Chat now with support
Chat with Support

Welcome, Quadrotech customers to Quest Support Portal click here for for frequently asked questions regarding servicing your supported assets.

On Demand Migration Current - Administrator Guide

About On Demand Migration Before You Start Working with On Demand Migration Starting Migration Project Configuring Connections Sharing Availability Information Collecting Account Information Pre-Migration Assessment Account Migration Hybrid Account Migration Domain Coexistence Mail Migration OneDrive Migration Resource Processing Public Folders Migration SharePoint Migration Microsoft Teams Migration Content Migration for Office 365 Groups Troubleshooting Finalizing the Migration

Assigning Roles Using PowerShell

To assign the required roles to an Azure AD administrative account you can use the PowerShell script as described below. You need to run this script as a Global Administrator for the tenant, for which you want to grant the necessary permissions.

This command assigns all minimum required permissions to Azure AD administrative account odmServiceAccount@contoso.onmicrosoft.com. You can specify only the minimum roles required for the processes that you want to perform. 

$serviceAccountUpn = "odmServiceAccount@contoso.onmicrosoft.com"
 
function AssignAzureAdRole($RoleName, $UserPrincipalName)
{
     $role = Get-AzureADDirectoryRole | Where {$_.displayName -eq $RoleName}
     if (!$role)
     {
          $RoleTemplate = Get-AzureADDirectoryRoleTemplate | Where-Object {$_.DisplayName -eq $RoleName}
          $role = Enable-AzureADDirectoryRole -RoleTemplateId $RoleTemplate.ObjectId
     }
 
     if ((Get-AzureADDirectoryRoleMember -ObjectId $role.ObjectId).UserPrincipalName -notcontains $UserPrincipalName)
     {
          Add-AzureADDirectoryRoleMember -ObjectId $role.ObjectId -RefObjectId (Get-AzureADUser -Filter "userPrincipalName eq '$UserPrincipalName'").ObjectID
     }
}
 
function AssignExchangeRoles($RoleName, $UserPrincipalName, $Roles)
{
     $group = Get-RoleGroup -Filter "Name -eq '$RoleName'"
     if (!$group)
     {
          $group = New-RoleGroup $RoleName
     }
     $group | Update-RoleGroupMember -Members $UserPrincipalName -Confirm:$false
 
     $Roles | ?{ $group.Roles -notcontains $_ } | %{
          New-ManagementRoleAssignment -SecurityGroup $group.Id -Role $_
     }
}
 
Import-Module AzureAD
Import-Module ExchangeOnlineManagement
 
# Assign AzureAD roles
Connect-AzureAD
AssignAzureAdRole 'Guest Inviter' $serviceAccountUpn
AssignAzureAdRole 'SharePoint Service Administrator' $serviceAccountUpn
 
# Assign Exchange Online roles
Connect-ExchangeOnline
AssignExchangeRoles 'QuestODMServiceAccount' $serviceAccountUpn (
     'ApplicationImpersonation',
     'Mail Recipients',
     'Federated Sharing',
     'Security Group Creation and Membership',
     'Mail Recipient Creation',
     'Transport Rules',
     'Remote and Accepted Domains',
     'Distribution Groups'
)

Signing up for Quest On Demand

To get access to On Demand Migration, you need to sign up for the Quest On Demand service. For that, go to Quest On Demand and use one of the following options:

You must accept the Software Transaction Agreement before using this product.

Organizations and Regions

When you sign up for the On Demand service for the first time, you create an organization and you become the On Demand organization administrator. You can add additional organization administrators.

For more information about managing your organization see Organizations and regions section in On Demand Global Settings User Guide.

Adding a Tenant

To create your migration project, specify source and target tenants. For latest information on adding or removing tenants, please see the Tenant Management section in On Demand Global Settings User Guide.

Related Documents