Delegation migration migrates access to Exchange mailboxes, such as Send As/Manager access and access to specific folders like Calendars and Contacts. Delegation migration attempts to set access control on objects in Exchange based on the Access Control List (ACL) in Notes which dictates overall access to the Exchange mailbox. The delegation migration can be run by a scheduled process or manually on selected documents.
The following is required for delegation migration:
Address translation must be fully populated when migrating Access and Delegation. The SMTP address must match the primary SMTP in Exchange
PowerShell 4 must be installed on the workstation/server that the migration process is to run from
The Administration account for the CAS Server has the ApplicationImpersonation role in the domain
Exchange delegates must have domain accounts and be mailbox-enabled
Delegation also allows you to audit the user's mail files for database ACL and delegation data and send an email containing the user's current delegation settings, so the user can determine if the settings are valid for migration to Outlook.
The scheduled delegation migration and the scheduled delegation migration agent must be enabled in the Delegation settings. When enabled, the agent will attempt to migrate delegation data for all mailboxes that have been successfully migrated to an Exchange Server since the last delegation migration.
Scheduled delegation migration runs in the background on a workstation or server. If running locally, Notes must be running and background agents must be enabled on the client.
When enabled the scheduled delegation migration agent runs once a day at 3:00 AM. Note that if the agent is changed to run at a time interval that is too short, the PowerShell tasks may not have time to complete.
The status of the delegation migration can be viewed on the Delegation Migration view:
Delegation Migration View
The status for delegation migration can be successful, incomplete (partially migrated), or a failure. If the status is either incomplete or failed, the delegation migration will be retried until it reaches the successful status, or until the retry limit is exceeded. If the retry limit is exceeded, it will go in to suspended status, where it can be reset and re-queued for background processing.
The failure or incomplete status will occur if one or more delegates does not exist, because either the delegate does not exist as a mailbox-enabled AD account or security enabled group in the target domain.
Failed scheduled delegation migrations will continue to be retried until successful or until the schedule migration is suspended.
For user delegation this will only be applied once the account that is a delegate has a mailbox. Not all delegation is expected to complete successfully until all Notes accounts are migrated.
It is recommended to schedule migrations for users and delegates who require access to email or calendar data in the same migration batch.
Enable and suspend scheduled migration options are available under Optional Actions:
Select one or more mailboxes and click Optional Actions | Suspend scheduled migration to stop the scheduled delegation migration
Select one or more mailboxes and click Optional Actions | Enable scheduled migration to set the scheduled delegation migration attempts; you may want to use this option after attempting a manual delegation migration
Delegation data for selected mailboxes can also be manually migrated immediately using the local machine. Manually migrating delegation data will remove the mailbox from the scheduled state and it must then be validated by the same machine. As stated in the Access and Delegation Migration Overview, PowerShell 4 must be installed on the workstation/server that the migration process is to run from. You can use the Enable scheduled migration option to reset to the scheduled state.
To manually migrate delegation data:
On the Delegation Migration view, select one or more mailbox and click the Migrate Delegation button; the local machine immediately attempts to migrate delegate information
This process can be run in conjunction with the Active Mailbox process; after the mail file audit process has completed, select the Delegation Migration option to switch to the following view:
This view displays the mail file owner, a list of people assigned delegate access, the level of access in ACL terms, and whether the calendar is “open” for public viewing.
This view only shows a maximum of nine delegates per user. If there are more, these can be viewed by opening the person document and switching to the Delegation Information tab.
The values “1, 2, 3, 4, 5, 6, 7, 8, 9” refer to the “tick” settings in the database ACL as shown below:
This form also displays the Forward Meeting Notice settings as configured in the delegation settings of the mail file associated with this user:
Merging ACL details is an optional process to populate the I am a Delegate for section of the person document. Once the Audit process has completed, it is necessary to run an agent to consolidate the data from these users. This agent displays if the user is also a “Delegate For” another user. To run this agent, click on the Merge ACL Details option under the Optional Actions button in the action bar at the top of the view. This agent runs against all documents in the view and can be rerun at any time. If the mail file audit agent is run again, Merge ACL Details must also be run.
Once the agent has run, the view displays data in the I am a Delegate for section. This view is limited to nine delegates per person. Open the person document for full details.
At this point, if you do not intend to migrate mailbox delegation, you can send the end users a report of their delegation settings; select the users from the view and click on the Optional Actions | Send Delegation Settings Email; you will be asked for confirmation before proceeding:
When you click Yes, the selected users receive an email message similar to the one shown below:
At this stage, you can work with your users to audit and tidy up delegation settings in Notes prior to migration. If users update their delegation settings, you need to rerun the audit agent and the Merge ACL Details agent to capture the most updated data.