立即与支持人员聊天
与支持团队交流

Migrator for Notes 20.14 - Installation and Configuration Guide

Section 1. Introduction Section 2. Installing Binary Tree Migrator for Notes Section 3. Setting Up the Migrator for Notes Domino Database Section 4. Configuring Settings in Migrator for Notes About us Technical support resources Appendix A: Preparing for Office 365 Migrations Appendix B: Preparing for Office 365 Modern Authentication Appendix C: Creating a Migration Farm Appendix D: Securing Migrator for Notes Web Services with Windows Authentication Appendix E: Microsoft Graph Application ID Appendix F: Modern Authentication Delegation Migration Third-party Contributions

Configuring an Azure AD Application Registration for Microsoft Graph

  1. Navigate to the Azure administration portal at https://portal.azure.com and sign in with an admin account.

  2. Use the navigator to access Azure Active Directory. Graphical user interface, text, application Description automatically generated

  3. Select App registrations to begin the process of creating an Application ID for use with the Migrator for Notes Delegation migrations.

    Graphical user interface, application Description automatically generated

  4. Choose to create a New registration. Graphical user interface, text, application, email Description automatically generated

  5. Provide a name for the App registration and use the default ‘Accounts in this organizational directory only’ for the supported account types.

  6. In the Redirect URI section, select Public client/native (mobile & desktop) and set the URI to: urn:ietf:wg:oauth:2.0:oob Graphical user interface, text, application, email Description automatically generated

  7. Click the Register button. Notice two of the four items needed for configuration, the Application (client) ID and the Directory (tenant) ID.Graphical user interface, text, application Description automatically generated

  8. Notice when hovering over these two values, a Copy icon will appear to copy the values with a single click.

  1. Click the Copy icon to copy the values before continuing. These will be required for the Migrator for Notes Settings so ensure that these values are retained. The values can be viewed later in the process if they are missed.

  2. Use the navigator to click on Certificates & Secrets. Use the New client secret to Add a client secret.

Provide a name for the new secret and then select the length of time that the secret will be valid for. Graphical user interface, text, application, email Description automatically generated

 

A picture containing icon Description automatically generated
This secret will be used throughout the migration process. New secrets can be created and updated on the Migrator for Notes Settings but if a secret expires during a migration project this can cause disruption until a new secret is applied.

  1. After adding the secret, the Value for the secret will be displayed. Click the copy icon and save the client secret wherever you saved the application ID and directory ID or apply it directly to the Migrator for Notes Settings.Graphical user interface, text, application, email Description automatically generated

 

A picture containing icon Description automatically generated
The Client Secret must be copied when it is created. This cannot be accessed after creation. If the secret is not copied, then it would need to be deleted and recreated.

  1. Next the permissions for the application need to be set. To do this, use the navigator to select API permissions.

  2. Use the Add a permission button to select the permissions that will be used for Graph. For the permissions select Microsoft APIs and then select Microsoft Graph.Graphical user interface, application Description automatically generated

  3. For the API permissions select Application permissions. Graphical user interface, text, application, email Description automatically generated

  4. Then enable the below permissions from the options available and Add permissions. The permissions items can be entered into the Search bar to locate each one directly.Graphical user interface, text, application, email Description automatically generated

    Permissions to add: MailboxSettings.Read , MailboxSettings.ReadWrite , Organization.Read.All , User.Read.All , User.ReadWrite.All

    Graphical user interface, text, application Description automatically generated

  5. Use the Add a permission button again and for the permissions select APIs my organization uses and then locate and select Office 365 Exchange Online.Graphical user interface, application, email Description automatically generated

  6. Then enable the below permissions from the options available and Add permissions. The permissions items can be entered into the Search bar to locate each one directly.Graphical user interface, text, application, email Description automatically generated

    Permissions to add: Exchange.ManageAsApp , Mail.ReadWrite , Organization.ReadWrite.All.Graphical user interface, text, application Description automatically generated

    If delegation migration for permissions will be used for the migration process then Other Permissions | full_access_as_app can also be added. This will allow the Application ID to be used for the delegation migration and replace the configuration for a second Application ID in Appendix F. Graphical user interface, text, application, email Description automatically generated

  7. This will then require consent to be granted by a tenant admin account.Graphical user interface, text, application, email Description automatically generated

  8. Use the Grant admin consent for <tenant> button to complete the process.Graphical user interface, application Description automatically generated

  9. This concludes the Application ID setup in the tenant. Details for the application can be viewed on the Overview page.Graphical user interface, text, application, email Description automatically generated

 

Appendix F: Modern Authentication Delegation Migration

The delegation migration does require an Application (client) ID to be created in the tenant to process mailbox folder level permissions. The process to set up an Application ID can be found in the Configuring an Azure AD Application Registration section. The steps are based on Microsoft configuration at the time of release, refer to Microsoft documentation if these are changed.

The details for the Application ID are applied to the Migrator for Notes Settings | Delegation | Application ID tab.

This is an additional step that must be completed for the delegation migration. The account setup must still be completed and the general Modern Authentication requirements and configuration followed.

Graphical user interface, text, application Description automatically generated

 

The following table describes the values for each setting.

Settings    

Description

Directory (Tenant) ID

Target Tenant ID, this is displayed with the Application ID setup.

Application (Client) ID

Exchange Online EWS Application ID created in the target tenant. Review the configuration guide for Modern Authentication to create this.

Client Secret

EWS Application ID secret. Review the configuration guide for Modern Authentication to create this. Use the button to input this value to ensure that it is hashed when it is stored using the AsSecure PowerShell method.

Access Scope

MSAL Token Access Scopes for the Application ID. This is the App ID URI for accessing EWS and the permissions scope for the token used to access Exchange Online. The default scope can be used for the Application ID that is created unless Microsoft documentation advises changing the scope in cases of tenants that have differing configurations.

Refresh Count

The number of minutes to process for delegation updates before the PowerShell will request a refresh token for the Modern Authentication access to the tenant. This can be adjusted if there are authentication failures during the processing which can occur if there are a large number of delegates for each account.

Install MSAL PowerShell Authentication Module

  • On the server that will be performing the PowerShell processing for the delegation migration the MSAL PowerShell module will be required, this can be added through PowerShell using the Run As Administrator option.

Install-Module MSAL.ps

Configuring an Azure AD App Registration

  1. Navigate to the Azure administration portal at https://portal.azure.com and sign in with an admin account.

  2. Use the navigator to access Azure Active Directory.

  1. Select App registrations to begin the process of creating an Application ID for use with the Migrator for Notes Delegation migrations.

  1. Choose to create a New registration.

  1. Provide a name for the App registration and use the default ‘Accounts in this organizational directory only’ for the supported account types.

In the Redirect URI section, select Public client/native (mobile & desktop) and set the URI to: urn:ietf:wg:oauth:2.0:oob

  1. Click the Register button. Notice two of the four items needed for configuration, the Application (client) ID and the Directory (tenant) ID.

  1. Notice when hovering over these two values, a copy icon will appear to copy the values with a single click.

Click this icon to copy the values before continuing. These will be required for the Migrator for Notes Settings so ensure that these values are retained. The values can be viewed later in the process if they are missed.

  1. Use the navigator to click on Certificates & Secrets. Use the New client secret to Add a client secret.

Provide a name for the new secret and then select the length of time that the secret will be valid for.


This secret will be used throughout the migration process. New secrets can be created and updated on the Migrator for Notes Settings but if a secret expires during a migration project this can cause disruption until a new secret is applied.

 

  1. After adding the secret, the Value for the secret will be displayed. Click the copy icon and save the client secret wherever you saved the application ID and directory ID or apply it directly to the Migrator for Notes Settings.

 


The Client Secret must be copied when it is created. This cannot be accessed after creation. If the secret is not copied, then it would need to be deleted and recreated.

  1. Next the permissions for the application need to be set. To do this, use the navigator to select API permissions.

Graphical user interface, text, application, email Description automatically generated

  1. Use the Add a permission button to select the permissions that will be used. For the permissions select APIs my organization uses and then locate Office 365 Exchange Online.

Graphical user interface, text, application, email Description automatically generated

  1. For the API permissions select Application permissions.

  1. Then select Other permissions | full_access_as_app from the options available and Add permissions.

Graphical user interface, text, application, email Description automatically generated

  1. This will then require consent to be granted by a tenant admin account.

Graphical user interface, text, application, email Description automatically generated

  1. Use the Grant admin consent for <tenant> button to complete the process.

Graphical user interface, text, application, email Description automatically generated

  1. This concludes the Application ID setup in the tenant. Details for the application can be viewed on the Overview page.

Graphical user interface, text, application Description automatically generated

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级