Chat now with support
Chat with Support

Preparing Migration 8.15 - System Requirements and Access Rights

Migration Manager Console Migration to Microsoft Office 365 License Server Migration Manager Database Servers Migration Manager Agent Servers Statistics Portal Server Resource Updating Manager Resource Updating Wizards Processed Platforms Additional Environment Security Configuration Ports Used by General Migration Manager Components Ports Used by Migration Manager for Exchange Components Ports Used by Migration Manager for Active Directory Components Ports Used by Resource Updating Manager Accounts Required for Migration Manager Operation Accounts Used by the Directory Synchronization Agent Source Accounts Used by Migration Manager for Exchange Agents Target Accounts Used by Migration Manager for Exchange Agents Agent Host Account Used by Legacy Migration Manager for Exchange Agents Agent Host Account Used by Migration Agent for Exchange (MAgE) Accounts Used for Migrating to Microsoft Office 365 Accounts Used by RUM Agent Service Accounts Used by RUM Controller Service Account Used by Statistics Collection Agent Service Accounts Used by Statistics Portal Accounts Accounts and Rights Required for Active Directory Migration Tasks Accounts and Rights Required for Exchange Migration Tasks Using the Exchange Processing Wizard with Exchange 2010 or later Appendix. How to Set the Required Permissions for Active Directory Migration

Target Accounts Used by Migration Manager for Exchange Agents

NOTE: Each computer on which Migration Manager for Exchange agents run must have DCOM Access and Launch permissions. These permissions are acquired by the agent through server's local Administrators group membership.

Accounts for Target Exchange 2003 Server

Exchange account

Used To Where Specified Rights and Permissions
  • Work with target Exchange mailboxes and public folders (used by the Mail Target Agent, Public Folder Source Agent, and Public Folder Target Agent)
  • Mail-enable the newly-created public folders (used by the public folder agents only: Public Folder Source Agent and Public Folder Target Agent)
  • Synchronize Calendar information (used by the Calendar Synchronization Agent)
  • Synchronize free/busy data (optional) (used by the Free/Busy Synchronization Agent)
  • Move mailboxes
On the General>Connection page of the target Exchange server Properties in the Migration Manager Console
  • Read access to the target domain.
  • Membership in the local Administrators group on all target Exchange servers involved in the migration. If a server is a domain controller, the account should be added to the domain local Administrators group of the domain.
  • Full Control permission on the organizational units (OUs) (and their child objects) where the target synchronized objects are located.
  • Full Control permission on target Exchange 2003 servers (including the Send As and Receive As permissions).
  • Full Control permission on the Microsoft Exchange System Objects organizational unit in all domains in which target Exchange 2003 servers involved in public folder synchronization reside.
  • Modify public folder replica list permission, Modify public folder deleted item retention permission, and Modify public folder quotas permission on the administrative groups where the target Exchange 2003 servers involved in public folder synchronization reside

Active Directory account

Used To Where Specified Rights and Permissions
  • Work with the target Active Directory
  • Re-home mailboxes
  • Switch mailboxes and synchronize mailboxes in Remote Users Collections (Mail Source Agent, Mail Target Agent)
On the General>Associateddomain controller page of the target Exchange server Properties in the Migration Manager Console
  • Read access to the target domain
  • Full Control rights on the OUs (and their child objects) where the target synchronized objects are located.

NOTE: If migration is performed in the child domain, ensure that Active Directory account has the Read access to the parent (root) domain as well.

To learn how to grant rights and permissions required for this account, refer to the Exchange 2003 Environment Preparation document.

