Chat now with support
Chat with Support

Preparing Migration 8.15 - System Requirements and Access Rights

Migration Manager Console Migration to Microsoft Office 365 License Server Migration Manager Database Servers Migration Manager Agent Servers Statistics Portal Server Resource Updating Manager Resource Updating Wizards Processed Platforms Additional Environment Security Configuration Ports Used by General Migration Manager Components Ports Used by Migration Manager for Exchange Components Ports Used by Migration Manager for Active Directory Components Ports Used by Resource Updating Manager Accounts Required for Migration Manager Operation Accounts Used by the Directory Synchronization Agent Source Accounts Used by Migration Manager for Exchange Agents Target Accounts Used by Migration Manager for Exchange Agents Agent Host Account Used by Legacy Migration Manager for Exchange Agents Agent Host Account Used by Migration Agent for Exchange (MAgE) Accounts Used for Migrating to Microsoft Office 365 Accounts Used by RUM Agent Service Accounts Used by RUM Controller Service Account Used by Statistics Collection Agent Service Accounts Used by Statistics Portal Accounts Accounts and Rights Required for Active Directory Migration Tasks Accounts and Rights Required for Exchange Migration Tasks Using the Exchange Processing Wizard with Exchange 2010 or later Appendix. How to Set the Required Permissions for Active Directory Migration

Accounts for Source Exchange 2007 Server

Exchange account

Used To Where Specified Rights and Permissions
  • Work with source Exchange mailboxes and public folders (used by the Mail Source Agent, Public Folder Source Agent, and Public Folder Target Agent)
  • Mail-enable the newly-created public folders(used by the public folder agents only: Public Folder Source Agent and Public Folder Target Agent)
  • Synchronize Calendar information (used by the Calendar Synchronization Agent)
  • Synchronize free/busy data (optional) (used by the Free/Busy Synchronization Agent)
  • Switch mailboxes
On the General>Connection page of the source Exchange server Properties in the Migration Manager Console
  • Membership in the local Administrators group on all source Exchange servers involved in the migration. If a server is a domain controller, the account should be added to the domain local Administrators group of the domain.
  • Full Control permission on the organizational units (OUs) (and their child objects) where the source synchronized objects are located.
  • Full Control permission on source Exchange 2007 servers (including the Send As and Receive As permissions).
  • Full Control permission on the Microsoft Exchange System Objects organizational unit in all domains in which source Exchange 2007 servers involved in public folder synchronization reside.
  • Exchange Public Folder Administrator role.

Active Directory account

Used To Where Specified Rights and Permissions
Work with the source Active Directory On the General>Associated domain controller page of the source Exchange server Properties in the Migration Manager Console
  • Read access to the source domain
  • Read permission for the Microsoft Exchange container in Active Directory
NOTE: If migration is performed in the child domain, ensure that Active Directory account has the Read access to the parent (root) domain as well.

To learn how to grant rights and permissions required for this account, refer to the Source Exchange 2007 Preparation document.

Accounts for Source Exchange 2010 Server

TIP: If you plan to migrate to Exchange 2010 or Exchange 2013 organization, take a look at minimum required permissions for accounts in the Granular Account Permissions for Exchange 2010 to 2010 Migration and Granular Account Permissions for Exchange 2010 to 2013 Migration documents, respectively.

Exchange account

Used To Where Specified Rights and Permissions
  • Work with source Exchange mailboxes and public folders (used by the Mail Source Agent, Public Folder Source Agent, and Public Folder Target Agent)
  • Mail-enable the newly-created public folders(used by the public folder agents only: Public Folder Source Agent and Public Folder Target Agent)
  • Synchronize Calendar information (used by the Calendar Synchronization Agent)
  • Synchronize free/busy data (optional) (used by the Free/Busy Synchronization Agent)
  • Switch mailboxes
On the General>Connection page of the source Exchange server Properties in the Migration Manager Console
  • Membership in the local Administrators group on all source Exchange servers involved in the migration. If a server is a domain controller, the account should be added to the domain local Administrators group of the domain.
  • Full Control permission on the organizational units (OUs) (and their child objects) where the source synchronized objects are located.
  • Full Control permission on source Exchange 2010 servers (including the Send As and Receive As permissions).
  • Full Control permission on source Exchange 2010 organization

  • Membership in the Public Folder Management group.

  • Permissions to log on to every mailbox involved in the migration.

  • Membership in the Recipient Management group.

  • The ApplicationImpersonation management role for migration to Exchange 2013 (or higher) or Office 365

Note:If you have any Exchange 2010 Service Pack 2 servers in the source Exchange organization, the Address Book Policy (ABP) assigned to the account must include Global Address List (GAL) containing all recipients of the source Exchange organization.

 

Active Directory account

Used To Where Specified Rights and Permissions
Work with the source Active Directory On the General>Associated domain controller page of the source Exchange server Properties in the Migration Manager Console
  • Read access to the source domain
  • Read permission for the Microsoft Exchange container in Active Directory
NOTE: If migration is performed in the child domain, ensure that Active Directory account has the Read access to the parent (root) domain as well.

To learn how to grant rights and permissions required for this account, refer to the Source Exchange 2010 Preparation document.

Accounts for Source Exchange 2013 Server

Exchange account

Used To Where Specified Rights and Permissions
  • Work with source Exchange mailboxes and public folders (used by the Migration Agent for Exchange, Public Folder Source Agent, and Public Folder Target Agent)
  • Mail-enable the newly-created public folders (used by the public folder agents only: Public Folder Source Agent and Public Folder Target Agent)
  • Move mailboxes
On the General>Connection page of the source Exchange server Properties in the Migration Manager Console
  • Read access to the source domain
  • Full Control permission on Exchange 2013 mailboxes

  • The Mail Enabled Public Folders management role

  • Membership in the local Administrators group on all source Exchange servers involved in the public folder synchronization. If a server is a domain controller, the account should be added to the domain local Administrators group of the domain.

  • Membership in the Recipient Management group
  • The ApplicationImpersonation management role for migration to Exchange 2013 (or higher) or Office 365

Active Directory account

Used To Where Specified Rights and Permissions
  • Work with the source Active Directory
On the General>Associateddomain controller page of the source Exchange server Properties in the Migration Manager Console
  • Read access to the source domain
  • Read permission for the Microsoft Exchange container in the source Active Directory
  • Write permission on the Microsoft Exchange System Objects organizational unit in all domains in which source Exchange 2013 servers involved in public folder synchronization reside

To learn how to grant rights and permissions required for this account, refer to the Source Exchange 2013 Preparation document.

Accounts for Source Exchange 2016 Server

Exchange account

Used To Where Specified Rights and Permissions
  • Work with source Exchange mailboxes
  • Move mailboxes

When creating a calendar or mailbox synchronization job. To change it, use properties of the corresponding synchronization job.

  • Read access to the source domain (including all descendant objects)
  • Read permission for the Microsoft Exchange container in the Configuration partition of source Active Directory (including all descendant objects)
  • The ApplicationImpersonation management role

TIP: The Read permission for the Microsoft Exchange container is required only if you plan to add the source Exchange organization using the Add Source Organization Wizard under this account.

Active Directory account

Used To Where Specified Rights and Permissions
  • Work with the source Active Directory
  • Switch mailboxes
When creating a calendar or mailbox synchronization job. To change it, use properties of the corresponding synchronization job.
  • Read access to the source domain (including all descendant objects)
  • Read permission for the Microsoft Exchange container in the Configuration partition of source Active Directory (including all descendant objects)

To learn how to grant rights and permissions required for this account, refer to the Source Exchange 2016 Preparation, Source Exchange 2019 Preparation, Target Exchange 2016 Preparation, or Target Exchange 2019 Preparationdocuments depending on your environment.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating