Converse agora com nosso suporte
Chat com o suporte

Preparing Migration 8.15 - System Requirements and Access Rights

Migration Manager Console Migration to Microsoft Office 365 License Server Migration Manager Database Servers Migration Manager Agent Servers Statistics Portal Server Resource Updating Manager Resource Updating Wizards Processed Platforms Additional Environment Security Configuration Ports Used by General Migration Manager Components Ports Used by Migration Manager for Exchange Components Ports Used by Migration Manager for Active Directory Components Ports Used by Resource Updating Manager Accounts Required for Migration Manager Operation Accounts Used by the Directory Synchronization Agent Source Accounts Used by Migration Manager for Exchange Agents Target Accounts Used by Migration Manager for Exchange Agents Agent Host Account Used by Legacy Migration Manager for Exchange Agents Agent Host Account Used by Migration Agent for Exchange (MAgE) Accounts Used for Migrating to Microsoft Office 365 Accounts Used by RUM Agent Service Accounts Used by RUM Controller Service Account Used by Statistics Collection Agent Service Accounts Used by Statistics Portal Accounts Accounts and Rights Required for Active Directory Migration Tasks Accounts and Rights Required for Exchange Migration Tasks Using the Exchange Processing Wizard with Exchange 2010 or later Appendix. How to Set the Required Permissions for Active Directory Migration

Accounts for Target Exchange 2010 Server (Legacy)

TIP: If you plan to migrate from Exchange 2010 organization, take a look at minimum required permissions for accounts in the Granular Account Permissions for Exchange 2010 to 2010 Migration and Granular Account Permissions for Exchange 2010 to 2013 Migration documents, respectively.

Exchange account

Used To Where Specified Rights and Permissions
  • Work with target Exchange mailboxes and public folders (used by the Mail Target Agent, Public Folder Source Agent, and Public Folder Target Agent)
  • Mail-enable the newly-created public folders (used by the public folder agents only: Public Folder Source Agent and Public Folder Target Agent)
  • Synchronize Calendar information (used by the Calendar Synchronization Agent)
  • Synchronize free/busy data (optional) (used by the Free/Busy Synchronization Agent)
  • Move mailboxes
On the General>Connection page of the target Exchange server Properties in the Migration Manager Console
  • Read access to the target domain.
  • Membership in the local Administrators group on all target Exchange servers involved in the migration. If a server is a domain controller, the account should be added to the domain local Administrators group of the domain.
  • Full Control permission on the organizational units (OUs) (and their child objects) where the target synchronized objects are located.
  • Full Control permission on the Microsoft Exchange System Objects organizational unit in all domains in which target Exchange 2010 servers involved in public folder synchronization reside.
  • Full Control permission on target Exchange 2010 organization
  • Membership in the Public Folder Management group.
  • Permissions to log on to every mailbox involved in the migration.
  • Membership in the Recipient Management group.

Note: If you have any Exchange 2010 Service Pack 2 servers in the target Exchange organization, the Address Book Policy (ABP) assigned to the account must include Global Address List (GAL) containing all recipients of the target Exchange organization.

Active Directory account

Used To Where Specified Rights and Permissions
  • Work with the target Active Directory
  • Re-home mailboxes
  • Switch mailboxes and synchronize mailboxes in Remote Users Collections (Mail Source Agent, Mail Target Agent)
On the General>Associateddomain controller page of the target Exchange server Properties in the Migration Manager Console
  • Read access to the target domain
  • Full Control rights on the OUs (and their child objects) where the target synchronized objects are located.
  • Read permission for the Microsoft Exchange container in Active Directory

NOTE: If migration is performed in the child domain, ensure that Active Directory account has the Read access to the parent (root) domain as well.

To learn how to grant rights and permissions required for this account, refer to the Target Exchange 2010 Preparation (Legacy) document.

Accounts for Target Exchange 2010 Server (MAgE)

Exchange account

Used To Where Specified Rights and Permissions
  • Work with target Exchange mailboxes and public folders (used by Migration Agent for Exchange, Public Folder Source Agent, and Public Folder Target Agent)
  • Make the newly-created public folders mail-enabled (used by the public folder agents only: Public Folder Source Agent and Public Folder Target Agent)
  • Move mailboxes
On the General>Connection page of the target Exchange server Properties in the Migration Manager Console

For mailbox and calendar synchronization:

  • Read access to the target domain (including all descendant objects)
  • Read permission for the Microsoft Exchange container in the Configuration partition of target Active Directory (including all descendant objects)
  • The Move Mailboxes management role
  • The Mail Recipients management role
  • The ApplicationImpersonation management role

TIP: The Read permission for the Microsoft Exchange container is required only if you plan to add the target Exchange organization using the Add Target Organization Wizard under this account.

For public folder synchronization:

  • Membership in the local Administrators group on all source Exchange servers involved in the migration. If a server is a domain controller, the account should be added to the domain local Administrators group of the domain.
  • Membership in the Public Folder Management group
  • Permissions to process public folders involved in the migration by granting Full Control permission on public folder databases where those public folders reside.

Active Directory account

Used To Where Specified Rights and Permissions
  • Work with the target Active Directory
  • Switch mailboxes
On the General>Associateddomain controller page of the target Exchange server Properties in the Migration Manager Console

For mailbox and calendar synchronization:

  • Read access to the target domain (including all descendant objects)
  • Read permission for the Microsoft Exchange container in the Configuration partition of target Active Directory (including all descendant objects)

For public folder synchronization:

  • The Write proxyAddresses permission on the Descendant publicFolder objects for the Microsoft Exchange System Objects organizational unit in all domains in which target Exchange servers involved in public folder synchronization reside.

NOTE: Alternatively, you can grant the Write permission on that organizational unit.

To learn how to grant rights and permissions required for this account, refer to the Target Exchange 2010 Preparation (MAgE) document.

Accounts for Target Exchange 2013 Server

Exchange account

Used To Where Specified Rights and Permissions
  • Work with target Exchange mailboxes and public folders (used by the Migration Agent for Exchange, Public Folder Source Agent, and Public Folder Target Agent)
  • Mail-enable the newly-created public folders (used by the public folder agents only: Public Folder Source Agent and Public Folder Target Agent)
  • Move mailboxes
On the General>Connection page of the target Exchange server Properties in the Migration Manager Console

For mailbox and calendar synchronization:

  • Read access to the target domain (including all descendant objects)
  • Read permission for the Microsoft Exchange container in the Configuration partition of target Active Directory (including all descendant objects) . This is required only if you plan to add the target Exchange organization using the Add Target Organization Wizard under this account.
  • Permissions to log on to every mailbox involved in the migration by granting Full Control permission on a mailbox database
  • The Move Mailboxes management role
  • The Mail Recipients management role
  • The ApplicationImpersonation management role

For public folder synchronization:

  • Membership in the local Administrators group on all target Exchange servers involved in the migration. If a server is a domain controller, the account should be added to the domain local Administrators group of the domain.
  • The Mail Enabled Public Folders management role
  • Permissions to process public folders involved in the migration by granting Full Control permission on mailbox databases where those public folders reside.

Active Directory account

Used To Where Specified Rights and Permissions
  • Work with the target Active Directory
  • Re-home mailboxes
  • Switch mailboxes (Migration Agent for Exchange)
On the General>Associateddomain controller page of the target Exchange server Properties in the Migration Manager Console

For mailbox and calendar synchronization:

  • Read access to the target domain (including all descendant objects)
  • Read permission for the Microsoft Exchange container in the Configuration partition of target Active Directory (including all descendant objects)

For public folder synchronization:

  • The Write proxyAddresses permission on the Descendant publicFolder objects for the Microsoft Exchange System Objects organizational unit in all domains in which target Exchange servers involved in public folder synchronization reside.

NOTE: Alternatively, you can grant the Write permission on that organizational unit.

To learn how to grant rights and permissions required for this account, refer to the Target Exchange 2013 Preparation document.

Accounts for Target Exchange 2016 Server

Exchange account

Used To Where Specified Rights and Permissions
  • Work with target Exchange mailboxes and public folders (used by the Migration Agent for Exchange, Public Folder Source Agent, and Public Folder Target Agent)
  • Mail-enable the newly-created public folders (used by the public folder agents only: Public Folder Source Agent and Public Folder Target Agent)
  • Move mailboxes
On the General>Connection page of the target Exchange server Properties in the Migration Manager Console

For mailbox and calendar synchronization:

  • Read access to the target domain (including all descendant objects)
  • Read permission for the Microsoft Exchange container in the Configuration partition of target Active Directory (including all descendant objects) . This is required only if you plan to add the target Exchange organization using the Add Target Organization Wizard under this account.
  • Permissions to log on to every mailbox involved in the migration by granting Full Control permission on a mailbox database
  • The Move Mailboxes management role
  • The Mail Recipients management role
  • The ApplicationImpersonation management role

For public folder synchronization:

  • Membership in the local Administrators group on all target Exchange servers involved in the migration. If a server is a domain controller, the account should be added to the domain local Administrators group of the domain.
  • The Mail Enabled Public Folders management role
  • Permissions to process public folders involved in the migration by granting Full Control permission on mailbox databases where those public folders reside.
  • Permission to log on to public folder administrator mailbox by granting Full Control on it.

NOTE: Exchange account used for public folder synchronization must be mailbox-enabled to be able obtaining target public folder hierarchy.

Active Directory account

Used To Where Specified Rights and Permissions
  • Work with the target Active Directory
  • Re-home mailboxes
  • Switch mailboxes (Migration Agent for Exchange)
On the General>Associateddomain controller page of the target Exchange server Properties in the Migration Manager Console

For mailbox and calendar synchronization:

  • Read access to the target domain (including all descendant objects)
  • Read permission for the Microsoft Exchange container in the Configuration partition of target Active Directory (including all descendant objects)

For public folder synchronization:

  • The Write proxyAddresses permission on the Descendant publicFolder objects for the Microsoft Exchange System Objects organizational unit in all domains in which target Exchange servers involved in public folder synchronization reside.

NOTE: Alternatively, you can grant the Write permission on that organizational unit.

To learn how to grant rights and permissions required for this account, refer to the Target Exchange 2016 Preparation document.

Documentos relacionados

The document was helpful.

Selecione a classificação

I easily found the information I needed.

Selecione a classificação