Migration Manager for Exchange 8.15 - Target Exchange 2016 Environment Preparation

Setting Up the Target Active Directory Account

This section describes how to set the required permissions for the Target Active Directory Account used by Migration Manager for Exchange agents. This account is used for the following:

• Working with the target Active Directory
• Switching mailboxes

Mailbox and Calendar Synchronization

The following permissions are required for target Active Directory account used by Migration Agent for Exchange during mailbox or calendar synchronization:

• Read access to the target domain (including all descendant objects)
• Read permission for the Microsoft Exchange container in the Configuration partition of target Active Directory (including all descendant objects)

The following permissions are required for target Active Directory account used by PFSA and PFTA during public folder synchronization:

• The Write proxyAddresses permission on the Descendant publicFolder objects for the Microsoft Exchange System Objects organizational unit in all domains in which target Exchange servers involved in public folder synchronization reside.

  NOTE: Alternatively, you can grant the Write permission on that organizational unit.

To set up the Target Active Directory Account, perform the steps described in the related subtopics.

Changing the Default Target Active Directory Account

Changing Default Active Directory Account

The default Source or Target Active Directory Account (initially displayed on the Associated domain controller page of the Exchange server's properties) is set when you add the source or target organization to the migration project (see the Registering Source and Target Organizations section of the Migration Manager for Exchange User Guide for details).

To change the Source or Target Active Directory Account, click Modify on the General | Associated domain controller page of the corresponding source (target) server properties in the Migration Manager for Exchange Console.

To go on using the default Source (Target) Active Directory Account for Exchange migration, grant the permissions required for Exchange migration to this account (see the next steps).

Granting Read Access to Active Directory Domain

To grant this permission to an account, complete the following steps:

1. In the Active Directory Users and Computers snap-in, right-click the domain name, and then click Properties.
2. On the Security tab, click Add and select the account.
3. Select the account, and then check the Allow box for the Read permission in the Permissions box.
4. Click the Advanced button. In the Advanced Security Settings dialog box, select the account you specified on step 2, and click Edit.
5. In the Permission Entry dialog box, select This object and all descendant (child) objects from the Apply to drop-down list.
6. Close the dialog boxes by clicking OK.

Granting Read Permission for Microsoft Exchange Container

To grant this permission to an account, complete the following steps:

1. From the Start menu, select Run. In the Run dialog box, type ADSIEdit.msc. Click OK.

2. In the ADSIEdit snap-in, open the CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<…>,DC=<…> container.

3. Right-click the Microsoft Exchange container and select Properties.
4. In the Properties dialog box, click the Security tab.
5. On the Security tab, click Add and select the account to which you wish to assign permissions.
6. Select the account name, and then enable the Allow option for the Read permission in the Permissions box.
7. Click the Advanced button. In the Advanced Security Settings dialog box, select the account you specified on step 5 and click Edit.
8. In the Permission Entry dialog box, select This object and all child (descendant) objects from the Apply onto drop-down list.

9. Close the dialog boxes by clicking OK.