How to setup MNE Admin Pool without using Global Administrator role
説明
When setting up Migrator for Notes to Exchange (MNE) for using the Admin Pool feature to migrate mailboxes into Microsoft 365. If the Global Administrator role is not permitted within the organization, these manual steps will allow for granular administrative permissions to use this feature.
対策
Here are the steps to setup an administrator without Global Administrator role.
Create a Microsoft 365 account for the MNE Exchange administrator, and assign 'User Administrator' role instead of 'Global Administrator' role. Example: MigAdmin@tenant.onmicrosoft.com
Add this account to Exchange 'Organization Management' role group (Exchange admin center | permissions | admin roles | Organization Management)
Create account pool role group (Exchange admin center | permissions | admin roles), and assign following roles:
Distribution Groups
Mail Recipient Creation
Mail Recipients
Security Group Creation and Membership
Create additional Microsoft 365 administrator accounts for the admin pool. The default naming convention that MNE uses is "MigAdmin-1001@tenant.onmicrosoft.com" and for the second admin add -1002 naming format), assign 'User Administrator' role. The password should be the same as the MNE Exchange administrator which is created in Step 1. In this next step, copy the MNE Exchange administrator encrypted password to the pool account's password. Note: The admin pool admin accounts do not need to be licensed at this time.
On the MNE server update MNE configuration settings.
Update Exchange Server tab | Exchange Administrator, use the new account created in Step 1. From the dropdown list select the Microsoft 365 domain. Click Save.
Open MNE Global Default Settings. Update [Exchange]AdminAcctPoolRoleGroupName= to the new role group created in Step 3.
Copy [Exchange]~AdminPassword value to [Exchange]~AdminAcctPoolPassword. Click Save.
Check the checkbox 'User admin account pool' and click 'Manage...', MNE will sync the Exchange account pool from Exchange to MNE. Then click close.
Add the MigAdmin account and Admin Pool via the MNE PowerShell permission Add-MNEMailboxAdminPermission cmdlet and grant FullAccess permission to the mailboxes. And this may take about 20 minutes to take effect and then run a mailbox migration.
追加情報
The admin pool license option was enabled on previous versions of MNE and should not be needed.