You can override the UserFolderPrefix or UserViewPrefix folder names for specific custom folders or views by renaming the parent folder name to the right of the custom folder parameter. For example:
If the parent folder is omitted from the parameter value (to the right of "="), the new folder is created at the same level as the Inbox. The same result can be achieved by leaving the UserFolderPrefix and/or UserViewPrefix settings blank. For example, this configuration:
would be equivalent to this configuration:
Specifies the AD attribute whose values the Data Migration Wizard should seek to match with values in the SearchKey column of a collection’s data table, to match corresponding user accounts when using LoadMethod=OtherFindAttribute (explained below for the LoadMethod parameter in this same [ActiveDirectory] section). For example:
This value corresponds to the GUI element in the Notes Migration Manager| Active Directory configuration screen, the Automatically grant permissions check box. This parameter is available only for an on-premises Exchange target and is selected by default.
Alternately, you can manually grant an account the AD container permissions in Exchange. Clear the Automatically grant permissions check box in the Active Directory configuration screen and enter the following PowerShell cmdlets:
This value corresponds to a GUI element in the Notes Migration Manager, the Always use these values check box in the Active Directory Configuration screen. The value determines whether the wizards that need this information always use the access credentials entered into the corresponding AD Configuration screen. For example, if:
... a wizard skips the screen that requests this information, saving the administrator the trouble of having to reenter the values and manually dismiss the screen. By default (AlwaysUseDefaults=0), the wizard takes the values entered in Notes Migration Manager as its defaults, but displays the screen to provide the option of accepting or changing the default credentials.
Determines whether MNE keeps the Alias/mailNickname stamped onto an object in AD, rather than replacing that value with a value from Notes when provisioning groups and mailbox-enabling users. For example:
... to enable free/busy synchronization through the Connector.
Each Attr<#> parameter specifies a Contact attribute whose values the Provisioning Wizard will merge into the corresponding AD security object record, when the wizard merges the Contact into the object and deletes the Contact. You may define one or more Attr<#> parameters to specify one or multiple attributes whose data you want to carry into the merged object records. Example:
If you are provisioning AD using the Quest CMN Directory Connector, this parameter specifies the AD attribute to use to control when merged and mailbox-enabled objects should synchronize back into Notes. (The parameter is ignored if you are provisioning by some other method.) The parameter value is a string consisting of extensionAttribute followed by one or two digits to designate the particular attribute. For example:
The parameter defaults to extensionAttribute15, which is suitable as long as your organization is not already using extensionAttribute15 for some other purpose. If you are already using extensionAttribute15 (and are using the CMN Directory Connector), change the parameter value to some other unused AD attribute. To disable this feature altogether (not use an AD attribute for this purpose), set CmnExcludeFromDirSync=0.
The previous example requires each object’s objectClass parameter value to be "contact." Conversely, the set to be considered can be defined by exclusion. For example, ContactFilter=(!(objectClass=user)) tells the wizard to disregard any object whose objectClass parameter value is "user," but to consider all others.
If your AD accounts are replicated on multiple servers, and you experience the "Alias1" problem when enabling mailboxes, use the CreateMailboxDelay parameter to force a delay between the mail-disabling function and the mailbox creation to allow enough time for other servers to catch up and disable their replicated accounts.
This value corresponds to a GUI element in the Notes Migration Manager: the Domain Controller host name text box in the Active Directory Configuration screen. The value specifies the PowerShell Domain Controller that Migrator for Notes to Exchange components will call to perform operations in a proprietary Exchange target (required if migrating to proprietary Exchange, irrelevant and ignored if migrating to Microsoft 365.) The program writes this value to the Task Parameters based on an admin's GUI entry; Quest recommends you do not manually enter or change this value except at the direction of Quest Support.
This value corresponds to a GUI element in the Provisioning Wizard, the Account is disabled check boxcheck box in the Specify Container for User Objects screen. The wizard writes this value to the Task Parameters from an administrator’s GUI entry. Quest recommends you do not manually enter or change this value except at the direction of Quest Support.
This parameter applies when migrating to an On-Premise Exchange or Microsoft 365 with Use Azure Active Directory Synchronization.
... tells the Provisioning Wizard that users newly created by the wizard (if [Active Directory] ProvisionUsers=1) should be logon-enabled. By default (1), any such newly created users are logon-enabled.
Occurs in: Prov. This is an internal scratch parameter (see Transient “scratch” parameters).
