Quest® On Demand Migration cloud application lets you create migration projects to perform the following:
Mail migration feature
OneDrive for Business migration feature
Public Folders migration feature
SharePoint migration feature
Microsoft Teams migration feature
On Demand Migration is a part of Quest® On Demand – a single SaaS console for managing your cloud environment in Microsoft Azure. For more information, see Quest On Demand documentation.
To access your Azure Active Directory or Office 365 tenant via On Demand Migration, the migrator account needs to have the following:
|
TIP: Quest recommends creating a temporary account for On Demand Migration and use it to grant all consents for the migration project |
If you do not have such account, create it with Microsoft Azure administrative portal.
This section provide you with the following information :
This section lists the universal permissions for administrative accounts to perform main On Demand Migration tasks:
|
TIP: In case you want to make permissions more granular using minimum administrative permissions refer to Granular Permissions. This section provides minimum permissions for processes that can be performed using Accounts migration dashboard. |
|
IMPORTANT: To perform any of the tasks the source and the target Azure AD administrative accounts should have a mailbox with valid Microsoft Exchange Online license. |
Task | Minimal Permissions |
---|---|
Add tenant to On Demand | Global Administrator role for both source and target Azure AD administrative accounts. Refer to Adding a Tenant for details. |
Configure tenant / grant admin consent | Global Administrator role for both source and target Azure AD administrative accounts. Refer to Adding a Tenant for details. |
Discover accounts |
Granted “Migration - Basic” consent and Global Administrator role for both source and target Azure AD administrative accounts |
Get statistics on Mailboxes | Global Administrator role for both source and target Azure AD administrative accounts |
Enable calendar sharing | Global Administrator role for both source and target Azure AD administrative accounts |
Migrate accounts | Granted “Migration - Basic” consent and Global Administrator role for both source and target Azure AD administrative accounts |
Migrate hybrid accounts | Granted “Migration - Basic” consent and Global Administrator role for both source and target Azure AD administrative accounts, on-premises administrative accounts with write permissions for ADAM / AD LDS server used by Quest Migration Manager, and all prerequisites specified in Deploying Migration Manager for Active Directory |
Migrate mailboxes | Granted “Migration - Basic” and "Mailbox Migration" consents, Global Administrator role (with Office 365 mailbox and Impersonation Role in Exchange Online). To perform Autodiscover during mail migration an Office 365 mailbox is required. Refer to Obtaining Impersonation Role for Mail Migration for details. |
Migrate OneDrive storages |
Global Administrator role for both source and target Azure AD administrative accounts “Migration - SharePoint” consent granted for source and target tenants. |
Process Resource Roles | Granted “Migration - Basic” consent, Global Administrator role for both source and target Azure AD administrative accounts, User Access Administrator role for "Quest On Demand - Migration - General [Automation]" |
Process source SharePoint (without migration) | Granted “Migration - SharePoint” consent, turned on external sharing for SharePoint and Global Administrator role for both source and target Azure AD administrative accounts |
Migrate SharePoint |
Granted for source and target tenants:
The target tenant should already have the fully configured SharePoint with the active license plan. Refer to Prerequisites for details. |
Process Application Assignments | Granted “Migration - Basic” consent and Global Administrator role for both source and target Azure AD administrative accounts. Refer to Adding a Tenant for details. |
Migrate Microsoft Teams and Office 365 Groups with Teams functionality |
Granted for source and target tenants:
Global Administrator roles and Teams licenses for both source and target Azure AD administrative accounts. Refer to Prerequisites for details. |
Migrate Public Folders |
Granted for source and target tenants:
Owner permission to the target public folder root for target Azure AD administrative account. Refer to Prerequisites for details. |
Mail migration requires Application Impersonation, so that knowledge of the users' credentials is not required. Impersonation role should be configured manually as described below:
|
NOTE: It may take some time before the changes are applied to take effect. |
© 2021 Quest Software Inc. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy