How to Limit Account Rights
Usage > How to Limit Account Rights
Accounts for temporary service mailboxes does not require many access rights for CPUU to function properly. We recommend limiting the account rights using the following PowerShell commands.
NOTE: Redefine $user variable with the account’s user name or email address.
$credential = Get-Credential
$exchangeSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "https://outlook.office365.com/powershell-liveid/" -Credential $credential -Authentication "Basic" -AllowRedirection
Import-PSSession $exchangeSession -DisableNameChecking
$user = "UserName"
Table 1: Limiting account rights
|Disable access to remote PowerShell
||Set-User $user -RemotePowerShellEnabled $false |
|Disable Exchange ActiveSync for the mailbox
||Set-CASMailbox $user -ActiveSyncEnabled $false |
|Disable access to the mailbox by using Outlook on the web
||Set-CASMailbox $user -OWAEnabled $false |
|Disable access to the mailbox by using Outlook on the web for devices
Set-CASMailbox $user -OWAforDevicesEnabled $false
|Disable access to the mailbox by using POP3 clients
||Set-CASMailbox $user -PopEnabled $false |
|Disable access to the mailbox by using IMAP4 clients
||Set-CASMailbox $user -ImapEnabled $false |
|Disable access to the mailbox by using MAPI clients
||Set-CASMailbox $user -MAPIEnabled $false |
For more information see Client access cmdlets in Exchange Online article in Microsoft TechNet.
Updating Microsoft Outlook Offline Profiles
Usage > Updating Microsoft Outlook Offline Profiles
Important: The information in this section is relevant only for migrations performed using legacy agents in Migration Manager for Exchange. For mailboxes, migrated in ODME or using MAgE in Migration Manager for Exchange, OST files cannot be preserved.
A widely-used Microsoft Outlook feature is offline access to a user’s mailbox folders. The offline folders (OST) file is stored on a user’s computer and keeps a local replica of the corresponding folders in the user’s Exchange mailbox. In this document, users with offline folder (OST) files are referred to as remote users.
Because each OST file is associated with only one Exchange mailbox and cannot be used with any other mailbox, a remote user cannot continue to use the same OST file with the new mailbox after the migration. Therefore, the Migration Manager for Exchange Mail Agent recreates the target Exchange mailboxes so that the CPUU can keep the source mailbox OST file and assign it to the target mailbox profile.
The typical and recommended procedure for updating Microsoft Outlook offline profiles is as follows
- Decide for which remote users the Microsoft Outlook offline profiles should be updated.
- Group the mailboxes of those remote users into one or more Remote Users Collections.
Note: For more information about Remote Users Collections, refer to Migration Manager for Exchange User Guide.
- Schedule the Remote Users Collection to be processed during the night or some other time when the users do not use their mailboxes.
- Wait until the Mail Agent switches the Remote Users Collections. While processing a Remote Users Collection, the Mail Agent recreates the target Exchange mailboxes corresponding to the source mailboxes included in the collection and puts a hidden recreate message into each of the source mailboxes. This message will be then used by CPUU.
- Run the Client Profile Updating Utility Configuration wizard.
- Select the Create a new configuration file option on the Welcome page of the wizard to create a configuration batch file.
- Specify the account under which CPUU will run.
- Instruct CPUU to update offline profiles when possible to keep the OST files.
- Supply other settings required for running CPUU. For more information, refer to the Typical Scenario topic.
- Click Finish.
- The wizard will create the BAT and INI files with the parameters you specified. These files will be used to start CPUU in order to update profiles. Include these files in the remote users’ logon scripts.
- CPUU will start updating offline profiles as soon as the mailboxes of the Remote Users Collection are switched to the target Exchange. To determine that the mailboxes are switched, CPUU uses the Switch Message. To determine that the mailboxes were successfully recreated and the OST file can be kept, CPUU uses the recreate message. Both messages are put to the mailbox by the Mail Agent.
Note: The Switch Message is a hidden message that contains the information, CPUU needs for profile processing:
- Version of the Switch Message
- Target mailbox Exchange DN
- Target mailbox SMTP address
- Parameter that specified whether the target server is the Office 365 server
If there is no Switch Message in the mailbox, CPUU will log off from the mailbox and will stop processing the profile.
When configuring CPUU, you can also select the following options for updating offline profiles:
- Never update offline profiles – The offline profiles will be skipped and the users will have to recreate their profiles manually.
- Always update offline profiles – If you select this option, you should be aware of the risk of data loss for those remote users whose target mailboxes were not prepared for migration by the Mail Agent when it processed them within the Remote Users Collections.
Updating Resource Mailboxes
Updating Resource Mailboxes
Resource mailboxes are mailboxes that represent company resources you can book (such as conference rooms and equipment).
Since resource mailboxes are used only to book resources, normally no one logs on to them and therefore no Outlook profiles are created for them.
However, when migrating resource mailboxes, not all settings you configured in the source environment are migrated to the target by the agents. These settings can be updated by CPUU only after the mailbox is migrated. CPUU, however, requires Outlook profile to exist in order to update mailbox settings. If the number of resource mailboxes is large, it can be a challenge to create an Outlook profile for each resource mailbox manually.
The Switch Resource Mailboxes utility (SwitchResMb.exe) is a complementary utility to CPUU designed to help update resource mailboxes. With the help of SwitchResMb.exe you can update resource mailboxes in bulk without manually creating Outlook profiles. The SwitchResMB.exe utility creates temporary MAPI profiles for CPUU and then deletes them.
Caution: It is recommended to switch and process the resource mailboxes after the user mailboxes are already switched (that is, when the users log on to the target mailboxes).
SwitchResMb.exe is installed along with CPUU and located in the CPUU installation folder.
IMPORTANT: SwitchResMb utility does not support profile processing in case of Office 365 tenant as a source.
The account used to run the utility must have permissions to log on to the source mailboxes that are being switched.
The following files are required for SwitchResMb.exe to run:
- ClientProfileUpdatingUtility.exe – main CPUU executable file for 32-bit platforms.
Caution: The Switch Resource Mailboxes utility cannot run together with 64-bit editions of Microsoft Outlook, so it does not work with ClientProfileUpdatingUtility_x64.exe.
- CPUU.ini– A file that contains configuration parameters for ClientProfileUpdatingUtility.exe.
- DlgHookHandler.dll – DLL file that is installed by the CPUU setup.
- A file that contains configuration parameters for SwitchResMb.exe and the list of resource mailboxes to be updated. This file must be created manually, as described in the Using the Utility topic.