If the Data Migration Wizard is mailbox-enabling and finds the primary SMTP address of an Active Directory entry to be different from the expected SMTP address, this ForceAddress parameter determines whether the wizard should change the AD entry to the primary SMTP address specified in the targetAddress column of the SQL Server database. For example, if:
... the wizard does not change the AD address entry to the expected SMTP address. The feature is set to (ForceAddress=1) by default.
This value corresponds to a GUI element in the Notes Migration Manager: the Path to an existing OU for creating external members for distribution groups text box in the Active Directory Configuration screen. The program writes this value to the Task Parameters from an admin's GUI entry; Quest recommends you do not manually enter or change this value except at the direction of Quest Support.
The value here is a fully qualified domain name to identify the sub OU in AD where new Contacts will be created if CanAddGroupMembers=1 (also in this [ActiveDirectory] section). For example:
Determines whether the Groups Provisioning Wizard will provision groups so that group managers who are not in Domain Admins can still update group membership. (This privilege corresponds to a check box in Active Directory: the Manager can update membership list check box in the Managed By tab of AD's Group Properties.) The feature is enabled by default (GroupManagerCanUpdateMembershipList=1), but you can set the value to 0 to tell Migrator for Notes to Exchange to not extend the updating privilege to group managers who are not in Domain Admins.
This value corresponds to a GUI element in the Notes Migration Manager: the Path to existing organizational unit for distribution groups text box in the Active Directory Configuration screen. The wizard writes this value to the Task Parameters from an admin's GUI entry; Quest recommends you do not manually enter or change this value except at the direction of Quest Support.
In version 3.2 this parameter was named GroupsRDN, and could accept a relative domain name for the parameter value. The renamed parameter now requires a fully qualified domain name. For example:
The above example tells the program to consider only an object whose objectClass parameter value is "group." Conversely, the set may be defined by exclusion, as in GroupsSearchFilter=(!(objectClass=user)) to tell the wizard to disregard any object whose objectClass parameter value is "user," but to consider all others.
This value corresponds to two GUI elements in the AD Groups Provisioning Wizard, the Group Scope and Group Type radio buttons in the Choose your method for finding objects screen. The program writes this value to the Task Parameters from an admin's GUI entries; Quest recommends you do not manually enter or change this value except at the direction of Quest Support.
For example, the default setting GroupType=GDL signifies a Global Distribution List. Similarly, GroupType=LSG tells the wizard to set all GroupType values to LSG (Local Security Group).
After the wizard runs, you can edit the SQL Server database or a group collection’s data table to change the GroupType setting for any one or more groups individually, and thereby provision groups of different types within a single run of the Data Migration Wizard. But the wizard will initially set all the GroupType values to whatever value is defined by this parameter setting.
This value corresponds to a GUI element in the Data Migration Wizard, the Mailbox store drop-down list box in the Specify Exchange Mailbox Information screen. The program writes this value to the Task Parameters from an admin's GUI entry; Quest recommends you do not manually enter or change this value except at the direction of Quest Support.
... specifies the listed value as the home mailbox store for mailbox-enabling users. The mailbox store specified here can be overridden on a per-user basis by the contents of the ExchangeMailboxStore column in the SQL Server database.
This value corresponds to a GUI element in the Data Migration Wizard, the Server drop-down list box in the Specify Exchange Mailbox Information screen. The program writes this value to the Task Parameters from an admin's GUI entry; Quest recommends you do not manually enter or change this value except at the direction of Quest Support.
The value is used when mailbox-enabling users in Exchange, and the options that appear in the drop-down list box are inferred by the program from the operating environment for the associated AD access credentials. For example: HomeServer=Goober/First Admin Group/MOBE specifies the listed value as the home server for mailbox-enabling users.
This value corresponds to a GUI element in the Notes Migration Manager: the Global Catalog host name text box for Active Directory credentials (not User Forest credentials) in the Active Directory Configuration screen. The program writes this value to the Task Parameters based on an admin's GUI entry; Quest recommends you do not manually enter or change this value except at the direction of Quest Support.
This value corresponds to a GUI element in the Data Migration Wizard, the How users were loaded... drop-down list in the How were Accounts Loaded into Active Directory screen. The wizard writes this value to the Task Parameters based on an administrator’s GUI entry. If a value is entered for this parameter prior to the wizard being run, the value specified here is the default selection that appears in the drop-down list. This parameter can also be used to add an extra option (OtherFindAttribute) to the drop-down list.
... the wizard adds the OtherFindAttribute method to the list, and makes it the default selection. By the OtherFindAttribute method, the wizard associates AD objects with the Notes counterparts by comparing the values of a particular AD attribute with the values in the SearchKey column of the collection data table. The AD attribute must be specified by the ADAttribute parameter in this [ActiveDirectory] section. The two parameters are therefore typically specified together, as in this example:
Determines the maximum number of times the Provisioning Wizard attempts to mail-enable an object in AD before giving up and logging a failure error. The default is 3 but the parameter accepts any value in the range 1 to 1000, inclusive. Note that the MailEnableRetryWaitSeconds parameter, also in this [ActiveDirectory] section, determines the number of seconds the wizard waits between these attempts.
Determines the number of seconds the Provisioning Wizard waits between attempts to mail-enable an object in AD. The default is 30, but the parameter accepts any value in the range 1 to 30000 (30000 seconds = 500 minutes) inclusive. Note that the MailEnableAttempts parameter, also in this [ActiveDirectory] section, determines the maximum number of mail-enable attempts for an object before the wizard gives up and logs a failure error.
... for rare circumstances where the option is preferred. If MBoxFromContact=1, any UserFilter or ContactFilter parameters that were previously been defined in the [ActiveDirectory] section should be removed.
... the wizard overwrites AD user object data with the corresponding contact data when merging if both the contact and the AD user object fields contain single values (neither field is null and neither contains multiple values). If either contains multiple values, the wizard does add contact values to the existing AD user object values. By default (MergeContactAttribWins=0), the wizard will not overwrite any AD user object data when both the Contact and the corresponding AD user object fields contain values.
Determines whether the Provisioning Wizard will overwrite (1) or not overwrite (0) AD user object data with the corresponding contact data when merging, even if the contact element is null. By default (MergeContactIsAuthoritative=0), the wizard will not overwrite the AD user object data unless the AD object value is null.
This value corresponds to a GUI element in the Provisioning Wizard, the How contacts were loaded… drop-down list box in the Choose your method for finding objects screen. The wizard writes this value to the Task Parameters from an admin's GUI entry; Quest recommends you do not manually enter or change this value except at the direction of Quest Support.
MergeFindbySMTP determines which of two methods the wizard will use to find a Contact when merging: by the SMTP address (MergeFindbySMTP=1), or the default method (MergeFindbySMTP=0) of finding a Contact by its Notes source address. The value of this parameter also sets defaults for two other related parameters in this [ActiveDirectory] section:
Default for |
Default for | |
When merging, the default setting (MergeGrpMembership=1) tells the wizard to add a user to a group if the corresponding Contact is a member of the group. The alternate setting disables this feature:
The default value for this parameter is determined by the MergeFindbySMTP setting, also in this [ActiveDirectory] section. The MergeReqImportedfrom default is the boolean opposite (1 vs. 0) of the MergeFindbySMTP setting.
... tells the program to require that each contact contain two Notes addresses, and to skip a contact and note an error in the log if the contact does not contain two Notes addresses. (Microsoft's Connector ordinarily associates two Notes addresses with each contact.) Conversely, MergeReqProxyAddress=0 tells the program to not require two addresses per contact. The default value for this parameter is determined by the MergeFindbySMTP setting, also in this [ActiveDirectory] section. The MergeReqProxyAddress default is the boolean opposite (1 vs. 0) of the MergeFindbySMTP setting.
... tells the program to require a contact, so the program will merge the contact by its source address with a corresponding security object, by the SearchKey column. By default (0), a contact is not required, and the program will mail-enable a security object based only on the SearchKey column.
… tells the wizard to merge X500 addresses into the AD user objects. By default (MergeX500=0) the wizard will not merge X500 addresses.
A numeric representation of the method by which the wizard opens Active Directory. (If this system is configured for a User Forest and a Resource Forest, this parameter applies to the Resource Forest, and another OpenFlags parameter in the [ActiveDirectory2] section applies to the User Forest.) For more information and a list of valid options, see this Microsoft article.
The default 65 represents the combination of ADS_SECURE_AUTHENTICATION and ADS_USE_SIGNING.
