Quest Migration Manager for Exchange Granular Account Permissions for Exchange 2010 to 2013 Migration

Similar documents
Quest Migration Manager for Exchange Granular Account Permissions for Exchange 2010 to 2010 Migration

Quest Migration Manager Upgrade Guide

Quest Migration Manager for Exchange Resource Kit User Guide

Metalogix Intelligent Migration. Installation Guide

Metalogix Archive Manager for Files 8.0. IIS Installation

Spotlight on SQL Server Enterprise Spotlight Management Pack for SCOM

Quest Unified Communications Diagnostics Data Recorder User Guide

Quest InTrust Objects Created and Used by InTrust

Quest Recovery Manager for Active Directory 9.0. Quick Start Guide

Toad DevOps Toolkit 1.0

Quest Migrator for Notes to Exchange SSDM User Guide

Quest Recovery Manager for Active Directory Forest Edition 9.0. Quick Start Guide

SQL Optimizer for Oracle Installation Guide

Toad Edge 2.0 Preview

Quest InTrust InTrust Events

Quest Code Tester for Oracle 3.1. Installation and Configuration Guide

SQL Optimizer for IBM DB2 LUW 4.3.1

About Toad for Oracle 2017 Editions 2. Product release notes 4. Installation 5

Quest Migration Manager for Active Directory Cached Credentials Utility Administrator Guide

Quest Knowledge Portal 2.9

Metalogix ControlPoint 7.6. for Office 365 Installation Guide

About this release. New features. October 2018

KACE GO Mobile App 5.0. Getting Started Guide

Metalogix StoragePoint 5.7. Release Notes

Quest Migration Manager for Exchange Source and Target Exchange 2003 Environment Preparation

Toad Edge Installation Guide

KACE GO Mobile App 3.1. Release Notes

Quest Client Profile Updating Utility 5.7

One Identity Starling Two-Factor Authentication. Administrator Guide

KACE GO Mobile App 4.0. Release Notes

KACE GO Mobile App 5.0. Release Notes

Cloud Access Manager How to Deploy Cloud Access Manager in a Virtual Private Cloud

Quest Migration Manager for Exchange Product Overview

Metalogix Migrator 4.7. Install Guide

Quest Migration Manager for Exchange Target Exchange 2013 Environment Preparation

Toad for Oracle 2018 Editions. Installation Guide

Toad Edge Installation Guide

One Identity Starling Two-Factor AD FS Adapter 6.0. Administrator Guide

One Identity Starling Two-Factor Authentication. Administration Guide

Quest Knowledge Portal Installation Guide

One Identity Quick Connect Express

Metalogix Content Matrix 8.7. Quick Start Guide

Quest Migration Manager for Exchange Target Exchange 2016 Environment Preparation

Quest Migration Manager for Exchange Target Exchange 2010 Environment Preparation (MAgE)

Metalogix ControlPoint 7.6

One Identity Password Manager User Guide

One Identity Active Roles 7.2

One Identity Starling Two-Factor HTTP Module 2.1. Administration Guide

Authentication Services ActiveRoles Integration Pack 2.1.x. Administration Guide

EAM Portal User's Guide

One Identity Active Roles Diagnostic Tools 1.2.0

One Identity Starling Two-Factor Desktop Login 1.0. Administration Guide

Quest Migration Manager for Exchange Target Exchange 2010 Environment Preparation (Legacy)

One Identity Active Roles 7.2. Management Pack Technical Description

Cloud Access Manager How to Configure for SSO to SAP NetWeaver using SAML 2.0

Cloud Access Manager SonicWALL Integration Overview

Quest Migration Manager for Exchange Target Exchange 2007 Environment Preparation

One Identity Defender 5.9. Product Overview

Spotlight Management Pack for SCOM. User Guide

Metalogix StoragePoint 5.7. Advanced Installation Guide

TOAD TIPS & TRICKS. Written by Jeff Podlasek, Toad DB2 product manager, Quest

One Identity Active Roles 7.2. Azure AD and Office 365 Management Administrator Guide

Quest VROOM Quick Setup Guide for Quest Rapid Recovery and Foglight Windows Installers

Foglight for DB2 LUW Hardware Sizing Guide

Quest Recovery Manager for Active Directory Deployment Guide

Quest VROOM Quick Setup Guide for Quest Rapid Recovery and Foglight Windows Installers

Quest InTrust Real-Time Monitoring Guide

One Identity Management Console for Unix 2.5.1

Quest Collaboration Services 3.6. Installation Guide

About One Identity Quick Connect for Base Systems 2.4.0

Quest VROOM Quick Setup Guide for Quest Rapid Recovery for Windows and Quest Foglight vapp Installers

Setting up the DR Series System on Acronis Backup & Recovery v11.5. Technical White Paper

Dell Secure Mobile Access Connect Tunnel Service User Guide

Rapid Recovery License Portal Version User Guide

One Identity Active Roles 7.2. Configuration Transfer Wizard Administrator Guide

One Identity Active Roles 7.2. Replication: Best Practices and Troubleshooting Guide

Toad Intelligence Central 3.3 New in This Release

One Identity Starling Two-Factor Authentication

Quest VROOM Quick Setup Guide for Quest Rapid Recovery for Windows and Quest Foglight vapp Installers

Management Console for SharePoint

Metalogix Essentials for Office

Setting up Quest QoreStor as an RDA Backup Target for NetVault Backup. Technical White Paper

Toad Data Modeler 6.3. Installation Guide

Setting up the DR Series System with vranger. Technical White Paper

Quest On Demand Migration. Administrator Guide

Authentication Manager Self Service Password Request Administrator s Guide

LiteSpeed for SQL Server 6.1. Configure Log Shipping

Quest ChangeAuditor 5.1 FOR LDAP. User Guide

Quest InTrust Understanding InTrust Repositories

Quest Migration Manager for Exchange Source Exchange 2013 Environment Preparation

Toad for Oracle Installation Guide

Metalogix Essentials for Office Creating a Backup

One Identity Manager Data Archiving Administration Guide

The Privileged Appliance and Modules (TPAM) 1.0. Diagnostics and Troubleshooting Guide

Rapid Recovery DocRetriever for SharePoint User Guide

Toad Edge is a database management application that allows you to perform database administration tasks with ease. Toad Edge allows you to:

One Identity Authentication Services Defender Integration Guide

Toad Data Point - Professional Edition. The Toad Data Point Professional edition includes the following new features and enhancements.

Cloud Access Manager How to Configure Microsoft Office 365

Quest Migration Manager Migrating to Microsoft Office 365

Transcription:

Quest Migration Manager for Exchange 8.14 Granular Account s for

2017 Quest Software Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide is furnished under a software license or nondisclosure agreement. This software may be used or copied only in accordance with the terms of the applicable agreement. No part of this guide may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying and recording for any purpose other than the purchaser s personal use without the written permission of Quest Software Inc. The information in this document is provided in connection with Quest Software products. No license, express or implied, by estoppel or otherwise, to any intellectual property right is granted by this document or in connection with the sale of Quest Software products. EXCEPT AS SET FORTH IN THE TERMS AND CONDITIONS AS SPECIFIED IN THE LICENSE AGREEMENT FOR THIS PRODUCT, QUEST SOFTWARE ASSUMES NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PRODUCTS INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. IN NO EVENT SHALL QUEST SOFTWARE BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION OR LOSS OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF QUEST SOFTWARE HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Quest Software makes no representations or warranties with respect to the accuracy or completeness of the contents of this document and reserves the right to make changes to specifications and product descriptions at any time without notice. Quest Software does not make any commitment to update the information contained in this document. If you have any questions regarding your potential use of this material, contact: Quest Software Inc. Attn: LEGAL Dept 4 Polaris Way Aliso Viejo, CA 92656 Refer to our Web site (https://www.quest.com) for regional and international office information. Patents Quest Software is proud of our advanced technology. Patents and pending patents may apply to this product. For the most current information about applicable patents for this product, please visit our website at https://www.quest.com/legal. Trademarks Quest, the Quest logo, and Join the Innovation are trademarks and registered trademarks of Quest Software Inc. For a complete list of Quest marks, visit https://www.quest.com/legal/trademark-information.aspx. All other trademarks and registered trademarks are property of their respective owners. Legend CAUTION: A CAUTION icon indicates potential damage to hardware or loss of data if instructions are not followed. IMPORTANT, NOTE, TIP, MOBILE, or VIDEO: An information icon indicates supporting information. Migration Manager for Exchange Granular Account s for Updated - April 2017 Version - 8.14

Contents Overview 4 Source Exchange 2010 s 5 Exchange Account 5 Active Directory Account 6 Target Exchange 2013 s 7 Exchange Account 7 Active Directory Account 8 Required s 9 Read Access to Active Directory Domain 9 Read for the Microsoft Exchange Container 9 Full Control on Mailbox Database 10 Full Control on Public Folder Database 10 Move Mailboxes Management Role 10 Mail Recipients Management Role 10 Mail Enabled Public Folders Management Role 11 ApplicationImpersonation Management Role 11 Membership in Local Administrators Group 11 Write proxyaddresses on Descendant PublicFolder Objects 11 Membership in Public Folder Management Group 12 About us 13 Contacting Quest 13 Technical support resources 13 3

Overview This document describes minimal set of permissions required for mailbox, calendar and public folder synchronization from a source Exchange 2010 organization to a target Exchange 2013 organization using Migration Manager for Exchange. NOTE: s required for native mailbox move are out of scope of this document. For general information on account permissions required for Migration Manager for Exchange operation, refer to System Requirements and Access Rights document. Overview 4

Source Exchange 2010 s Exchange Account Active Directory Account Exchange Account Mailbox and Calendar Synchronization The following permissions are required for source Exchange account used by Migration Agent for Exchange during mailbox or calendar synchronization: Read access to the source domain (including all descendant objects) Read permission for the Microsoft Exchange container in the Configuration partition of source Active Directory (including all descendant objects) s to process every mailbox involved in the migration by granting 1. Full Control permission on a mailbox database 2. Full Control permission on an associated public folder database The ApplicationImpersonation management role : Mailbox database : Public folder database TIP: The Read permission for the Microsoft Exchange container is required only if you plan to add the source Exchange organization in the Add Source Organization Wizard under this account. Public Folder Synchronization The following permissions are required for source Exchange account used by PFSA and PFTA during public folder synchronization: Membership in the local Administrators group on all source Exchange servers involved in the migration. If a server is a domain controller, the account should be added to the domain local Administrators group of the domain. Membership in the Public Folder Management group s to process public folders involved in the migration by granting Full Control permission on public folder databases where those public folders reside. Source Exchange 2010 s 5

Active Directory Account Mailbox and Calendar Synchronization The following permissions are required for source Active Directory account used by Migration Agent for Exchange during mailbox or calendar synchronization: Read access to the source domain (including all descendant objects) Read permission for the Microsoft Exchange container in the Configuration partition of source Active Directory (including all descendant objects) IMPORTANT: If migration is performed in the child domain, ensure that Active Directory account has the Read access to the parent (root) domain as well. Public Folder Synchronization The following permissions are required for source Active Directory account used by PFSA and PFTA during public folder synchronization: The Write proxyaddresses permission on the Descendant publicfolder objects for the Microsoft Exchange System Objects organizational unit in all domains in which source Exchange servers involved in public folder synchronization reside. NOTE: Alternatively, you can grant the Write permission on that organizational unit. Source Exchange 2010 s 6

Target Exchange 2013 s Exchange Account Active Directory Account Exchange Account Mailbox and Calendar Synchronization The following permissions are required for target Exchange account used by Migration Agent for Exchange during mailbox or calendar synchronization: Read access to the target domain (including all descendant objects) Read permission for the Microsoft Exchange container in the Configuration partition of target Active Directory (including all descendant objects) s to log on to every mailbox involved in the migration by granting Full Control permission on a mailbox database The Move Mailboxes management role The Mail Recipients management role The ApplicationImpersonation management role TIP: The Read permission for the Microsoft Exchange container is required only if you plan to add the target Exchange organization using the Add Target Organization Wizard under this account. Public Folder Synchronization The following permissions are required for target Exchange account used by PFSA and PFTA during public folder synchronization: Membership in the local Administrators group on all target Exchange servers involved in the migration. If a server is a domain controller, the account should be added to the domain local Administrators group of the domain. The Mail Enabled Public Folders management role s to process public folders involved in the migration by granting Full Control permission on mailbox databases where those public folders reside. Target Exchange 2013 s 7

Active Directory Account Mailbox and Calendar Synchronization The following permissions are required for target Active Directory account used by Migration Agent for Exchange during mailbox or calendar synchronization: Read access to the target domain (including all descendant objects) Read permission for the Microsoft Exchange container in the Configuration partition of target Active Directory (including all descendant objects) Public Folder Synchronization The following permissions are required for target Active Directory account used by PFSA and PFTA during public folder synchronization: The Write proxyaddresses permission on the Descendant publicfolder objects for the Microsoft Exchange System Objects organizational unit in all domains in which target Exchange servers involved in public folder synchronization reside. NOTE: Alternatively, you can grant the Write permission on that organizational unit. Target Exchange 2013 s 8

Required s This section contains reference information how to grant an account the following permissions: Read Access to Active Directory Domain Read for the Microsoft Exchange Container Full Control on Mailbox Database Full Control on Public Folder Database Move Mailboxes Management Role Mail Recipients Management Role Mail Enabled Public Folders Management Role ApplicationImpersonation Management Role Membership in Local Administrators Group Write proxyaddresses on Descendant PublicFolder Objects Membership in Public Folder Management Group Read Access to Active Directory Domain To grant this permission to an account, complete the following steps: 1. In the Active Directory Users and Computers snap-in, right-click the domain name, and then click Properties. 2. On the Security tab, click Add and select the account. 3. Select the account, and then check the Allow box for the Read permission in the s box. 4. Click the Advanced button. In the Advanced Security Settings dialog box, select the account you specified on step 2, and click Edit. 5. In the Entry dialog box, select This object and all descendant (child) objects from the Apply to drop-down list. 6. Close the dialog boxes by clicking OK. Read for the Microsoft Exchange Container To grant this permission to an account, complete the following steps: 1. From the Start menu, select Run. In the Run dialog box, type ADSIEdit.msc. Click OK. 2. In the ADSIEdit snap-in, open the CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=< >,DC=< > container. 3. Right-click the Microsoft Exchange container and select Properties. Required s 9

4. In the Properties dialog box, click the Security tab. 5. On the Security tab, click Add and select the account to which you wish to assign permissions. 6. Select the account name, and then enable the Allow option for the Read permission in the s box. 7. Click the Advanced button. In the Advanced Security Settings dialog box, select the account you specified on step 5 and click Edit. 8. In the Entry dialog box, select This object and all child (descendant) objects from the Apply onto drop-down list. 9. Close the dialog boxes by clicking OK. Full Control on Mailbox Database To grant the Full Control permission on a mailbox database to the <User> (in our example, LA\JohnSmith), run the following cmdlet in Exchange Management Shell: Get-MailboxDatabase Add-AD -User LA\JohnSmith -AccessRights GenericAll - ExtendedRights Receive-As Full Control on Public Folder Database To grant the Full Control permission on a public folder database to the <User> (in our example, LA\JohnSmith), run the following cmdlet in Exchange Management Shell: Get-PublicFolderDatabase Add-AD -User LA\JohnSmith -AccessRights GenericAll -ExtendedRights Receive-As Move Mailboxes Management Role To grant the Move Mailboxes management role to the <User> (in our example, LA\JohnSmith), run the following cmdlet in Exchange Management Shell: New-ManagementRoleAssignment -Role "Move Mailboxes" -User LA\JohnSmith Mail Recipients Management Role To grant the Mail Recipients management role to the <User> (in our example, LA\JohnSmith), run the following cmdlet in Exchange Management Shell: New-ManagementRoleAssignment -Role "Mail Recipients" -User LA\JohnSmith Required s 10

Mail Enabled Public Folders Management Role To grant the Mail Enabled Public Folders management role to the <User> (in our example, LA\JohnSmith), run the following cmdlet in Exchange Management Shell: New-ManagementRoleAssignment -Role "Mail Enabled Public Folders" -User LA\JohnSmith ApplicationImpersonation Management Role To grant the ApplicationImpersonation management role to the <User> (in our example, LA\JohnSmith), run the following cmdlet in Exchange Management Shell: New-ManagementRoleAssignment -Role ApplicationImpersonation -User LA\JohnSmith Membership in Local Administrators Group To add an account to the local Administrators group on a server, perform the following: 1. Open the Computer Management snap-in (Click Start Run, enter compmgmt.msc and then click OK). 2. In the left pane click System Tools Local Users and Groups Groups. 3. Right-click the Administrators group and click Add to Group. 4. Click Add and select the account. 5. Close the dialog boxes by clicking OK. Write proxyaddresses on Descendant PublicFolder Objects To grant an account the Write proxyaddresses permission on the Descendant publicfolder objects for the Microsoft Exchange System Objects organizational unit, take the following steps: 1. In the Active Directory Users and Computers snap-in, right-click the Microsoft Exchange System Objects OU and click Properties. NOTE: If there is no Microsoft Exchange System Objects OU, you should select View Advanced Features in the Active Directory Users and Computers snap-in. 2. On the Security tab, click Advanced, then click Add and specify the account. Then click OK. Required s 11

3. On the Object tab of the Entry dialog box, select Descendant publicfolder objects from the Apply to drop-down list. 4. Then open the Properties tab and select Descendant publicfolder objects again. 5. After that enable the Allow option for the Write proxyaddresses permission in the s box. 6. Close the dialog boxes by clicking OK. Membership in Public Folder Management Group To add an account to the Public Folder Management group in the Exchange 2010 organization, take the following steps: 1. In the Active Directory Users and Computers snap-in select the Microsoft Exchange Security Groups node. 2. In the right pane, right-click Public Folder Management group and click Properties. 3. On the Members tab click Add and select the account. 4. Close the dialog boxes by clicking OK. Required s 12

About us About us We are more than just a name We are on a quest to make your information technology work harder for you. That is why we build communitydriven software solutions that help you spend less time on IT administration and more time on business innovation. We help you modernize your data center, get you to the cloud quicker and provide the expertise, security and accessibility you need to grow your data-driven business. Combined with Quest s invitation to the global community to be a part of its innovation, and our firm commitment to ensuring customer satisfaction, we continue to deliver solutions that have a real impact on our customers today and leave a legacy we are proud of. We are challenging the status quo by transforming into a new software company. And as your partner, we work tirelessly to make sure your information technology is designed for you and by you. This is our mission, and we are in this together. Welcome to a new Quest. You are invited to Join the Innovation. Our brand, our vision. Together. Our logo reflects our story: innovation, community and support. An important part of this story begins with the letter Q. It is a perfect circle, representing our commitment to technological precision and strength. The space in the Q itself symbolizes our need to add the missing piece you to the community, to the new Quest. Contacting Quest For sales or other inquiries, visit https://www.quest.com/company/contact-us.aspx or call +1-949-754-8000. Technical support resources Technical support is available to Quest customers with a valid maintenance contract and customers who have trial versions. You can access the Quest Support Portal at https://support.quest.com. The Support Portal provides self-help tools you can use to solve problems quickly and independently, 24 hours a day, 365 days a year. The Support Portal enables you to: Submit and manage a Service Request View Knowledge Base articles Sign up for product notifications Download software and technical documentation View how-to-videos Engage in community discussions Chat with support engineers online View services to assist you with your product About us 13

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback