PowerShell scripts for assessing and migrating all .NET sites on a single IIS server in bulk are available here: PowerShell scripts .zip download

• Requires Administrator permissions on the IIS server
• Machine executing scripts must be using PowerShell v4 or higher for getting readiness results (PSv2.0 for a remote IIS server) and packaging; or PowerShell v5.1 or higher for migrating packages to Azure
• Works for IIS servers 7.5 or higher with IIS Management Console component enabled
• Remote readiness assessment possible for servers with PowerShell remoting enabled
• Readiness assessment and packaging may be done without outgoing network connectivity, settings generation and migration requires outbound connectivity and Azure PowerShell on the machine

1. Verify the scripts package .zip you downloaded matches the SHA256 signature noted for the release (see Release Notes). For example, this is the SHA256 for the PowerShell script 1.0.2 release: 7F1698E54A736F5B421F99095DC4C2A772F1C0FDC2C2CD3A2BA2FEA7EB1C185C. You can check the signature using a PowerShell command like:

Get-FileHash -Path .\AppServiceMigrationScripts.zip -Algorithm SHA256

2. Extract the scripts. Unzip the package to a location that is accessible from the machine where you want to run them.
3. Configure PowerShell execution policy to allow running the scripts or add the Microsoft Corporation certificate to your Trusted Publishers certificate store (you can view the certificate information by right-clicking the .ps1 script files and looking at Digital Signatures). More information about PowerShell execution policy and signing: https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_execution_policies?view=powershell-7.1

• To add the Microsoft Corporation certificate that was used to sign the scripts to the "Trusted Publishers" store for you user account so it works for AllSigned execution policy - this should happen automatically if you reference a script and select the "A" Always run option when getting the "Do you want to run software from this untrusted publisher?" PowerShell will show this type of "untrusted publisher" message until the cert is in the Trusted Publisher store even though you likely already have the parent certificate authority ("Microsoft Root Certificate Authority 2011") in your "Trusted Root Certification Authorities" certificate store. Sample command to run to trigger prompt: .\Get-SitePackage -foo

• To set PowerShell execution policy - open an Administrator PowerShell prompt (not required to set the policy, but needed to run the scripts) and run something like this command to allow script execution within the process: Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Scope Process -Force

Check out the SampleServerMigration.ps1 for an idea of the general flow of the scripts for a server. Generally steps are to call the scripts in the following order:

Discovers all machines running on the IIS server (either locally or pointed at a remote server that has PowerShell remoting enabled), does a series of assessment checks, and saves the failed check results and site metadata for all the sites in a .json file. Does not require outbound internet connectivity to run.

Packages all sites referenced in the provided readiness file (generated by Get-SiteReadiness.ps1) which do not have errors. Can override to package sites with errors as well (however those with "Fatal" errors such as having site content greater than 2 GB will still not be packaged - these would fail to migrate due to limitations in the deployment API used). May also choose to package a single specific site. Must be run on the server where the sites exist. Does not require outbound connectivity. Migration can be done from another server by copying the packages directory.

Creates a base .json file with the settings required for migration for all the packaged sites in the referenced package info input file (generated by Get-SitePackage.ps1). By default the AzureSiteName values (the name that will be used for the App Service site name) will be set to the local IIS site name - this is likely to require update as App Service has more strict naming conventions as well as requiring site names to be unique. Invoke-SiteMigration will fail during validation for any AzureSiteName that is not valid due to name character restrictions or availability. Generate-MigrationSettings.ps1 requires outbound connectivity to communicate with Azure to validate some settings and requires Azure Powershell to be installed. The settings file may able be generated manually such as using the TemplateMigrationSettings.json as a starting point.

Migrates sites based on the settings input file, starting with basic settings validation before doing Azure resource creation. Summary information about all created Azure resources is saved to a file upon completion. Only allows for targeting new App Service Plans. Requires outbound connectivity to communicate with Azure to validate settings and Azure PowerShell to be installed.

Something didn't work or didn't have the functionality you need? Let us know by posting in Issues.