Processing Resources Remotely (without Agents)
RUM Console
The following table lists ports required to be opened between RUM console and the other Migration Manager components so that RUM console is be able to communicate with those components properly:
| Direction of Communication | Port | Protocol(s) | Communication with |
|---|---|---|---|
| Outbound | User-configured (default ports:389, 636, if available) | TCP/UDP | ADAM/AD LDS instance |
| 389 | Source and target domain controllers | ||
| 3268 | Source and target global catalogs |
RUM Controller
The following table lists ports required to be opened between RUM Controller and the other Migration Manager components so that RUM controller is be able to communicate with those components properly:
| Direction of Communication | Port | Protocol(s) | Communication with |
|---|---|---|---|
| Outbound | 389 | TCP/UDP | Source and target domain controllers |
| 3268 | Source and target global catalogs | ||
| User-configured (default ports:389, 636, if available) | ADAM/AD LDS instance | ||
| 135-139 | Workstation processed | ||
| 1024-65535 | |||
| 53 | DNS Server |
Workstation
The following table lists ports required to be opened between each workstation you plan to process with RUM and RUM Controller so that they may be processed successfully:
| Direction of Communication | Port | Protocol(s) | Communication with |
|---|---|---|---|
| Inbound | 135-139 | TCP/UDP | RUM Controller |
| 1024-65535 |
Accounts Required for Migration Manager Operation
Migration Manager account
| Description | Where Specified | Rights and Permissions |
|---|---|---|
|
The account under which the administrator is logged on when Migration Manager is started. This account is used to connect to ADAM/AD LDS and open the migration project. (The appropriate users should be delegated rights within the project to open and work with the project). |
At administrator's logon |
Membership in the local Administrators group on the console machine. If there are cluster servers in the source or target Exchange organizations, the Migration Manager account must:
|
ADAM/AD LDS administrative account
| Description | Where Specified | Rights and Permissions |
|---|---|---|
|
Is used to connect to ADAM/AD LDS and create a new migration project. |
During ADAM/AD LDS instance installation. Later, when you first start Migration Manager, specify this account in the Open Project Wizard. |
After ADAM/AD LDS instance installation, this account is granted Full Control rights over the whole ADAM/AD LDS instance. The user who creates the project is automatically granted Full Control rights in the project and can later delegate rights within the project to other users. Note: Delegated users will have rights only within the ADAM/AD LDS project partition, but no rights to manage the ADAM/AD LDS instance. |
SQL configuration database account
| Description | Where Specified | Rights and Permissions |
|---|---|---|
|
Is used to:
|
In the Open Project Wizard | Database Creator role on the SQL server where the configuration database will be created |
|
|
NOTE: Database creator server role is required only if project database has not been created and you are planning to create it. In case the project database has been created, server role dbcreator is no longer required. Database role db_owner is enough to work with existing project database. You can grant this permission directly to the SQL configuration database account, or through the security group that can also be used for Agent Host accounts. |
Auxiliary account
| Description | Where Specified | Rights and Permissions |
|---|---|---|
|
Is used by different Migration Manager components to retrieve information from ADAM/AD LDS |
During Migration Manager setup, or in the Open Project Wizard |
Membership in the local Administrators group on the console machine. Important notes: This account must not be changed during migration. Account password must not expire or be changed during migration. |
Accounts Used by the Directory Synchronization Agent
The following accounts are used by the Directory Synchronization Agent (DSA) to connect to the domains.
|
|
TIP: The DSA account permissions provided below are high level permissions that can be easily and quickly granted. However, if they are too elevated and thus cannot be granted in your environment , take a look at minimum required permissions for DSA accounts in Migration Manager for Active Directory Granular Account Permissions. |
Source Active Directory Synchronization account
| Description | Where Specified | Rights and Permissions |
|---|---|---|
|
Is used:
|
You specify this account when you create and configure a domain pair. |
Membership in the Administrators group. You can use account that is not a member of Administrators group in case Preinstalled Service feature is configured and enabled. |
Target Active Directory Synchronization account
| Description | Where Specified | Rights and Permissions |
|---|---|---|
|
Is used:
|
You specify this account when you create and configure a domain pair. |
Membership in the Administrators group. You can use account that is not a member of Administrators group in case Preinstalled Service feature is configured and enabled. |
Source Accounts Used by Migration Manager for Exchange Agents
|
|
NOTE: Each computer on which Migration Manager for Exchange agents run must have DCOM Access and Launch permissions. These permissions are acquired by the agent through server's local Administrators group membership. |