Runbooks and Steps

PowerSyncPro Windows 10 Workstation Agent has the concept of runbooks and steps where you can customise what components you can run and when for your migration.

Runbook

A run book is a collection of steps which can be tailored to execute on different dates and times along with customising what you need to run for your requirements and particular migration.

Some of the steps have dependencies and will be logically grouped, the list below gives you an idea of the level of flexibility to meet your needs.

Some steps take longer than others, so you many want to do some in advance silently, this is so on the migration day the process is optimised to minimise user downtime whilst the machine is reconfigured.

You can add as many runbooks as you like, but each runbook will only be run once.   Commonly we deploy runbooks for Workload Migration Prep, Workload Migration, Workstation Migration and Uninstall Agent.

Start Migration

Sets the signin background to indicate that a migration is happening, and creates an AdminFallback local user as a way back into the device if things go wrong.

It also disabled the BitLocker Protection Keys to avoid issues with reboots.

If a user is logged on when we start this step then a Toast will appear giving them 1 hour grace

Take a backup of all of the local group members

Removes autopilot information from the registry including Controlled Validation keys for Hybrid Join

Disjoins the machine from the old directory (be that Active Directory, Azure Active Directory, or Hybrid)

Joins the workstation to either Active Directory or Azure Active Directory. For a Hybrid AD Join target be aware that the machine must have line of sight to a Domain Control as it reboots, so things like VPN may need to be considered.

Verifies that the Target directory Join Type has been achieved by checking dsregcmd output. If it fails multiple times then it will try to run the Join New Domain step again

Restores the local group members to add back any local accounts and migrated accounts that were removed as part of the LeaveOldDirectory/JoinNewDirectory process

Clear the AAD Brokers on this machine or for this user

Clear the Teams cache directories

Changes the permissions/owner/group settings on every file, folder on every fixed disk as well as every registry key for users in scope for the migration.

It will also switch the user profile for every user profile where there is a translation of SIDs

Saves the Run key to avoid things starting as we reboot the workstation

Set OneDrive to use the SilentAccountConfig setting

Remove all of the old and now migrated user profiles

Runs Attrib for every sync root on the workstation to force files to be Cloud Only, otherwise you may find duplicates after the migration.

Marks all existing profiles as being eligble for user based runbooks

Migrate AppX applications so that the migrated user can use them

Reset credentials in the primary (default) Edge profile so they are useable for the new user.

Reset credentials in the primary (default) Edge profile so they are useable for the new user.

Sets the ZeroConfigExchange setting for this user, this allows Outlook to start cleanly and run its own setup process based on the version installed.

Clears the cloud Credentials to force Office to activate afresh

Clears the cloud credentials to force Teams to start afresh

Puts redirected folders back to their defaults and DOES NOT move files back

Puts redirected folders back to their defaults and move files back

Uninstall the OneDrive Sync Client for the logged on user while trying to avoid any UAC prompt

Uninstall the OneDrive Sync Client for the logged on user, this is important so that OneDive can be configured to the new tenant.

Install the OneDrive Sync Client for the logged on User

Copies the saved keys back to the Run key

Start the OneDrive Client

Start all of the programs in the Run key

Removes the agent and all traces of it, usually done 30 days after the migration.

Removes the StartMigrationPackage, enables the BitLocker Protection Keys and Saves any Bitlocker recovery keys to AD/Azure AD