If a public folder is mail-enabled in the target organization, the Public Folder Source Agent needs to be able to make it mail-enabled in the source organization as well. To achieve this, assign your Source Exchange Account permissions to run the Enable-MailPublicFolder cmdlet, as follows:
Caution: If the Source Exchange Account is located in another trusted forest, you cannot add the account to the Public Folder Management group. In this case grant the following permissions for the Exchange Administrative Group (FYDIBOHF23SPDLT) container and its child objects to the account in the Configuration partition using the ADSIEdit snap-in:
Modify public folder quotas permission
NOTE: If you have a Windows 2003 domain controller, the ADSIEdit utility, which is part of the Windows 2003 Support Tools, may not be installed. In this case install the Support Tools by running the Support\Tools\Suptools.msi file located on the Windows 2003 CD.
The Source Exchange Account used by Migration Manager for Exchange agents needs the Full Control permission on each mailbox database involved in migration and on its associated public folder database if it exists.
To grant the required permissions to the <User> (in our example, sourcedomain\QMM_Src_Ex), run the following two cmdlets in Exchange Management Shell:
Get-MailboxDatabase | Add-ADPermission -User <User> -AccessRights GenericAll -ExtendedRights Receive-As
Get-PublicFolderDatabase | Add-ADPermission -User <User> -AccessRights GenericAll -ExtendedRights Receive-As
To verify that all permissions for the Source Exchange Account are set correctly, select any mailbox involved in the migration in the Migration Manager Console and check that the Source Exchange Account has Full Access permission for the mailbox.
To perform Move mailbox operations, the Source Exchange Account needs to be assigned permissions to run the following cmdlets:
To grant these permissions, add the account to the Recipient Management group in the source Exchange 2010 organization, as follows:
To grant the ApplicationImpersonation management role to the <User> (in our example, LA\JohnSmith), run the following cmdlet in Exchange Management Shell:
New-ManagementRoleAssignment -Role ApplicationImpersonation -User LA\JohnSmith