Chat now with support
Chat with Support

Preparing Migration 8.15 - System Requirements and Access Rights

Migration Manager Console Migration to Microsoft Office 365 License Server Migration Manager Database Servers Migration Manager Agent Servers Statistics Portal Server Resource Updating Manager Resource Updating Wizards Processed Platforms Additional Environment Security Configuration Ports Used by General Migration Manager Components Ports Used by Migration Manager for Exchange Components Ports Used by Migration Manager for Active Directory Components Ports Used by Resource Updating Manager Accounts Required for Migration Manager Operation Accounts Used by the Directory Synchronization Agent Source Accounts Used by Migration Manager for Exchange Agents Target Accounts Used by Migration Manager for Exchange Agents Agent Host Account Used by Legacy Migration Manager for Exchange Agents Agent Host Account Used by Migration Agent for Exchange (MAgE) Accounts Used for Migrating to Microsoft Office 365 Accounts Used by RUM Agent Service Accounts Used by RUM Controller Service Account Used by Statistics Collection Agent Service Accounts Used by Statistics Portal Accounts Accounts and Rights Required for Active Directory Migration Tasks Accounts and Rights Required for Exchange Migration Tasks Using the Exchange Processing Wizard with Exchange 2010 or later Appendix. How to Set the Required Permissions for Active Directory Migration

Additional Environment Security Configuration

Firewalls and Security

Since the Migration Manager agents are installed and updated from the console over RPC and the agents transfer data directly between source and target servers over RPC as well, RPC traffic must be allowed over the routers separating the subnets.

Make sure that the following ports are open on workstations, servers, routers, and firewalls: 135 and 137–139.

For the comprehensive list of port requirements for most of the Migration Manager components, refer to the Migration Manager Required Ports document.


  • For more detailed information on what ports and protocols Microsoft operating systems and programs require for network connectivity, refer to Microsoft Knowledge Base article 832017: Service overview and network port requirements for the Windows Server system.
  • You can use the DCDiag and NetDiag utilities from Windows Support Tools to test network connectivity. To install Windows Support Tools, run Setup.exe from the \SUPPORT\TOOLS folder of Windows distributive CD. For more information about the utilities, refer to their online help and other documentation.

In Windows XP Service Pack 2, Microsoft introduced the Security Centre, which includes a client-side firewall application. The firewall is turned on by default and configured to filter the packets sent to the ports 137–139, and 445. These ports are used by the File and Printer Sharing service that must be installed and running on the computer to be updated.

IMPORTANT: In order to successfully update Windows XP Service Pack 2 and Windows Vista computers from Resource Updating Manager, the File and Printer Sharing service must be added to the firewall Exceptions list and ports 137–139 and 445 must be unblocked.

For more information on resource processing requirements, refer to Migration Manager for Active Directory Resource Processing Guide.

When granting the required permissions to the administrative accounts in Active Directory, you should also make sure that permissions inherited from the parent are not blocked at any level in your Active Directory.

LDAP Signing Configuration Requirements

If the Domain controller: LDAP server signing requirements policy is set to Require signing at your Active Directory domain controllers, you must make sure the client Network security: LDAP client signing requirements policy is set to Negotiate signing, which is the default, or Require signing. This policy must never be set to None for the client as this would result in loss of connection with the server.

This requirement is applicable for the following components:

  • Migration Manager Console
  • Migration Manager for Active Directory (Microsoft Office 365) Console
  • Directory Synchronization Agent Server
  • Directory Migration Agent Server
  • Standalone Resource Updating Manager Console
  • Active Directory Processing Wizard
  • Exchange Processing Wizard
  • Migration Manager for Exchange Console
  • Statistics Collection Agent Server
  • Exchange Migration Agents Server (Legacy and MAgE)

RC4 Encryption

The RC4 encryption (Rivest Cipher 4 or RC4-HMAC) is an element of Microsoft Kerberos authentication that Quest migration products require to sync Active Directory passwords between Source and Target environments. Disabling the use of the RC4 protocol enabled makes password syncing between environments impossible.

Beginning on November 8, 2022 Microsoft recommended an out of band (OOB) patch be employed to set AES as the default encryption type. The enabling and disabling use of the RC4 encryption protocol has potential impact beyond the function of password syncing of Quest migration tooling and should be considered carefully.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating