Prior to executing the steps below, please ensure the following conditions have been met:
- The Directory Synchronization has been stopped on all Domain Pairs by right clicking Synchronization and selecting stop on each pair.
- The three remaining running Directory Sync Agent services for each DSA instance have been stopped using the Services console. (Directory Synchronization Agent ADProxy Service; Directory Synchronization Agent Configurator Service; Directory Synchronization Agent Log Service).
- All instances of Migration Agent for Exchange (MAgE) have been stopped.
- All instances of Mail Target Agents, Mail Source Agents, Transmission Agents Calendar Synchronization and any Public Folder Agents are stopped.
- Confirm the Service Account has not been locked out in Active Directory Users and Computers.
I. Migration Manager for AD
- Log out of the Migration Manager Console server, as well as any dedicated agent host servers.
- Ensure the Service Account password has been updated to its new desired value in Active Directory.
- Log back into the Migration Manager Console server and open the Migration Manager console.
- Click on the Project menu and select, Open Project.
- When the Open Project Wizard window appears, select the Set Auxiliary Account section on the left hand side.
(Note, a description of what this account is utilized for can be seen in this section)
If the Service Account that has had its password updated appears here, enter the new password and click the Next button three times to reach the end of the Wizard. Click Finish to complete the Wizard and commit these changes.
- Right click on the Domain Pair and select Properties, if the Service Account that has had its password updated appears in the “Select Source Domain” or “Select Target Domain” sections, input the new value and click OK to save the changes. This step will need to be repeated for all Domain Pairs present in the Migration Project.
- Note, this step only needs to be completed if the Service Account that has recently had its password updated was being used by the Directory Synchronization agent to access the ADAM / AD LDS project database.
Click on the Tools menu and select, Agent Manager. Right click the Directory Synchronization Agent host and select “Change ADAM/AD LDS Credentials” select Browse to locate the Service Account and input the updated password.
- Open the Resource Updating Manager (RUM) Console and click on the Project menu. Next, select “Manage Domains Credentials” and update any occurrences of the Service Account credentials with the new password that appear here. (Note, when selecting to edit any of the existing credentials the following prompt will appear)
“The new domain credentials will take effect only for newly installed agents. To change the credentials for existing agents, reinstall the agents”.
- Open the Services management console on Migration Manager Console host and any Directory Synchronization Agent host. If any of the Directory Synchronization Agent services are not running as Local System and using the Service Account that has recently had its password changed these will also need to be updated. Right click each of these services that are using the Service Account, select Properties and then click the Log On tab to update the password. By default, all of these services will be installed to “Log On As” the Local System account however.
As well, if the Migration Manager RUM Controller Service is using the Service Account that has recently had its password updated, this will also need to be updated to reflect this change.
- Start the three Directory Synchronization Agent Services named in the beginning of this article. Then, proceed with starting the Directory Sync on any existing Domain Pairs in the project. After the Directory Sync has been started, review the Directory Synchronization Agent log for any authentication based errors – to ensure the above procedure has been successfully completed. The Directory Synchronization Agent log file is located in the following path by default:
:\Program Files (x86)\Quest Software\Migration Manager\DSA\CONFIGS\dsa.log
II. Migration Manager for Exchange
(Note – If the Migration Manager for AD section of this article has already been completed, step 1 through 3 of this section can be skipped).
- Open the Migration Manager Console if not already open, and select the Exchange Data tab at the lower left section of the console.
- Click on the Project menu and select, Open Project.
- When the Open Project Wizard window appears, select the Set Auxiliary Account section on the left hand side.
(Note, a description of what this account is utilized for can be seen in this section)
If the Service Account that has had its password updated appears here, enter the new password and click the Next button three times to reach the end of the Wizard. Click Finish to complete the Wizard and commit these changes.
- Click on the Agent Management section in the Exchange Migration Project, this will display a list of all the Hosts involved in the migration project. In the section that displays the Account, if the Service Account that has had its password recently updated appears here – right click each of the affected hosts, select Properties and then click the Modify button. Enter the updated credentials and click OK. The account being specified here, is what is used when the Agent services are installed on the host.
- Fully expand both the Source and Target Exchange Organizations sections within the Exchange Migration Project. Right click any of the Exchange Servers listed and select Properties. This particular step will need to be repeated for each Exchange Server and DAGs (Database Availability Group) that are listed, as well as each of the servers that are DAG members.
a) In the Connection section, if the Exchange account listed is the Service Account that has recently had its password updated – click Modify and enter the updated credentials.
b) In the Associated domain controller section, if the Active Directory account listed is the Service Account that has recently had its password updated – click Modify and enter the updated credentials. Note – if there are multiple Active Directory servers listed in the drop down menu, repeat this section for each server listed.
c) In the Default Agent Host section, if the Agent host account listed is the Service Account that has recently had its password updated – click Modify and enter the updated credentials and then click OK to have the changes made in steps a, b and c saved.
A prompt will now appear to advise that the changes made will require a modification of agent configuration databases. You need to commit changes for all synchronization jobs associated with this server. To do so, simply right click the affected Exchange pair and select to Commit Changes.
- Note - only perform this step if there are collections using the Migration Agent for Exchange (MAgE), if there are only Legacy Mail Agent collections in the Migration Project (MSA, MTA, CSA) this step can safely be skipped.
Expand the Mailbox Synchronization section within the Exchange Migration Project, right click on each of the Mailbox Synchronization jobs one at a time and select Properties.
In the Source Exchange Organization section, if the Active Directory account or Exchange account that appears is the Service Account that has recently had its password updated – enter the updated credentials.
In the Target Exchange Organization section, if the Active Directory account or Exchange account that appears is the Service Account that has recently had its password updated – enter the updated credentials and click OK.
lll. Quest Migration Manager for Active Directory (Microsoft Office 365)
- Select the root node in the tree
- Go to Connections tab
- Select target or source connection information
- Click Edit connection
- Change credentials to reflect new account and or new password