Chat now with support
Chat mit Support

Preparing Migration 8.14 - System Requirements and Access Rights

Migration Manager Console Migration to Microsoft Office 365 License Server Migration Manager Database Servers Migration Manager Agent Servers Statistics Portal Server Resource Updating Manager Resource Updating Wizards Processed Platforms Additional Environment Security Configuration Ports Used by General Migration Manager Components Ports Used by Migration Manager for Exchange Components Ports Used by Migration Manager for Active Directory Components Ports Used by Resource Updating Manager Accounts Required for Migration Manager Operation Accounts Used by the Directory Synchronization Agent Source Accounts Used by Migration Manager for Exchange Agents Target Accounts Used by Migration Manager for Exchange Agents Agent Host Account Used by Legacy Migration Manager for Exchange Agents Agent Host Account Used by Migration Agent for Exchange (MAgE) Accounts Used for Migrating to Microsoft Office 365 Accounts Used by RUM Agent Service Accounts Used by RUM Controller Service Account Used by Statistics Collection Agent Service Accounts Used by Statistics Portal Accounts Accounts and Rights Required for Active Directory Migration Tasks Accounts and Rights Required for Exchange Migration Tasks Using the Exchange Processing Wizard with Exchange 2010 or later Appendix. How to Set the Required Permissions for Active Directory Migration

Processing Resources Remotely (without Agents)

RUM Console

The following table lists ports required to be opened between RUM console and the other Migration Manager components so that RUM console is be able to communicate with those components properly:

Direction of Communication Port Protocol(s) Communication with
Outbound User-configured (default ports:389, 636, if available) TCP/UDP ADAM/AD LDS instance
389 Source and target domain controllers
3268 Source and target global catalogs

RUM Controller

The following table lists ports required to be opened between RUM Controller and the other Migration Manager components so that RUM controller is be able to communicate with those components properly:

Direction of Communication Port Protocol(s) Communication with
Outbound 389 TCP/UDP Source and target domain controllers
3268 Source and target global catalogs
User-configured (default ports:389, 636, if available) ADAM/AD LDS instance
135-139 Workstation processed
1024-65535  
53 DNS Server  

Workstation

The following table lists ports required to be opened between each workstation you plan to process with RUM and RUM Controller so that they may be processed successfully:

Direction of Communication Port Protocol(s) Communication with
Inbound 135-139 TCP/UDP RUM Controller
1024-65535

Accounts Required for Migration Manager Operation

Migration Manager account

Description Where Specified Rights and Permissions

The account under which the administrator is logged on when Migration Manager is started.

This account is used to connect to ADAM/AD LDS and open the migration project. (The appropriate users should be delegated rights within the project to open and work with the project).

At administrator's logon

Membership in the local Administrators group on the console machine.

If there are cluster servers in the source or target Exchange organizations, the Migration Manager account must:

  • Be a member of the local Administrators group on each cluster node.
  • Have Full Control rights over the cluster.

ADAM/AD LDS administrative account

Description Where Specified Rights and Permissions

Is used to connect to ADAM/AD LDS and create a new migration project.

During ADAM/AD LDS instance installation. Later, when you first start Migration Manager, specify this account in the Open Project Wizard.

After ADAM/AD LDS instance installation, this account is granted Full Control rights over the whole ADAM/AD LDS instance.

The user who creates the project is automatically granted Full Control rights in the project and can later delegate rights within the project to other users.

Note: Delegated users will have rights only within the ADAM/AD LDS project partition, but no rights to manage the ADAM/AD LDS instance.

SQL configuration database account

Description Where Specified Rights and Permissions

Is used to:

  • Create the SQL configuration database when a migration project is created
  • Access the SQL configuration database
In the Open Project Wizard Database Creator role on the SQL server where the configuration database will be created

NOTE: Database creator server role is required only if project database has not been created and you are planning to create it. In case the project database has been created, server role dbcreator is no longer required. Database role db_owner is enough to work with existing project database. You can grant this permission directly to the SQL configuration database account, or through the security group that can also be used for Agent Host accounts.

Auxiliary account

Description Where Specified Rights and Permissions

Is used by different Migration Manager components to retrieve information from ADAM/AD LDS

During Migration Manager setup, or in the Open Project Wizard

Membership in the local Administrators group on the console machine.

Important notes: This account must not be changed during migration. Account password must not expire or be changed during migration.

Accounts Used by the Directory Synchronization Agent

The following accounts are used by the Directory Synchronization Agent (DSA) to connect to the domains.

TIP: The DSA account permissions provided below are high level permissions that can be easily and quickly granted. However, if they are too elevated and thus cannot be granted in your environment , take a look at minimum required permissions for DSA accounts in Migration Manager for Active Directory Granular Account Permissions.

Source Active Directory Synchronization account

Description Where Specified Rights and Permissions

Is used:

  • By the DSA to connect to the source Active Directory domain
  • By the Mail Source Agent (MSA) to perform mailbox switch (related to Migration Manager for Exchange)
You specify this account when you create and configure a domain pair.

Membership in the Administrators group.

You can use account that is not a member of Administrators group in case Preinstalled Service feature is configured and enabled.

Target Active Directory Synchronization account

Description Where Specified Rights and Permissions

Is used:

  • By the DSA to connect to the target Active Directory domain
  • By the Mail Source Agent (MSA) to perform mailbox switch (related to Migration Manager for Exchange)
You specify this account when you create and configure a domain pair.

Membership in the Administrators group.

You can use account that is not a member of Administrators group in case Preinstalled Service feature is configured and enabled.

Source Accounts Used by Migration Manager for Exchange Agents

NOTE: Each computer on which Migration Manager for Exchange agents run must have DCOM Access and Launch permissions. These permissions are acquired by the agent through server's local Administrators group membership.

Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen