Overview
This document describes minimal set of permissions required for mailbox, calendar and public folder synchronization from a source Exchange 2010 organization to a target Exchange 2013 organization using Migration Manager for Exchange.
|
|
Note: Permissions required for native mailbox move are out of scope of this document. |
For general information on account permissions required for Migration Manager for Exchange operation, refer to System Requirements and Access Rights document.
Source Exchange 2010 Permissions
Exchange Account
Mailbox and Calendar Synchronization
The following permissions are required for source Exchange account used by Migration Agent for Exchange during mailbox or calendar synchronization:
| Permission | How to Grant |
|---|---|
| Read access to the source domain (including all descendant objects) | Link |
| Read permission for the Microsoft Exchange container in the Configuration partition of source Active Directory (including all descendant objects) | Link |
|
Permissions to process every mailbox involved in the migration by granting
|
|
| The ApplicationImpersonation management role | Link |
|
|
TIP: The Read permission for the Microsoft Exchange container is required only if you plan to add the source Exchange organization in the Add Source Organization Wizard under this account. |
Public Folder Synchronization
The following permissions are required for source Exchange account used by PFSA and PFTA during public folder synchronization:
| Permission | How to Grant |
|---|---|
| Membership in the local Administrators group on all source Exchange servers involved in the migration. If a server is a domain controller, the account should be added to the domain local Administrators group of the domain. | Link |
| Membership in the Public Folder Management group | Link |
| Permissions to process public folders involved in the migration by granting Full Control permission on public folder databases where those public folders reside. | Link |
Active Directory Account
Mailbox and Calendar Synchronization
The following permissions are required for source Active Directory account used by Migration Agent for Exchange during mailbox or calendar synchronization:
| Permission | How to Grant |
|---|---|
| Read access to the source domain (including all descendant objects) | Link |
| Read permission for the Microsoft Exchange container in the Configuration partition of source Active Directory (including all descendant objects) | Link |
|
|
Important: If migration is performed in the child domain, ensure that Active Directory account has the Read access to the parent (root) domain as well. |
Public Folder Synchronization
The following permissions are required for source Active Directory account used by PFSA and PFTA during public folder synchronization:
| Permission | How to Grant |
|---|---|
|
The Write proxyAddresses permission on the Descendant publicFolder objects for the Microsoft Exchange System Objects organizational unit in all domains in which source Exchange servers involved in public folder synchronization reside. NOTE: Alternatively, you can grant the Write permission on that organizational unit. |
Link |
Target Exchange 2013 Permissions
Exchange Account
Mailbox and Calendar Synchronization
The following permissions are required for target Exchange account used by Migration Agent for Exchange during mailbox or calendar synchronization:
| Permission | How to Grant |
|---|---|
| Read access to the target domain (including all descendant objects) | Link |
| Read permission for the Microsoft Exchange container in the Configuration partition of target Active Directory (including all descendant objects) | Link |
|
Permissions to log on to every mailbox involved in the migration by granting Full Control permission on a mailbox database |
Link |
| The Move Mailboxes management role | Link |
| The Mail Recipients management role | Link |
| The ApplicationImpersonation management role |
|
|
TIP: The Read permission for the Microsoft Exchange container is required only if you plan to add the target Exchange organization using the Add Target Organization Wizard under this account. |
Public Folder Synchronization
The following permissions are required for target Exchange account used by PFSA and PFTA during public folder synchronization:
| Permission | How to Grant |
|---|---|
| Membership in the local Administrators group on all target Exchange servers involved in the migration. If a server is a domain controller, the account should be added to the domain local Administrators group of the domain. | Link |
| The Mail Enabled Public Folders management role | Link |
| Permissions to process public folders involved in the migration by granting Full Control permission on mailbox databases where those public folders reside. | Link |
Active Directory Account
Mailbox and Calendar Synchronization
The following permissions are required for target Active Directory account used by Migration Agent for Exchange during mailbox or calendar synchronization:
| Permission | How to Grant |
|---|---|
| Read access to the target domain (including all descendant objects) | Link |
| Read permission for the Microsoft Exchange container in the Configuration partition of target Active Directory (including all descendant objects) | Link |
Public Folder Synchronization
The following permissions are required for target Active Directory account used by PFSA and PFTA during public folder synchronization:
| Permission | How to Grant |
|---|---|
|
The Write proxyAddresses permission on the Descendant publicFolder objects for the Microsoft Exchange System Objects organizational unit in all domains in which target Exchange servers involved in public folder synchronization reside. NOTE: Alternatively, you can grant the Write permission on that organizational unit. |
Link |
How to Grant Required Permissions
This section contains reference information how to grant an account the following permissions:
- Ferramentas de autoatendimento
- Base de conhecimento
- Notificações e alertas
- Suporte a produtos
- Downloads de software
- Documentação técnica
- Fóruns de usuário
- Tutorial em vídeo
- Feed RSS