Quest Migration Manager for Exchange Granular Account Permissions for Exchange 2010 to 2010 Migration

Similar documents
Quest Migration Manager for Exchange Granular Account Permissions for Exchange 2010 to 2013 Migration

Quest Migration Manager Upgrade Guide

Quest Migration Manager for Exchange Resource Kit User Guide

Metalogix Intelligent Migration. Installation Guide

Metalogix Archive Manager for Files 8.0. IIS Installation

Spotlight on SQL Server Enterprise Spotlight Management Pack for SCOM

Quest Unified Communications Diagnostics Data Recorder User Guide

Quest InTrust Objects Created and Used by InTrust

Quest Recovery Manager for Active Directory 9.0. Quick Start Guide

Toad DevOps Toolkit 1.0

Quest Migrator for Notes to Exchange SSDM User Guide

Quest Recovery Manager for Active Directory Forest Edition 9.0. Quick Start Guide

SQL Optimizer for Oracle Installation Guide

Toad Edge 2.0 Preview

Quest InTrust InTrust Events

Quest Code Tester for Oracle 3.1. Installation and Configuration Guide

About Toad for Oracle 2017 Editions 2. Product release notes 4. Installation 5

SQL Optimizer for IBM DB2 LUW 4.3.1

Quest Knowledge Portal 2.9

Quest Migration Manager for Active Directory Cached Credentials Utility Administrator Guide

Metalogix ControlPoint 7.6. for Office 365 Installation Guide

Quest Migration Manager for Exchange Source and Target Exchange 2003 Environment Preparation

About this release. New features. October 2018

KACE GO Mobile App 5.0. Getting Started Guide

Metalogix StoragePoint 5.7. Release Notes

Toad Edge Installation Guide

Quest Client Profile Updating Utility 5.7

KACE GO Mobile App 3.1. Release Notes

One Identity Starling Two-Factor Authentication. Administrator Guide

Quest Migration Manager for Exchange Product Overview

KACE GO Mobile App 4.0. Release Notes

KACE GO Mobile App 5.0. Release Notes

Cloud Access Manager How to Deploy Cloud Access Manager in a Virtual Private Cloud

Metalogix Migrator 4.7. Install Guide

Toad for Oracle 2018 Editions. Installation Guide

Quest Knowledge Portal Installation Guide

One Identity Quick Connect Express

Toad Edge Installation Guide

One Identity Starling Two-Factor AD FS Adapter 6.0. Administrator Guide

One Identity Starling Two-Factor Authentication. Administration Guide

Metalogix Content Matrix 8.7. Quick Start Guide

One Identity Active Roles 7.2

Quest Migration Manager for Exchange Target Exchange 2013 Environment Preparation

Metalogix ControlPoint 7.6

One Identity Password Manager User Guide

Authentication Services ActiveRoles Integration Pack 2.1.x. Administration Guide

One Identity Starling Two-Factor HTTP Module 2.1. Administration Guide

Quest Migration Manager for Exchange Target Exchange 2016 Environment Preparation

Quest Migration Manager for Exchange Target Exchange 2010 Environment Preparation (MAgE)

One Identity Active Roles Diagnostic Tools 1.2.0

Quest Migration Manager for Exchange Target Exchange 2010 Environment Preparation (Legacy)

EAM Portal User's Guide

One Identity Starling Two-Factor Desktop Login 1.0. Administration Guide

One Identity Active Roles 7.2. Management Pack Technical Description

Quest Migration Manager for Exchange Target Exchange 2007 Environment Preparation

Cloud Access Manager How to Configure for SSO to SAP NetWeaver using SAML 2.0

Spotlight Management Pack for SCOM. User Guide

One Identity Defender 5.9. Product Overview

Metalogix StoragePoint 5.7. Advanced Installation Guide

Quest Recovery Manager for Active Directory Deployment Guide

Cloud Access Manager SonicWALL Integration Overview

Quest Collaboration Services 3.6. Installation Guide

TOAD TIPS & TRICKS. Written by Jeff Podlasek, Toad DB2 product manager, Quest

One Identity Management Console for Unix 2.5.1

Foglight for DB2 LUW Hardware Sizing Guide

Quest VROOM Quick Setup Guide for Quest Rapid Recovery and Foglight Windows Installers

One Identity Active Roles 7.2. Azure AD and Office 365 Management Administrator Guide

Quest VROOM Quick Setup Guide for Quest Rapid Recovery and Foglight Windows Installers

About One Identity Quick Connect for Base Systems 2.4.0

Quest InTrust Real-Time Monitoring Guide

One Identity Active Roles 7.2. Replication: Best Practices and Troubleshooting Guide

One Identity Active Roles 7.2. Configuration Transfer Wizard Administrator Guide

Quest VROOM Quick Setup Guide for Quest Rapid Recovery for Windows and Quest Foglight vapp Installers

Quest Migration Manager System Requirements and Access Rights

Setting up the DR Series System on Acronis Backup & Recovery v11.5. Technical White Paper

Rapid Recovery License Portal Version User Guide

Dell Secure Mobile Access Connect Tunnel Service User Guide

Toad Intelligence Central 3.3 New in This Release

Management Console for SharePoint

Quest Migration Manager System Requirements and Access Rights

One Identity Starling Two-Factor Authentication

Quest VROOM Quick Setup Guide for Quest Rapid Recovery for Windows and Quest Foglight vapp Installers

Metalogix Essentials for Office

LiteSpeed for SQL Server 6.1. Configure Log Shipping

Setting up Quest QoreStor as an RDA Backup Target for NetVault Backup. Technical White Paper

Toad Data Modeler 6.3. Installation Guide

Quest ChangeAuditor 5.1 FOR LDAP. User Guide

Setting up the DR Series System with vranger. Technical White Paper

Authentication Manager Self Service Password Request Administrator s Guide

One Identity Manager Data Archiving Administration Guide

Cloud Access Manager How to Configure Microsoft Office 365

Quest InTrust Understanding InTrust Repositories

Toad for Oracle Installation Guide

Metalogix Essentials for Office Creating a Backup

Quest On Demand Migration. Administrator Guide

The Privileged Appliance and Modules (TPAM) 1.0. Diagnostics and Troubleshooting Guide

Quest Client Profile Updating Utility 5.7.7

About One Identity Quick Connect for Cloud Services Release Notes

Rapid Recovery DocRetriever for SharePoint User Guide

Toad Edge is a database management application that allows you to perform database administration tasks with ease. Toad Edge allows you to:

Transcription:

Quest Migration Manager for Exchange 8.14 Granular Account s for

2017 Quest Software Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide is furnished under a software license or nondisclosure agreement. This software may be used or copied only in accordance with the terms of the applicable agreement. No part of this guide may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying and recording for any purpose other than the purchaser s personal use without the written permission of Quest Software Inc. The information in this document is provided in connection with Quest Software products. No license, express or implied, by estoppel or otherwise, to any intellectual property right is granted by this document or in connection with the sale of Quest Software products. EXCEPT AS SET FORTH IN THE TERMS AND CONDITIONS AS SPECIFIED IN THE LICENSE AGREEMENT FOR THIS PRODUCT, QUEST SOFTWARE ASSUMES NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PRODUCTS INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. IN NO EVENT SHALL QUEST SOFTWARE BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION OR LOSS OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF QUEST SOFTWARE HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Quest Software makes no representations or warranties with respect to the accuracy or completeness of the contents of this document and reserves the right to make changes to specifications and product descriptions at any time without notice. Quest Software does not make any commitment to update the information contained in this document. If you have any questions regarding your potential use of this material, contact: Quest Software Inc. Attn: LEGAL Dept 4 Polaris Way Aliso Viejo, CA 92656 Refer to our Web site (https://www.quest.com) for regional and international office information. Patents Quest Software is proud of our advanced technology. Patents and pending patents may apply to this product. For the most current information about applicable patents for this product, please visit our website at https://www.quest.com/legal. Trademarks Quest, the Quest logo, and Join the Innovation are trademarks and registered trademarks of Quest Software Inc. For a complete list of Quest marks, visit https://www.quest.com/legal/trademark-information.aspx. All other trademarks and registered trademarks are property of their respective owners. Legend CAUTION: A CAUTION icon indicates potential damage to hardware or loss of data if instructions are not followed. IMPORTANT, NOTE, TIP, MOBILE, or VIDEO: An information icon indicates supporting information. Migration Manager for Exchange Granular Account s for Updated - April 2017 Version - 8.14

