestly I have no idea how I got it to work the other day. Maybe I was specifying a CSV map? I was trying that all day today and then I regenerated a profwiz.config without the user map and saw the options above and started fiddling and got it working.

So ultimately what worked is 
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ForensiTUserProfileWizard xmlns="http://www.ForensiT.com/schemas">
<Parameters>
<Azure>True</Azure>
<AzureObjectIDFile>C:\Temp\Profwiz-20211122-182926\ForensiTAzureID.xml</AzureObjectIDFile>
<!-- Corporate Edition Settings -->
<Silent>True</Silent>
<Domain>Azure AD</Domain>
<All>False</All>
<OldDomain>OLDDOMAIN</OldDomain>
</Parameters>
<licensing>C3C08AE2...</licensing>
</ForensiTUserProfileWizard>

No CSV user mapping
No Local Credentials
No Domain Credentials
Yes AzureMapping.xml

C:\Temp\Profwiz-20211122-182926\profwiz.exe /SOURCEACCOUNT S-1-5-21-111111111-11111111-111111111-11111 /NOREBOOT /LOG C:\WINDOWS\TEMP\ImmyTemp-20211122-183013.log /TARGETACCOUNT immy.bot@domain.com

Why does OldDomain matter?
Back to Top
Support View Drop Down
Moderator Group
Moderator Group


Joined: 09 Nov 2006
Location: United Kingdom
Status: Offline
Points: 1541
Post Options Post Options   Thanks (0) Thanks(0)   Quote Support Quote  Post ReplyReply Direct Link To This Post Posted: 23 Nov 2021 at 9:25am
The <OldDomain> only matters if <All> is set to True and you are not using the command line. In those circumstances, User Profile Wizard will look for all profiles from <OldDomain> to migrate. However, the command line always over-rules Profwiz.config settings.
Back to Top
DarrenDK View Drop Down
Newbie
Newbie


Joined: 12 Dec 2020
Status: Offline
Points: 13
Post Options Post Options   Thanks (0) Thanks(0)   Quote DarrenDK Quote  Post ReplyReply Direct Link To This Post Posted: 23 Nov 2021 at 9:43pm
Further updates after more head slamming.

OldDomain definitely matters, and not only does it matter, it has to be the NETBIOS name of the domain. When I tried olddomain.local, it did not work.

Ironically, the log output shows that profwiz already has this information, yet it still fails unless I put it in the OldDomain XML property.
Back to Top
DarrenDK View Drop Down
Newbie
Newbie


Joined: 12 Dec 2020
Status: Offline
Points: 13
Post Options Post Options   Thanks (0) Thanks(0)   Quote DarrenDK Quote  Post ReplyReply Direct Link To This Post Posted: 23 Nov 2021 at 11:05pm
Ok, going back to /SourceProfile for a moment:

Running C:\Temp\Profwiz-20211123-161930\profwiz.exe /SOURCEPROFILE immy.bot /NOREBOOT /LOG C:\WINDOWS\TEMP\ImmyTemp-20211123-161945.log /TARGETACCOUNT immy.bot@mydomain.com
Streaming C:\WINDOWS\TEMP\ImmyTemp-20211123-161945.log
ForensiT User Profile Wizard 24.1.1285

Licensed to  (50 Seats) License No. 43A6FDE

Copyright (c) 2002-2021 ForensiT Ltd




23/11/2021 14:20:08.333 Creating migration service... Done.

23/11/2021 14:20:08.354 Starting migration service... Done.

23/11/2021 14:20:09.415 Target device: IMMY-TEST

23/11/2021 14:20:09.418 OS build 10.0.19042.1348. Version 20H2.

23/11/2021 14:20:09.418 Domain: MyDomain

23/11/2021 14:20:10.069 Migrating user account "immy.bot"

23/11/2021 14:20:11.384 Migration Fails.

WARNING: Profwiz returned non-success exit code 1

WARNING: C:\Temp\Profwiz-20211123-161930\ForensiTAzureID.xml
<?xml version="1.0" encoding="utf-8"?>
<?xml-stylesheet type='text/xsl' href='style.xsl'?>
<ForensiTAzureID ObjectId="6086eb37-149f-47ce-849b-11111111111111" Name="mydomain.onmicrosoft.com mydomain.mail.onmicrosoft.com mydomain.com" DisplayName="My Companies">
    <User>
        <UserPrincipalName>immy.bot@mydomain.com</UserPrincipalName>
        <ObjectId>b6a47336-ac11-4277-ac45-075d42d3d8b9</ObjectId>
        <DisplayName>Immy Bot Test</DisplayName>
    </User>
</ForensiTAzureID>
WARNING: C:\Temp\Profwiz-20211123-161930\profwiz.config
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ForensiTUserProfileWizard xmlns="http://www.ForensiT.com/schemas">
  <Parameters>
    <Azure>True</Azure>
    <AzureObjectIDFile>C:\Temp\Profwiz-20211123-161930\ForensiTAzureID.xml</AzureObjectIDFile>
    <!-- Corporate Edition Settings -->
    <Silent>True</Silent>
    <Domain>Azure AD</Domain>
    <All>False</All>
    <OldDomain>
    </OldDomain>
  </Parameters>
  <licensing>C3C08AE252...</licensing>
</ForensiTUserProfileWizard>
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down

Forum Software by Web Wiz Forums® version 12.03
Copyright ©2001-2019 Web Wiz Ltd.

This page was generated in 0.078 seconds.