Accounts for Target Exchange 2007 Server

Exchange account

Used To Where Specified Rights and Permissions
  • Work with target Exchange mailboxes and public folders (used by the Mail Target Agent, Public Folder Source Agent, and Public Folder Target Agent)
  • Mail-enable the newly-created public folders (used by the public folder agents only: Public Folder Source Agent and Public Folder Target Agent)
  • Synchronize Calendar information (used by the Calendar Synchronization Agent)
  • Synchronize free/busy data (optional) (used by the Free/Busy Synchronization Agent)
  • Move mailboxes
On the General>Connection page of the target Exchange server Properties in the Migration Manager Console
  • Read access to the target domain.
  • Membership in the local Administrators group on all target Exchange servers involved in the migration. If a server is a domain controller, the account should be added to the domain local Administrators group of the domain.
  • Full Control permission on the organizational units (OUs) (and their child objects) where the target synchronized objects are located.
  • Full Control permission on target Exchange 2007 servers (including the Send As and Receive As permissions).
  • Full Control permission on the Microsoft Exchange System Objects organizational unit in all domains in which target Exchange 2007 servers involved in public folder synchronization reside.
  • Exchange Public Folder Administrator role.

Active Directory account

Used To Where Specified Rights and Permissions
  • Work with the target Active Directory
  • Re-home mailboxes
  • Switch mailboxes and synchronize mailboxes in Remote Users Collections (Mail Source Agent, Mail Target Agent)
On the General>Associateddomain controller page of the target Exchange server Properties in the Migration Manager Console
  • Read access to the target domain
  • Full Control rights on the OUs (and their child objects) where the target synchronized objects are located.
  • Read permission for the Microsoft Exchange container in Active Directory

NOTE: If migration is performed in the child domain, ensure that Active Directory account has the Read access to the parent (root) domain as well.

To learn how to grant rights and permissions required for this account, refer to the Target Exchange 2007 Preparation document.

Accounts for Target Exchange 2010 Server (Legacy)

TIP: If you plan to migrate from Exchange 2010 organization, take a look at minimum required permissions for accounts in the Granular Account Permissions for Exchange 2010 to 2010 Migration and Granular Account Permissions for Exchange 2010 to 2013 Migration documents, respectively.

Exchange account

Used To Where Specified Rights and Permissions
  • Work with target Exchange mailboxes and public folders (used by the Mail Target Agent, Public Folder Source Agent, and Public Folder Target Agent)
  • Mail-enable the newly-created public folders (used by the public folder agents only: Public Folder Source Agent and Public Folder Target Agent)
  • Synchronize Calendar information (used by the Calendar Synchronization Agent)
  • Synchronize free/busy data (optional) (used by the Free/Busy Synchronization Agent)
  • Move mailboxes
On the General>Connection page of the target Exchange server Properties in the Migration Manager Console
  • Read access to the target domain.
  • Membership in the local Administrators group on all target Exchange servers involved in the migration. If a server is a domain controller, the account should be added to the domain local Administrators group of the domain.
  • Full Control permission on the organizational units (OUs) (and their child objects) where the target synchronized objects are located.
  • Full Control permission on the Microsoft Exchange System Objects organizational unit in all domains in which target Exchange 2010 servers involved in public folder synchronization reside.
  • Full Control permission on target Exchange 2010 organization
  • Membership in the Public Folder Management group.
  • Permissions to log on to every mailbox involved in the migration.
  • Membership in the Recipient Management group.

Note: If you have any Exchange 2010 Service Pack 2 servers in the target Exchange organization, the Address Book Policy (ABP) assigned to the account must include Global Address List (GAL) containing all recipients of the target Exchange organization.

Active Directory account

Used To Where Specified Rights and Permissions
  • Work with the target Active Directory
  • Re-home mailboxes
  • Switch mailboxes and synchronize mailboxes in Remote Users Collections (Mail Source Agent, Mail Target Agent)
On the General>Associateddomain controller page of the target Exchange server Properties in the Migration Manager Console
  • Read access to the target domain
  • Full Control rights on the OUs (and their child objects) where the target synchronized objects are located.
  • Read permission for the Microsoft Exchange container in Active Directory

NOTE: If migration is performed in the child domain, ensure that Active Directory account has the Read access to the parent (root) domain as well.

To learn how to grant rights and permissions required for this account, refer to the Target Exchange 2010 Preparation (Legacy) document.

Related Documents