Contents Overview 4 Source Exchange 2010 s 5 Exchange Account 5 Active Directory Account 6 Target Exchange 2010 s 7 Exchange Account 7 Active Directory Account 8 Required s 9 Read Access to Active Directory Domain 9 Read for the Microsoft Exchange Container 9 Full Control on Mailbox Database 10 Full Control on Public Folder Database 10 Move Mailboxes Management Role 10 Membership in Local Administrators Group 10 Write proxyaddresses on Descendant PublicFolder Objects 11 Membership in Public Folder Management Group 11 About us 12 Contacting Quest 12 Technical support resources 12 3

Overview This document describes minimal set of permissions required for mailbox, calendar and public folder synchronization from a source Exchange 2010 organization to a target Exchange 2010 organization using Migration Manager for Exchange. NOTE: s required for native mailbox move are out of scope of this document. For general information on account permissions required for Migration Manager for Exchange operation, refer to System Requirements and Access Rights document. IMPORTANT: s in this document are sufficient for a successful migration only if the following requirements are met: 1. User accounts used by Migration Manager for Exchange agents are members of the Domain Users group. Membership in that group is gained automatically when a user is created in a domain. 2. Default group permissions of the Domain Users group are not modified. 3. s for Active Directory Synchronization accounts are granted according to Accounts Used by the Directory Synchronization Agent. Those accounts are used for switching mailboxes during mailbox synchronization. Overview 4

Source Exchange 2010 s Exchange Account Active Directory Account Exchange Account Mailbox and Calendar Synchronization The following permissions are required for source Exchange account used by MSA and CSA during legacy mailbox or calendar synchronization: Read access to the source domain (including all descendant objects) Membership in the local Administrators group on all source Exchange servers involved in the migration. If a server is a domain controller, the account should be added to the domain local Administrators group of the domain. Read permission for the Microsoft Exchange container in the Configuration partition of source Active Directory (including all descendant objects) s to process every mailbox involved in the migration by granting 1. Full Control permission on a mailbox database 2. Full Control permission on an associated public folder database : Mailbox database : Public folder database NOTE: If you have any Exchange 2010 Service Pack 2 servers in the source Exchange organization, the Address Book Policy (ABP) assigned to the account must include Global Address List (GAL) containing all recipients of the source Exchange organization. TIP: The Read permission for the Microsoft Exchange container is required only if this account is used as Active Directory account as well and you plan to add the source Exchange organization using the Add Source Organization Wizard under this account. Public Folder Synchronization The following permissions are required for source Exchange account used by PFSA and PFTA during public folder synchronization: Membership in the local Administrators group on all source Exchange servers involved in the migration. If a server is a domain controller, the account should be added to the domain local Administrators group of the domain. Membership in the Public Folder Management group Source Exchange 2010 s 5

s to process public folders involved in the migration by granting Full Control permission on public folder databases where those public folders reside. Active Directory Account Mailbox and Calendar Synchronization The following permissions are required for source Active Directory account used by MSA and CSA during legacy mailbox or calendar synchronization: Read access to the source domain (including all descendant objects) Read permission for the Microsoft Exchange container in the Configuration partition of source Active Directory (including all descendant objects) IMPORTANT: If migration is performed in the child domain, ensure that Active Directory account has the Read access to the parent (root) domain as well. Public Folder Synchronization The following permissions are required for source Active Directory account used by PFSA and PFTA during public folder synchronization: The Write proxyaddresses permission on the Descendant publicfolder objects for the Microsoft Exchange System Objects organizational unit in all domains in which source Exchange servers involved in public folder synchronization reside. NOTE: Alternatively, you can grant the Write permission on that organizational unit. Source Exchange 2010 s 6

Target Exchange 2010 s Exchange Account Active Directory Account Exchange Account Mailbox and Calendar Synchronization The following permissions are required for target Exchange account used by MSA, MTA and CSA during legacy mailbox or calendar synchronization: Read access to the target domain (including all descendant objects) Membership in the local Administrators group on all target Exchange servers involved in the migration. If a server is a domain controller, the account should be added to the domain local Administrators group of the domain. Read permission for the Microsoft Exchange container in the Configuration partition of target Active Directory (including all descendant objects) s to process every mailbox involved in the migration by granting 1. Full Control permission on a mailbox database 2. Full Control permission on an associated public folder database The Move Mailboxes management role : Mailbox database : Public folder database NOTE: If you have any Exchange 2010 Service Pack 2 servers in the target Exchange organization, the Address Book Policy (ABP) assigned to the account must include Global Address List (GAL) containing all recipients of the target Exchange organization. TIP: The Read permission for the Microsoft Exchange container is required only if this account is used as Active Directory account as well and you plan to add the target Exchange organization using the Add Target Organization Wizard under this account. Public Folder Synchronization The following permissions are required for target Exchange account used by PFSA and PFTA during public folder synchronization: Membership in the local Administrators group on all target Exchange servers involved in the migration. If a server is a domain controller, the account should be added to the domain local Administrators group of the domain. Target Exchange 2010 s 7

Membership in the Public Folder Management group s to process public folders involved in the migration by granting Full Control permission on public folder databases where those public folders reside. Active Directory Account Mailbox and Calendar Synchronization The following permissions are required for target Active Directory account used by MSA, MTA and CSA during legacy mailbox or calendar synchronization: Read access to the target domain (including all descendant objects) Read permission for the Microsoft Exchange container in the Configuration partition of target Active Directory (including all descendant objects) IMPORTANT: If migration is performed in the child domain, ensure that Active Directory account has the Read access to the parent (root) domain as well. Public Folder Synchronization The following permissions are required for target Active Directory account used by PFSA and PFTA during public folder synchronization: The Write proxyaddresses permission on the Descendant publicfolder objects for the Microsoft Exchange System Objects organizational unit in all domains in which target Exchange servers involved in public folder synchronization reside. NOTE: Alternatively, you can grant the Write permission on that organizational unit. Target Exchange 2010 s 8

Required s This section contains reference information how to grant an account the following permissions: Read Access to Active Directory Domain Read for the Microsoft Exchange Container Full Control on Mailbox Database Full Control on Public Folder Database Move Mailboxes Management Role Membership in Local Administrators Group Write proxyaddresses on Descendant PublicFolder Objects Membership in Public Folder Management Group Read Access to Active Directory Domain To grant this permission to an account, complete the following steps: 1. In the Active Directory Users and Computers snap-in, right-click the domain name, and then click Properties. 2. On the Security tab, click Add and select the account. 3. Select the account, and then check the Allow box for the Read permission in the s box. 4. Click the Advanced button. In the Advanced Security Settings dialog box, select the account you specified on step 2, and click Edit. 5. In the Entry dialog box, select This object and all descendant (child) objects from the Apply to drop-down list. 6. Close the dialog boxes by clicking OK. Read for the Microsoft Exchange Container To grant this permission to an account, complete the following steps: 1. From the Start menu, select Run. In the Run dialog box, type ADSIEdit.msc. Click OK. 2. In the ADSIEdit snap-in, open the CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=< >,DC=< > container. 3. Right-click the Microsoft Exchange container and select Properties. 4. In the Properties dialog box, click the Security tab. 5. On the Security tab, click Add and select the account to which you wish to assign permissions. Required s 9

