This document describes minimal set of permissions required for mailbox, calendar and public folder synchronization from a source Exchange 2010 organization to a target Exchange 2010 organization using Migration Manager for Exchange.
|
Note: Permissions required for native mailbox move are out of scope of this document. |
For general information on account permissions required for Migration Manager for Exchange operation, refer to System Requirements and Access Rights document.
|
Important: Permissions in this document are sufficient for a successful migration only if the following requirements are met:
|
The following permissions are required for source Exchange account used by MSA and CSA during legacy mailbox or calendar synchronization:
Permission | How to Grant |
---|---|
Read access to the source domain (including all descendant objects) | Link |
Membership in the local Administrators group on all source Exchange servers involved in the migration. If a server is a domain controller, the account should be added to the domain local Administrators group of the domain. | Link |
Read permission for the Microsoft Exchange container in the Configuration partition of source Active Directory (including all descendant objects) | Link |
Permissions to process every mailbox involved in the migration by granting
|
|
NOTE: If you have any Exchange 2010 Service Pack 2 servers in the source Exchange organization, the Address Book Policy (ABP) assigned to the account must include Global Address List (GAL) containing all recipients of the source Exchange organization. |
|
TIP: The Read permission for the Microsoft Exchange container is required only if this account is used as Active Directory account as well and you plan to add the source Exchange organization using the Add Source Organization Wizard under this account. |
The following permissions are required for source Exchange account used by PFSA and PFTA during public folder synchronization:
Permission | How to Grant |
---|---|
Membership in the local Administrators group on all source Exchange servers involved in the migration. If a server is a domain controller, the account should be added to the domain local Administrators group of the domain. | Link |
Membership in the Public Folder Management group | Link |
Permissions to process public folders involved in the migration by granting Full Control permission on public folder databases where those public folders reside. | Link |
The following permissions are required for source Active Directory account used by MSA and CSA during legacy mailbox or calendar synchronization:
Permission | How to Grant |
---|---|
Read access to the source domain (including all descendant objects) | Link |
Read permission for the Microsoft Exchange container in the Configuration partition of source Active Directory (including all descendant objects) | Link |
|
Important: If migration is performed in the child domain, ensure that Active Directory account has the Read access to the parent (root) domain as well. |
The following permissions are required for source Active Directory account used by PFSA and PFTA during public folder synchronization:
Permission | How to Grant |
---|---|
The Write proxyAddresses permission on the Descendant publicFolder objects for the Microsoft Exchange System Objects organizational unit in all domains in which source Exchange servers involved in public folder synchronization reside. NOTE: Alternatively, you can grant the Write permission on that organizational unit. |
Link |
The following permissions are required for target Exchange account used by MSA, MTA and CSA during legacy mailbox or calendar synchronization:
Permission | How to Grant |
---|---|
Read access to the target domain (including all descendant objects) | Link |
Membership in the local Administrators group on all target Exchange servers involved in the migration. If a server is a domain controller, the account should be added to the domain local Administrators group of the domain. | Link |
Read permission for the Microsoft Exchange container in the Configuration partition of target Active Directory (including all descendant objects) | Link |
Permissions to process every mailbox involved in the migration by granting
|
|
The Move Mailboxes management role | Link |
|
NOTE: If you have any Exchange 2010 Service Pack 2 servers in the target Exchange organization, the Address Book Policy (ABP) assigned to the account must include Global Address List (GAL) containing all recipients of the target Exchange organization. |
|
TIP: The Read permission for the Microsoft Exchange container is required only if this account is used as Active Directory account as well and you plan to add the target Exchange organization using the Add Target Organization Wizard under this account. |
The following permissions are required for target Exchange account used by PFSA and PFTA during public folder synchronization:
Permission | How to Grant |
---|---|
Membership in the local Administrators group on all target Exchange servers involved in the migration. If a server is a domain controller, the account should be added to the domain local Administrators group of the domain. | Link |
Membership in the Public Folder Management group | Link |
Permissions to process public folders involved in the migration by granting Full Control permission on public folder databases where those public folders reside. | Link |
The following permissions are required for target Active Directory account used by MSA, MTA and CSA during legacy mailbox or calendar synchronization:
Permission | How to Grant |
---|---|
Read access to the target domain (including all descendant objects) | Link |
Read permission for the Microsoft Exchange container in the Configuration partition of target Active Directory (including all descendant objects) | Link |
|
Important: If migration is performed in the child domain, ensure that Active Directory account has the Read access to the parent (root) domain as well. |
The following permissions are required for target Active Directory account used by PFSA and PFTA during public folder synchronization:
Permission | How to Grant |
---|---|
The Write proxyAddresses permission on the Descendant publicFolder objects for the Microsoft Exchange System Objects organizational unit in all domains in which target Exchange servers involved in public folder synchronization reside. NOTE: Alternatively, you can grant the Write permission on that organizational unit. |
Link |
This section contains reference information how to grant an account the following permissions:
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center