Accounts for Target Exchange 2010 Server (MAgE)
Exchange account
- Work with target Exchange mailboxes and public folders (used by Migration Agent for Exchange, Public Folder Source Agent, and Public Folder Target Agent)
- Make the newly-created public folders mail-enabled (used by the public folder agents only: Public Folder Source Agent and Public Folder Target Agent)
- Move mailboxes
|
On the General>Connection page of the target Exchange server Properties in the Migration Manager Console |
For mailbox and calendar synchronization:
- Read access to the target domain (including all descendant objects)
- Read permission for the Microsoft Exchange container in the Configuration partition of target Active Directory (including all descendant objects)
- The Move Mailboxes management role
- The Mail Recipients management role
- The ApplicationImpersonation management role
TIP: The Read permission for the Microsoft Exchange container is required only if you plan to add the target Exchange organization using the Add Target Organization Wizard under this account.
For public folder synchronization:
- Membership in the local Administrators group on all source Exchange servers involved in the migration. If a server is a domain controller, the account should be added to the domain local Administrators group of the domain.
- Membership in the Public Folder Management group
- Permissions to process public folders involved in the migration by granting Full Control permission on public folder databases where those public folders reside.
|
Active Directory account
- Work with the target Active Directory
- Switch mailboxes
|
On the General>Associateddomain controller page of the target Exchange server Properties in the Migration Manager Console |
For mailbox and calendar synchronization:
- Read access to the target domain (including all descendant objects)
- Read permission for the Microsoft Exchange container in the Configuration partition of target Active Directory (including all descendant objects)
For public folder synchronization:
- The Write proxyAddresses permission on the Descendant publicFolder objects for the Microsoft Exchange System Objects organizational unit in all domains in which target Exchange servers involved in public folder synchronization reside.
NOTE: Alternatively, you can grant the Write permission on that organizational unit. |
To learn how to grant rights and permissions required for this account, refer to the Target Exchange 2010 Preparation (MAgE) document.
Accounts for Target Exchange 2013 Server
Exchange account
- Work with target Exchange mailboxes and public folders (used by the Migration Agent for Exchange, Public Folder Source Agent, and Public Folder Target Agent)
- Mail-enable the newly-created public folders (used by the public folder agents only: Public Folder Source Agent and Public Folder Target Agent)
- Move mailboxes
|
On the General>Connection page of the target Exchange server Properties in the Migration Manager Console |
For mailbox and calendar synchronization:
- Read access to the target domain (including all descendant objects)
- Read permission for the Microsoft Exchange container in the Configuration partition of target Active Directory (including all descendant objects) . This is required only if you plan to add the target Exchange organization using the Add Target Organization Wizard under this account.
- Permissions to log on to every mailbox involved in the migration by granting Full Control permission on a mailbox database
- The Move Mailboxes management role
- The Mail Recipients management role
- The ApplicationImpersonation management role
For public folder synchronization:
- Membership in the local Administrators group on all target Exchange servers involved in the migration. If a server is a domain controller, the account should be added to the domain local Administrators group of the domain.
- The Mail Enabled Public Folders management role
- Permissions to process public folders involved in the migration by granting Full Control permission on mailbox databases where those public folders reside.
|
Active Directory account
- Work with the target Active Directory
- Re-home mailboxes
- Switch mailboxes (Migration Agent for Exchange)
|
On the General>Associateddomain controller page of the target Exchange server Properties in the Migration Manager Console |
For mailbox and calendar synchronization:
- Read access to the target domain (including all descendant objects)
- Read permission for the Microsoft Exchange container in the Configuration partition of target Active Directory (including all descendant objects)
For public folder synchronization:
- The Write proxyAddresses permission on the Descendant publicFolder objects for the Microsoft Exchange System Objects organizational unit in all domains in which target Exchange servers involved in public folder synchronization reside.
NOTE: Alternatively, you can grant the Write permission on that organizational unit. |
To learn how to grant rights and permissions required for this account, refer to the Target Exchange 2013 Preparation document.
Accounts for Target Exchange 2016 Server
Exchange account
- Work with target Exchange mailboxes and public folders (used by the Migration Agent for Exchange, Public Folder Source Agent, and Public Folder Target Agent)
- Mail-enable the newly-created public folders (used by the public folder agents only: Public Folder Source Agent and Public Folder Target Agent)
- Move mailboxes
|
On the General>Connection page of the target Exchange server Properties in the Migration Manager Console |
For mailbox and calendar synchronization:
- Read access to the target domain (including all descendant objects)
- Read permission for the Microsoft Exchange container in the Configuration partition of target Active Directory (including all descendant objects) . This is required only if you plan to add the target Exchange organization using the Add Target Organization Wizard under this account.
- Permissions to log on to every mailbox involved in the migration by granting Full Control permission on a mailbox database
- The Move Mailboxes management role
- The Mail Recipients management role
- The ApplicationImpersonation management role
For public folder synchronization:
- Membership in the local Administrators group on all target Exchange servers involved in the migration. If a server is a domain controller, the account should be added to the domain local Administrators group of the domain.
- The Mail Enabled Public Folders management role
- Permissions to process public folders involved in the migration by granting Full Control permission on mailbox databases where those public folders reside.
- Permission to log on to public folder administrator mailbox by granting Full Control on it.
NOTE: Exchange account used for public folder synchronization must be mailbox-enabled to be able obtaining target public folder hierarchy. |
Active Directory account
- Work with the target Active Directory
- Re-home mailboxes
- Switch mailboxes (Migration Agent for Exchange)
|
On the General>Associateddomain controller page of the target Exchange server Properties in the Migration Manager Console |
For mailbox and calendar synchronization:
- Read access to the target domain (including all descendant objects)
- Read permission for the Microsoft Exchange container in the Configuration partition of target Active Directory (including all descendant objects)
For public folder synchronization:
- The Write proxyAddresses permission on the Descendant publicFolder objects for the Microsoft Exchange System Objects organizational unit in all domains in which target Exchange servers involved in public folder synchronization reside.
NOTE: Alternatively, you can grant the Write permission on that organizational unit. |
To learn how to grant rights and permissions required for this account, refer to the Target Exchange 2016 Preparation document.
Accounts for Target Exchange 2019 Server
Exchange account
- Work with target Exchange mailboxes (used by the Migration Agent for Exchange)
- Move mailboxes
|
On the General>Connection page of the target Exchange server Properties in the Migration Manager Console |
For mailbox and calendar synchronization:
- Read access to the target domain (including all descendant objects)
- Read permission for the Microsoft Exchange container in the Configuration partition of target Active Directory (including all descendant objects). This is required only if you plan to add the target Exchange organization using the Add Target Organization Wizard under this account.
- Permissions to log on to every mailbox involved in the migration by granting Full Control permission on a mailbox database
- The Move Mailboxes management role
- The Mail Recipients management role
- The ApplicationImpersonation management role
|
Active Directory account
- Work with the target Active Directory
- Re-home mailboxes
- Switch mailboxes (Migration Agent for Exchange)
|
On the General>Associateddomain controller page of the target Exchange server Properties in the Migration Manager Console |
For mailbox and calendar synchronization:
- Read access to the target domain (including all descendant objects)
- Read permission for the Microsoft Exchange container in the Configuration partition of target Active Directory (including all descendant objects)
NOTE: Alternatively, you can grant the Write permission on that organizational unit. |
To learn how to grant rights and permissions required for this account, refer to the Target Exchange 2019 Preparation document.