This value corresponds to a GUI element in the Notes Migration Manager: the Password text box for Active Directory credentials (not User Forest credentials) in the Active Directory Configuration screen. The program writes this value to the Task Parameters based on an admin's GUI entry. The parameter value here is obfuscated, as a security precaution, and Quest recommends you do not manually enter or change this value except at the direction of Quest Support.
This parameter applies when migrating to an On-Premise Exchange or Microsoft 365 with Use Azure Active Directory Synchronization.
... tells the Provisioning Wizard to create a new user object in AD when none is found by the wizard to correspond with a user in the collection. Such new user objects are created in the container specified by the [Active Directory] UserContainer parameter and are not mail-enabled unless [Active Directory] EnableUsers=1. By default (0), the wizard will not create such objects.
Compare this [Active Directory]ProvisionUsers parameter to the [Active Directory] CanAddGroupMembers parameter, which defines a new contact (not a user object) for any group member who cannot be found in AD.
In some environments, transmissions to AD can occasionally be interrupted, which may lead to incomplete provisioning. This PSRetryAttempts parameter is used in conjunction with PSRetryWait (see below) to control retries of transmissions to AD. For example, the default settings:
If the error persists through all retry attempts, the wizard will note the error in the log, skip the current message property or element, and move on to process the next item. Depending on the Log level setting, the retry attempts may appear in the program logs with no other documented error or warning.
|
This PSRetryWait parameter is used in conjunction with PSRetryAttempts to control retries of transmissions to AD, as described above for the PSRetryAttempts parameter. The default is 15 seconds for migration to a proprietary Exchange or 40 seconds for migration to Microsoft 365.
... tells the Data Migration Wizard to remove all Notes source addresses (notes:proxyAddresses) so that mailbox-enabled accounts in Active Directory can be synchronized back to Notes as external users. If RemoveSrcAddresses=0 (default), only the notes:uid- address is removed. An object’s notes:uid- address must be removed once the object has been mailbox-enabled. Other Notes addresses are used to route mail via the Microsoft Connector, if the Connector is used, but otherwise are harmless to leave in place.
Limits the search scope of Migrator for Notes to Exchange's Provisioning Wizard to a single domain when searching a multi-domain forest for objects. This feature prevents collisions that could otherwise occur. For example, the search finds John Smith (JSmith) in one domain and Jim Smith (JSmith) in a different domain. For example:
Determines how Migrator for Notes to Exchange's Provisioning Wizard or Data Migration Wizard, after mail-enabling objects or creating mailboxes, will set the Exchange option Automatically update e-mail addresses based on e-mail address policy. (The Automatically update... feature is an Exchange feature, offered as a check box in the Exchange Management Console, on the E-Mail Addresses tab of the Data Properties for each mailbox.) This SetRecipPolicy parameter specifies whether the wizard should automatically enable or disable that Exchange feature for the AD objects in the designated user collection.
For example, SetRecipPolicy=1 tells the wizards to enable the Exchange auto-update feature (mark the Exchange check box) for the AD objects after processing. If SetRecipPolicy=0, the wizard disables the Exchange auto-updating feature (unmarks the Exchange check box). The default is 1 for any Exchange target type, including Microsoft 365.
Note: When mailbox-enabling (in the Data Migration Wizard), make sure that the setting for this SetRecipPolicy parameter matches the setting for [Exchange] EmailAddressPolicyEnabled.
Determines how Migrator for Notes to Exchange's AD Groups Provisioning Wizard or Data Migration Wizard, after provisioning group objects, will configure the groups to Automatically update e-mail addresses based on e-mail address policy. (The Automatically update... feature is an Exchange feature, offered as a check box in the Exchange Management Console, on the E-Mail Addresses tab of the Data Properties for each mailbox.) This SetRecipPolicyForGroups parameter tells the wizard whether to automatically enable or disable that Exchange feature for AD group objects in the current collection.
The default is 1 for any Exchange target type, including Microsoft 365.
Note: When provisioning groups, make sure that the setting for this SetRecipPolicyForGroups=<#> parameter matches the setting for [Exchange] EmailAddressPolicyEnabled=<#>.
Determines whether the wizard will set the userAccountControl attribute value in Active Directory, to the value specified by the UserAccountControl parameter (also in this [ActiveDirectory] section). For example:
... tells the wizard to read the UserAccountControl parameter value to set the AD userAccountControl attribute value. (The UserAccountControl parameter value defaults to 512 if unspecified.) This feature is off (SetUserAccountControl=0) by default.
By default, the AD Groups Provisioning wizard may include
To skip these users, set SkipDisabledGroupMembers=1.
This value corresponds to a GUI element in the Provisioning Wizard, the Choose a database column... list box in the Choose your method for finding objects screen. The wizard writes this value to the Task Parameters from the GUI entry; Quest recommends you do not manually enter or change this value except at the direction of Quest Support.
Tells the wizard to set the userAccountControl attribute value in Active Directory to the parameter value specified here. The wizard will read this parameter specification only if SetUserAccountControl=1 (also in this [ActiveDirectory] section). If the parameter is unspecified, its value defaults to 512. For example:
... tells the wizard to set the AD userAccountControl attribute value to 1024.
This value corresponds to a GUI element in the Provisioning Wizard, the User cannot change password check box in the Specify Container for User Objects screen. The wizard writes this value to the Task Parameters from an admin's GUI entry. Quest recommends you do not manually enter or change this value except at the direction of Quest Support.
This parameter applies when migrating to an On-Premise Exchange or Microsoft 365 with Use Azure Active Directory Synchronization.
...tells the Provisioning Wizard that users newly created by the wizard (if [ActiveDirectory] ProvisionUsers=1) cannot change their password. By default (0), any newly created users can change their password.
This parameter and the parameter [ActiveDirectory] UserChangePasswordAtNextLogon are mutually exclusive. Enabling (1) this parameter automatically rules out the other (and its corresponding GUI check box).
This value corresponds to a GUI element in the Provisioning Wizard, the User must change password at next logon check box in the Specify Container for User Objects screen. The wizard writes this value to the Task Parameters from an admin's GUI entry. Quest recommends you do not manually enter or change this value except at the direction of Quest Support.
This parameter applies when migrating to an On-Premise Exchange or Microsoft 365 with Use Azure Active Directory Synchronization.
...tells the Provisioning Wizard that users newly created by the wizard (if [ActiveDirectory] ProvisionUsers=1) must change their password at next logon. By default (1), any newly created users must change their password at next logon.
This parameter applies only when migrating to a proprietary Exchange.
Specifies the relative domain name (RDN) of the container where the Provisioning Wizard will create a new object when the wizard finds none to correspond with a user in the collection, and if ProvisionUsers=1 (as defined earlier in this [ActiveDirectory] section). For example:
... will put all new users in the Users container. The designated container must already exist. This UserContainer parameter is required if ProvisionUsers=1.
The above example tells the program to consider only an object whose objectClass parameter value is "user." Conversely, the set to be considered may be defined by exclusion, as in UserFilter=(!(objectClass=contact)) to tell the wizard to disregard any object whose objectClass parameter value is "contact," but to consider all others.
Determines whether the wizard will set the UserPrincipleName attribute value to be internet address in Active Directory. For example:
... tells the Provisioning Wizard to set the UPN value to be an internet address when creating the AD User. Also, when set to 1, this parameter takes precedence over the parameter [ActiveDirectory] UseO365DomainForUPN.
By default (0), the wizard does not set the UPN to an internet address.
This parameter and the parameter [Exchange] DirSyncEnableRemoteMailbox together support hybrid Microsoft 365 migration (O365 provisioned by a local proprietary AD) with a local Exchange server and remote mailboxes (on O365) for some or most users.
This value corresponds to a GUI element in the Notes Migration Manager: the User name text box for Active Directory credentials (not User Forest credentials) in the Active Directory Configuration screen. The program writes this value to the Task Parameters from an admin's GUI entry; Quest recommends you do not manually change this value except at the direction of Quest Support.
This value corresponds to a GUI element in the Provisioning Wizard, the Password never expires check box in the Specify Container for User Objects screen. The wizard writes this value to the Task Parameters from an admin's GUI entry. Quest recommends you do not manually enter or change this value except at the direction of Quest Support.
This parameter applies when migrating to an On-Premise Exchange or Microsoft 365 with Use Azure Active Directory Synchronization.
...tells the Provisioning Wizard that for users newly created by the wizard (if [ActiveDirectory] ProvisionUsers=1), their password never expires. By default (0), any newly created users have a password expiry time.
This parameter and the parameter [ActiveDirectory] UserChangePasswordAtNextLogon are mutually exclusive. Enabling (1) this parameter automatically rules out the other (and its corresponding GUI check box).
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. Termini di utilizzo Privacy Cookie Preference Center