6. Select the account name, and then enable the Allow option for the Read permission in the s box. 7. Click the Advanced button. In the Advanced Security Settings dialog box, select the account you specified on step 5 and click Edit. 8. In the Entry dialog box, select This object and all child (descendant) objects from the Apply onto drop-down list. 9. Close the dialog boxes by clicking OK. Full Control on Mailbox Database To grant the Full Control permission on a mailbox database to the <User> (in our example, LA\JohnSmith), run the following cmdlet in Exchange Management Shell: Get-MailboxDatabase Add-AD -User LA\JohnSmith -AccessRights GenericAll - ExtendedRights Receive-As Full Control on Public Folder Database To grant the Full Control permission on a public folder database to the <User> (in our example, LA\JohnSmith), run the following cmdlet in Exchange Management Shell: Get-PublicFolderDatabase Add-AD -User LA\JohnSmith -AccessRights GenericAll -ExtendedRights Receive-As Move Mailboxes Management Role To grant the Move Mailboxes management role to the <User> (in our example, LA\JohnSmith), run the following cmdlet in Exchange Management Shell: New-ManagementRoleAssignment -Role "Move Mailboxes" -User LA\JohnSmith Membership in Local Administrators Group To add an account to the local Administrators group on a server, perform the following: 1. Open the Computer Management snap-in (Click Start Run, enter compmgmt.msc and then click OK). 2. In the left pane click System Tools Local Users and Groups Groups. 3. Right-click the Administrators group and click Add to Group. 4. Click Add and select the account. 5. Close the dialog boxes by clicking OK. Required s 10

Write proxyaddresses on Descendant PublicFolder Objects To grant an account the Write proxyaddresses permission on the Descendant publicfolder objects for the Microsoft Exchange System Objects organizational unit, take the following steps: 1. In the Active Directory Users and Computers snap-in, right-click the Microsoft Exchange System Objects OU and click Properties. NOTE: If there is no Microsoft Exchange System Objects OU, you should select View Advanced Features in the Active Directory Users and Computers snap-in. 2. On the Security tab, click Advanced, then click Add and specify the account. Then click OK. 3. On the Object tab of the Entry dialog box, select Descendant publicfolder objects from the Apply to drop-down list. 4. Then open the Properties tab and select Descendant publicfolder objects again. 5. After that enable the Allow option for the Write proxyaddresses permission in the s box. 6. Close the dialog boxes by clicking OK. Membership in Public Folder Management Group To add an account to the Public Folder Management group in the Exchange 2010 organization, take the following steps: 1. In the Active Directory Users and Computers snap-in select the Microsoft Exchange Security Groups node. 2. In the right pane, right-click Public Folder Management group and click Properties. 3. On the Members tab click Add and select the account. 4. Close the dialog boxes by clicking OK. Required s 11

About us About us We are more than just a name We are on a quest to make your information technology work harder for you. That is why we build communitydriven software solutions that help you spend less time on IT administration and more time on business innovation. We help you modernize your data center, get you to the cloud quicker and provide the expertise, security and accessibility you need to grow your data-driven business. Combined with Quest s invitation to the global community to be a part of its innovation, and our firm commitment to ensuring customer satisfaction, we continue to deliver solutions that have a real impact on our customers today and leave a legacy we are proud of. We are challenging the status quo by transforming into a new software company. And as your partner, we work tirelessly to make sure your information technology is designed for you and by you. This is our mission, and we are in this together. Welcome to a new Quest. You are invited to Join the Innovation. Our brand, our vision. Together. Our logo reflects our story: innovation, community and support. An important part of this story begins with the letter Q. It is a perfect circle, representing our commitment to technological precision and strength. The space in the Q itself symbolizes our need to add the missing piece you to the community, to the new Quest. Contacting Quest For sales or other inquiries, visit https://www.quest.com/company/contact-us.aspx or call +1-949-754-8000. Technical support resources Technical support is available to Quest customers with a valid maintenance contract and customers who have trial versions. You can access the Quest Support Portal at https://support.quest.com. The Support Portal provides self-help tools you can use to solve problems quickly and independently, 24 hours a day, 365 days a year. The Support Portal enables you to: Submit and manage a Service Request View Knowledge Base articles Sign up for product notifications Download software and technical documentation View how-to-videos Engage in community discussions Chat with support engineers online View services to assist you with your product About us 12

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback