Chat now with support
Chat with Support

Binary Tree Archive Migrator for Notes 20.11 - Release Notes

Section 9.  Access and Delegation Migration

Section 9.  Access and Delegation Migration

9.1  Access and Delegation Migration Overview

Delegation migration migrates access to Exchange mailboxes, such as Send As/Manager access and access to specific folders like Calendars and Contacts. Delegation migration attempts to set access control on objects in Exchange based on the Access Control List (ACL) in Notes which dictates overall access to the Exchange mailbox. The delegation migration can be run by a scheduled process or manually on selected documents.

The following is required for delegation migration:

  • Address translation must be fully populated when migrating Access and Delegation. The SMTP address must match the primary SMTP in Exchange

  • PowerShell 4 must be installed on the workstation/server that the migration process is to run from

  • The Administration account for the CAS Server has the ApplicationImpersonation role in the domain

  • Exchange delegates must have domain accounts and be mailbox-enabled


  • Delegation migration to Mail-in databases are treated like other mail files

  • The access control for Rooms and Resources is not included in delegation migration

  • Automatic Forwarding settings in the Notes client are not migrated

  • For ACL Groups permissions migrations, Notes groups must migrate to a security mail-enabled group in Exchange and have an Internet Address assigned or be converted to Multi-Purpose groups

  • In hybrid Exchange installations, with both Office 365 and on-prem Exchange servers:

    • Delegation access can only be set for users on the same system; Office 365 users can set delegation access to the mailbox to other Office 365 users, but not to Exchange users; Exchange users can set delegation access to other Exchange accounts, but not to Office 365 users; Access delegation is not supported between Exchange on-prem users and Office 365 accounts

    • You must set application impersonation in each domain (once for the on-prem Exchange servers, and once in the Office 365 tenant); Impersonation in the on-prem servers does not automatically propagate to Office 365 because they are separate domains and AD objects


Delegation also allows you to audit the user's mail files for database ACL and delegation data and send an email containing the user's current delegation settings, so the user can determine if the settings are valid for migration to Outlook.

9.2  Migrate Delegation – Scheduled

The scheduled delegation migration and the scheduled delegation migration agent must be enabled in the Delegation settings. When enabled, the agent will attempt to migrate delegation data for all mailboxes that have been successfully migrated to an Exchange Server since the last delegation migration.

Scheduled delegation migration runs in the background on a workstation or server. If running locally, Notes must be running and background agents must be enabled on the client.

When enabled the scheduled delegation migration agent runs once a day at 3:00 AM.  Note that if the agent is changed to run at a time interval that is too short, the PowerShell tasks may not have time to complete.

The status of the delegation migration can be viewed on the Delegation Migration view:

Delegation Migration View

The status for delegation migration can be successful, incomplete (partially migrated), or a failure. If the status is either incomplete or failed, the delegation migration will be retried until it reaches the successful status, or until the retry limit is exceeded. If the retry limit is exceeded, it will go in to suspended status, where it can be reset and re-queued for background processing.

The failure or incomplete status will occur if one or more delegates does not exist, because either the delegate does not exist as a mailbox-enabled AD account or security enabled group in the target domain.   

Failed scheduled delegation migrations will continue to be retried until successful or until the schedule migration is suspended.

For user delegation this will only be applied once the account that is a delegate has a mailbox. Not all delegation is expected to complete successfully until all Notes accounts are migrated.

It is recommended to schedule migrations for users and delegates who require access to email or calendar data in the same migration batch.

9.3  Enable and Suspend Scheduled Migration

Enable and suspend scheduled migration options are available under Optional Actions:

Select one or more mailboxes and click Optional Actions | Suspend scheduled migration to stop the scheduled delegation migration

Select one or more mailboxes and click Optional Actions | Enable scheduled migration to set the scheduled delegation migration attempts; you may want to use this option after attempting a manual delegation migration

9.4  Migrate Delegation – Manual

Delegation data for selected mailboxes can also be manually migrated immediately using the local machine. Manually migrating delegation data will remove the mailbox from the scheduled state and it must then be validated by the same machine. As stated in the Access and Delegation Migration Overview, PowerShell 4 must be installed on the workstation/server that the migration process is to run from. You can use the Enable scheduled migration option to reset to the scheduled state.

To manually migrate delegation data:

  1. On the Delegation Migration view, select one or more mailbox and click the Migrate Delegation button; the local machine immediately attempts to migrate delegate information

9.5  Active Delegation – Operation

Audit the mailfiles*

This process can be run in conjunction with the Active Mailbox process; after the mail file audit process has completed, select the Delegation Migration option to switch to the following view:     

This view displays the mail file owner, a list of people assigned delegate access, the level of access in ACL terms, and whether the calendar is “open” for public viewing.

This view only shows a maximum of nine delegates per user. If there are more, these can be viewed by opening the person document and switching to the Delegation Information tab.


The values “1, 2, 3, 4, 5, 6, 7, 8, 9” refer to the “tick” settings in the database ACL as shown below:

This form also displays the Forward Meeting Notice settings as configured in the delegation settings of the mail file associated with this user:

9.6  Merge ACL Details

Merging ACL details is an optional process to populate the I am a Delegate for section of the person document. Once the Audit process has completed, it is necessary to run an agent to consolidate the data from these users. This agent displays if the user is also a “Delegate For” another user. To run this agent, click on the Merge ACL Details option under the Optional Actions button in the action bar at the top of the view. This agent runs against all documents in the view and can be rerun at any time. If the mail file audit agent is run again, Merge ACL Details must also be run.

Once the agent has run, the view displays data in the I am a Delegate for section. This view is limited to nine delegates per person. Open the person document for full details.

9.7  Send Delegation Settings email

At this point, if you do not intend to migrate mailbox delegation, you can send the end users a report of their delegation settings; select the users from the view and click on the Optional Actions | Send Delegation Settings Email; you will be asked for confirmation before proceeding:

When you click Yes, the selected users receive an email message similar to the one shown below:

At this stage, you can work with your users to audit and tidy up delegation settings in Notes prior to migration. If users update their delegation settings, you need to rerun the audit agent and the Merge ACL Details agent to capture the most updated data.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating