立即与支持人员聊天
与支持团队交流

Binary Tree Migrator for Notes 20.11 - Installation and Configuration Guide

Section 1. Introduction Section 2. Installing Binary Tree Migrator for Notes Section 3. Setting Up the Migrator for Notes Domino Database Section 4. Configuring Settings in Migrator for Notes Appendix A: Preparing for Office 365 Migrations Appendix B: Preparing for Office 365 Modern Authentication Appendix C: Creating a Migration Farm Appendix D: Securing Notes Migrator Web Services with Windows Authentication

Appendix A: Preparing for Office 365 Migrations

The following additional requirements and procedures are required when preparing for migrations where the target location is Office 365.

Additional Requirements

Software:

  • Microsoft Online Services Sign-In Assistant -required on every workstation that will log into Office 365

  • Azure Active Directory Module for Windows PowerShell (64-bit version)

Accounts:

  • 1 or 2 (recommended) Global Administration Tenant-only Accounts in Office 365

  • 1 Standard Tenant-only Mailbox Enabled Account for every two workstations. These accounts are configured through the Connectivity Tester for use in Outlook by the migration worker. These accounts have to be in an Office 365 Mail Enabled Security group for Full Access permissions access to the target mailboxes. 

  • The migration workstation needs a Windows local admin account to login.

Additional Procedures

In addition to the typical procedures to prepare for migrations, the following steps are needed for migrations to Office 365:

  1. Run the Single Sign-In Assistant

  2. Create Full Access Security Groups in Office 365 - this process should be run just after an account is activated, which enables the user’s Exchange mailbox.  Once this is complete, permission to that mailbox will be set using the group created during this procedure.

To create a security group in Office 365:

  1. Log into the Office 365 portal at https://portal.microsoftonline.com/ after and then click the “Admin” drop down menu and select “Exchange”. 

  2. Click on the “Groups” link to refresh the page.

  3. To create a security group, click the “New” (Plus Sign) action.

  4. :

  1. To populate the membership list with all the proper accounts, click the “Add” action under the “Members” section.

  2. An Address List will appear. Perform a broad search term for all the accounts you require and then elect all the accounts you would like to add.

  1. Click the “Add” action to populate the field.

  2. Click the “OK” action to populate the form. 

  3. Once the add list closed, select the “Save” action at the bottom of the New Group form. 

  4. Once the form is saved and closed, select the group you just created from the Distribution List view. 

  5. Double click the entry to display the group’s properties.

  1. Place a check mark in the “Hide this group from the shared address book” option in order to prevent end-users from using our group for email purposes.

  2. Click the “Save” action to complete the process.

  3. If you have additional members to add in the future follow this process but now expand the membership list to add or remove certain accounts from the group.

  1. Run the Single Sign-In Assistant and Windows Azure on the Migration Control Center.

  2. Set up remote PowerShell - To run any cmdlets in Office 365, an account that has the "Global Administrator" role assigned to it is required. 

To setup a workstation to access everything via PowerShell:

  1. Launch PowerShell as an administrator. At the prompt, type:  

Set-ExecutionPolicy Unrestricted 

  1. To authenticate using Remote PowerShell of O365-MT:

$Cred = Get-Credential "accountname@yourdomain.onmicrosoft.com"

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $Cred -Authentication Basic –AllowRedirection 

Import-PSSession $Session 

Import-Module msonline

Connect-MsolService -Credential $Cred

Additional Requirements

The following additional requirements and procedures are required when preparing for migrations where the target location is Office 365.

Software:

  • Microsoft Online Services Sign-In Assistant -required on every workstation that will log into Office 365

  • Azure Active Directory Module for Windows PowerShell (64-bit version)

Accounts:

  • 1 or 2 (recommended) Global Administration Tenant-only Accounts in Office 365

  • 1 Standard Tenant-only Mailbox Enabled Account for every two workstations. These accounts are configured through the Connectivity Tester for use in Outlook by the migration worker. These accounts have to be in an Office 365 Mail Enabled Security group for Full Access permissions access to the target mailboxes. 

  • The migration workstation needs a Windows local admin account to login.

Additional Procedures

In addition to the typical procedures to prepare for migrations, the following steps are needed for migrations to Office 365:

  1. Run the Single Sign-In Assistant

  2. Create Full Access Security Groups in Office 365 - this process should be run just after an account is activated, which enables the user’s Exchange mailbox.  Once this is complete, permission to that mailbox will be set using the group created during this procedure.

To create a security group in Office 365:

  1. Log into the Office 365 portal at https://portal.microsoftonline.com/ after and then click the “Admin” drop down menu and select “Exchange”. 

  2. Click on the “Groups” link to refresh the page.

  3. To create a security group, click the “New” (Plus Sign) action.

  4. :

  1. To populate the membership list with all the proper accounts, click the “Add” action under the “Members” section.

  2. An Address List will appear. Perform a broad search term for all the accounts you require and then elect all the accounts you would like to add.

  1. Click the “Add” action to populate the field.

  2. Click the “OK” action to populate the form. 

  3. Once the add list closed, select the “Save” action at the bottom of the New Group form. 

  4. Once the form is saved and closed, select the group you just created from the Distribution List view. 

  5. Double click the entry to display the group’s properties.

  1. Place a check mark in the “Hide this group from the shared address book” option in order to prevent end-users from using our group for email purposes.

  2. Click the “Save” action to complete the process.

  3. If you have additional members to add in the future follow this process but now expand the membership list to add or remove certain accounts from the group.

  1. Run the Single Sign-In Assistant and Windows Azure on the Migration Control Center.

  2. Set up remote PowerShell - To run any cmdlets in Office 365, an account that has the "Global Administrator" role assigned to it is required. 

To setup a workstation to access everything via PowerShell:

  1. Launch PowerShell as an administrator. At the prompt, type:  

Set-ExecutionPolicy Unrestricted 

  1. To authenticate using Remote PowerShell of O365-MT:

$Cred = Get-Credential "accountname@yourdomain.onmicrosoft.com"

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $Cred -Authentication Basic –AllowRedirection 

Import-PSSession $Session 

Import-Module msonline

Connect-MsolService -Credential $Cred

Appendix B: Preparing for Office 365 Modern Authentication

The following additional configurations and procedures are required when preparing for migrations where the target location is Office 365 and Modern Authentication will be used. These do require the option to migrate to Office 365 to be enabled.

Settings Updates

The Notes Migrator Settings will require the below to be configured on the Required Settings | Additional tab:

  • Enable PowerShell Modern Auth set to Yes

    • This will configure the PowerShell functions to use Modern Authentication processing for account validation, provisioning, setting full access and matching. This enables the use of the MSOnline and ExchangeOnline modules.

  • Enable Modern Auth for Migration set to Yes

    • This will update the Migration Profile to instruct the Migration Worker to use Modern Authentication for its Outlook connection to Office 365. This will use an Outlook profile on the Migration Worker that is configured for Modern Authentication.

 


The PowerShell Admin account password can be entered using the Set PowerShell Password button. This will prompt for the password in PowerShell and enter a hash of the password using the PowerShell As Secure method. This is not required and if left blank the PowerShell processing will ask for the password when the functions are performed.

 

Additional Procedures

Migration Controller

The use of Modern Authentication with PowerShell requires the ExchangeOnline module to be installed. This also requires TLS 1.2 to be enabled on the Migration Controller for PowerShell connectivity. These may require the installation of the PowerShellGet module, steps for completing the updates are below.

If prompted for updates to be completed these should be accepted.

Set up PowerShell for remote access on the Migration Controller:

  • Launch PowerShell as an administrator. At the prompt, type: 

    • Set-ExecutionPolicy Unrestricted

  • Install PowerShell ExchangeOnline Module and enable TLS 1.2:

    • Set-ItemProperty -Path 'HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NetFramework\v4.0.30319' -Name 'SchUseStrongCrypto' -Value '1' -Type DWord

    • Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\.NetFramework\v4.0.30319' -Name 'SchUseStrongCrypto' -Value '1' -Type DWord

    • Install-PackageProvider -Name NuGet -Force

    • Install-Module -Name PowerShellGet -Force

    • Install-Module –Name ExchangeOnlineManagement

Enable WinRM Basic Authentication:

  • Launch Command Prompt as an administrator. At the prompt, type:

    • winrm set winrm/config/client/auth @{Basic="true"}

Migration Worker

The use of Modern Authentication with the Notes Migrator worker application requires an Outlook profile to be configured on the worker machine. This would be configured for an Outlook profile named Migrate and would use the Office 365 account designated for the worker migration access to the target mailboxes.

The Outlook profile created will generate the required access token for Office 365 access to the migration account mailbox and the target account mailboxes. Notes Migrator will then use this token and the refresh token for migrations. Notes Migrator does not generate the token itself.

The below steps show the configuration of an Outlook profile through the process of opening Outlook for the first time. This can also be completed through Control Panel | Mail (Microsoft Outlook Version) (32 Bit) | Show Profiles.

 


This will no longer use the Connectivity Tester account on the migration worker for the Modern Authentication configuration and this can be skipped when installing the migration worker. The Connectivity Tester account is still used if Modern Authentication is not enabled.

To create the Outlook profile for a migration worker:

Open Outlook on the migration worker and choose Options | New

Set the name of the profile to Migrate

Graphical user interface, application

Description automatically generated

Enter the address of the account the would be used for the worker migrations and connect to Office 365

After the profile is configured click on the Properties, select the account used and select Change. Disable Cache Exchange Mode.

Open Outlook with the Migrate profile to validate that it is connected and to ensure that the token is created.

Settings Updates

The following additional configurations and procedures are required when preparing for migrations where the target location is Office 365 and Modern Authentication will be used. These do require the option to migrate to Office 365 to be enabled.

The Notes Migrator Settings will require the below to be configured on the Required Settings | Additional tab:

  • Enable PowerShell Modern Auth set to Yes

    • This will configure the PowerShell functions to use Modern Authentication processing for account validation, provisioning, setting full access and matching. This enables the use of the MSOnline and ExchangeOnline modules.

  • Enable Modern Auth for Migration set to Yes

    • This will update the Migration Profile to instruct the Migration Worker to use Modern Authentication for its Outlook connection to Office 365. This will use an Outlook profile on the Migration Worker that is configured for Modern Authentication.

 


The PowerShell Admin account password can be entered using the Set PowerShell Password button. This will prompt for the password in PowerShell and enter a hash of the password using the PowerShell As Secure method. This is not required and if left blank the PowerShell processing will ask for the password when the functions are performed.

 

Additional Procedures

Migration Controller

The use of Modern Authentication with PowerShell requires the ExchangeOnline module to be installed. This also requires TLS 1.2 to be enabled on the Migration Controller for PowerShell connectivity. These may require the installation of the PowerShellGet module, steps for completing the updates are below.

If prompted for updates to be completed these should be accepted.

Set up PowerShell for remote access on the Migration Controller:

  • Launch PowerShell as an administrator. At the prompt, type: 

    • Set-ExecutionPolicy Unrestricted

  • Install PowerShell ExchangeOnline Module and enable TLS 1.2:

    • Set-ItemProperty -Path 'HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NetFramework\v4.0.30319' -Name 'SchUseStrongCrypto' -Value '1' -Type DWord

    • Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\.NetFramework\v4.0.30319' -Name 'SchUseStrongCrypto' -Value '1' -Type DWord

    • Install-PackageProvider -Name NuGet -Force

    • Install-Module -Name PowerShellGet -Force

    • Install-Module –Name ExchangeOnlineManagement

Enable WinRM Basic Authentication:

  • Launch Command Prompt as an administrator. At the prompt, type:

    • winrm set winrm/config/client/auth @{Basic="true"}

Migration Worker

The use of Modern Authentication with the Notes Migrator worker application requires an Outlook profile to be configured on the worker machine. This would be configured for an Outlook profile named Migrate and would use the Office 365 account designated for the worker migration access to the target mailboxes.

The Outlook profile created will generate the required access token for Office 365 access to the migration account mailbox and the target account mailboxes. Notes Migrator will then use this token and the refresh token for migrations. Notes Migrator does not generate the token itself.

The below steps show the configuration of an Outlook profile through the process of opening Outlook for the first time. This can also be completed through Control Panel | Mail (Microsoft Outlook Version) (32 Bit) | Show Profiles.

 


This will no longer use the Connectivity Tester account on the migration worker for the Modern Authentication configuration and this can be skipped when installing the migration worker. The Connectivity Tester account is still used if Modern Authentication is not enabled.

To create the Outlook profile for a migration worker:

Open Outlook on the migration worker and choose Options | New

Set the name of the profile to Migrate

Graphical user interface, application

Description automatically generated

Enter the address of the account the would be used for the worker migrations and connect to Office 365

After the profile is configured click on the Properties, select the account used and select Change. Disable Cache Exchange Mode.

Open Outlook with the Migrate profile to validate that it is connected and to ensure that the token is created.

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级