SharePoint 2007 to SharePoint 2010 Farm Migration

Phase 1 – Configuration Analysis


In the current series I’d like to describe how to analyze the SharePoint Farm and prepare it for the SharePoint 2010 migration. We will review the following 3 sections:

  1. Farm Architecture and Configuration Analysis
  2. User and Group Analysis
  3. Farm Migration

The first and the most important step in SharePoint 2007 –>SharePoint 2010 migration is the understanding of existing SharePoint environment to get enough information to design the new Farm.

Let’s review in details the following template that I’m using to document the farm settings and tools that allow to gather all necessary information (we don’t describe search, excel and other services settings here)

  1. Farm Information
    1. Farm Servers and Services
    2. Web Applications
    3. Content Database and Site Collections
    4. Alternative Access Mapping
    5. Farm Solutions
    6. Enabled Farm Features
    7. Search Settings
  2. Site Information
    1. Web Parts
    2. Web.config changes
    3. Site Definitions
    4. Customized & Checked-out Items
  3. Sites Topology
    1. Sites
    2. Sites Structure Diagram
    3. Site Collections with Diagrams
  4. Issues

1. Farm Information

Content: This section enlists farm servers, components from the farm and general information about farm configuration (email settings)
Tools: STSADM –o “preupgradecheck” (Upgrade Planning Information section for servers and components) & Central Administration to get the mail settings

a) Farm Servers and Services

Content: table with the farm servers and assigned roles
Tool: Use the Central Administration & SharePoint Manager 2007 to get this information

b) Web Applications

Content: List of web applications and its URLs
Tool: Central Administration

c) Content Database and Site Collections

Content: Table with the following info – content database name, number of sites, size, list of site collections
Tool: SharePoint Diagnostic tool for the Content DB size; Central Administration and SharePoint Administration Toolkit (Batch Site Manager Solution)

d) Alternative Access Mapping
Content: Table with AAM Internal/External URLs and Zones
Tool: “preupgradecheck” log & SharePoint Diagnostic

e) Farm Solutions

Content: Table with the installed solutions and sites where they are active
Tool: SharePoint Manager 2007 / Bamboo SharePoint Analyser

f) Enabled Farm Features

Content: List of enabled features on the farm level
Tool: Central Administration

g) Search settings

Content: SSP settings (servers, databases name, crawling settings)
Tool: Central Administration & SharePoint Diagnostic

2. Site Information

a) Web Parts

Content: list of installed web parts
Tool: Bamboo SharePoint Analyzer

b) Web.config changes

Content: list what was changed in web.config for SharePoint sites
Tool: SharePoint Diagnostic shows web.config for each web application, but developer/admins own the knowledge about the changes

c) Customized & Checked-out Items

Content: list of customized & checked-out items
Tool: SharePoint Designer, choose Sites menu –> Reports –> Shared Content –> Customized Pages / Checked-out items

d) Used Site Templates across sites

Tool: “preupgradecheck” gives you a list where site templates are used

3. Sites Topology

a) Sites

Content: list of sites
Tool: Site Settings of the root site –> “Site hierarchy” item

b) Site Structure Diagram

Content: diagram of the root site
Tool: SWAT tool –> right mouse click on the site name and Show Site Diagram

4. Sites Topology

  • Use “preupgradecheck” log to document all found issues
  • use SharePoint Designer Diagnostic tab, to discover the potential issues


To get the necessary information I recommend to use the following tools:

Phase 2 – Security Analysis


In the current series I’d like to describe how to analyze the SharePoint Farm and prepare it for the SharePoint 2010 migration. We will review the following 3 sections:

  1. Farm Architecture and Configuration Analysis
  2. User and Group Analysis
  3. Farm Migration

This section describes the user analysis and permission analysis. But first of all – why do we need to analyze users and permissions when we only migrating data?! Can’t our users be migrated automatically?!

The answer is yes and no – users will be migrated automatically, but migration is hardly planning for the sake of migration and usually you are building a new application and trying to fix existing issues. Users, Groups and Permissions are needed to be reorganized and to be fixed before moving content to new environment.

The areas we need to look at are the following:

  • number of users and group
  • how users are organized in groups
  • permissions – users, groups, broken inheritance
  • dead users

SharePoint OOTB functionality doesn’t cover all our needs, so we are going to use several 3rd partly tools to gather the necessary information.


Additionally, you need to use the following STSADM commands

There are two approaches to collect required information – using commercial “ARK for SharePoint 2007” reporting tool that covers almost all our needs  or using several free tools to get the same information. We can achieve almost the same via “enumuser/enumgroups/enumroles” command of STSADM, but we need to count the items manually.

The limitation of the majority of free tools is that they don’t provide web-application level information across all site collections. The advantage of “ARK for SharePoint” is that it generates reports for all web applications in our farm.

In this post I’d like to describe the steps of how to get all information without using commercial tools.

Number of Users & Groups

  1. Users & Groups number – “Bamboo SharePoint Analyser” –> Farm->Servers->Web Applications->Site Collections –> Web sites and the values are in parentheses for “Users”, “Groups” and “Administrators”

    Users & Groups number

    Users & Groups number

  2. Site Administrators – use “Bamboo SharePoint Analyzer” of Central Administration
  3. Groups across site collections – use “Xavor SharePoint Admin tool” –> Show Group Security

    Groups across site collections

    Groups across site collections

Users & Groups Association

  1. Farm Administrators – Use Central Administration –>Operations-> Update Farm Administrators Group or  “Bamboo SharePoint Analyzer”
  2. Users by Group – ARK for SharePoint provides full info across all web applications. Alternative free solution is to use “Permission Report” tool functionality (Site Settings -> “Broken Inheritance Reports Jobs”) that generates Excel spreadsheet for the Site with the user’s and its groups.


  1. Broken inheritance can be found via “Access Checked” tool that shows SharePoint items where permission is broken, but tool doesn’t show what exactly is broken and list of changes. Reports are supported.

    Broken inheritance

    Broken inheritance

  2. Broken inheritance Diff can be viewed with “SharePoint Administration Toolkit” and its “Compare Permissions Sets” report that shows the permissions difference between the current and root items, and also the details about permission changes . Reports are supported.

    Broken inheritance Diff

    Broken inheritance Diff

  3. User rights – “Check User Access” report of “Access Checker” show the rights for the users across SharePoint elements, including the items where user don’t have access
  4. Group rights – “Check Effective Permissions” of “SharePoint Administration Toolkit” shows the items accessible by this group

Unfortunately, all previous tools don’t provide web-applications scope reports and item-level reports. It means that you can’t iterate through all site collections and find the List items or specific pages where user has no access. To get such information use “Xavor SharePoint Admit Tool” that provides reports across web application (but no functionality to save them)

Group rights

Group rights

(red – user has no permissions)

Dead Users

When you install and configure the new farm you probably create several test users and groups that should be deleted in the end. Sometimes administrators create such users and then forget to delete them. So, “dead” accounts is a quite common scenario. When you start a new migration you don’t want such users/groups in your new farm and you need to find all of them and delete.

I don’t know any free tools that provide such functionality. And there are only a couple of the commercial tools that allow to do this: DeliverPoint and ControlPoint

Creating the report

The logical outcome of the Security Analysis is the Word document that highlights the security issues, but unfortunately this is not always feasible. Consider the medium farm with 5000 users 300 groups and 400 sites with 30% of broken inheritance. You can physically create the word document but how are you going to analyze the 200 pages document?!

The real Analysis is usually a “multi-threaded” task, when you check users’ rights, discuss the grouping with DC admins, fix the broken permissions and etc.

Depending on the content size documenting the following quantitative information is recommended:

  • Farm Administrators
  • Number of users
  • Number of groups across web application and per site collection
  • Broken inheritance report per site collections and items (depends how much broken items you have)
  • Users/AD per Groups (definitely for AD, but depends on number of users)

Unfortunately, it’s hard to define the template for this step, because security analysis is very individual for the farm, and usually you end up with several files – documents describing quantitative info, excel spreadsheets with users, groups and permissions, HTML files describing the broken permission inheritance.


Security analysis might be a daunting task depending on the level of your permissions customization and user’s assignment to groups. The recommendation is to perform the draft analysis on backup instance where you can experiment with different tools and find all security breaches, and after that fix issues on production.

Tagged with: ,
  • good information,thank you

  • very helpful,thank you

  • I like reading your blog for the reason that you can always bring us new and cool things, I think that I should at least say a thank you for your hard work.

    – Henry

  • Great site. A lot of useful information here. I’m sending it to some friends!

  • Hello
    Great blog, but unfortunately I only see half of you is familiar?
    Is this due to my safari?
    Best wishes from Mannheim

  • It’s really a nice and helpful piece of information. I’m glad that you shared this helpful info with us. Please keep us informed like this. Thanks for sharing.

  • As a Newbie, I am always searching online for articles that can help me. Thank you Wow! Thank you! I always wanted to write in my site something like that. Can I take part of your post to my blog?

  • Nice insightful post. Thanks for sharing the information.

  • You seem to know a lot about this. This is good blog. A great read. I’ll certainly be back.

  • You certainly deserve a round of applause for your post and more specifically, your blog in general. Very high quality material