Quest Migration Manager for Exchange 8.10
8.10 Target Exchange 2013 Environment Preparation © 2015 Quest Software, Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide is furnished under a software license or nondisclosure agreement. This software may be used or copied only in accordance with the terms of the applicable agreement. No part of this guide may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying and recording for any purpose other than the purchaser’s personal use without the written permission of Quest Software, Inc. The information in this document is provided in connection with Quest products. No license, express or implied, by estoppel or otherwise, to any intellectual property right is granted by this document or in connection with the sale of Quest products. EXCEPT AS SET FORTH IN QUEST'S TERMS AND CONDITIONS AS SPECIFIED IN THE LICENSE AGREEMENT FOR THIS PRODUCT, QUEST ASSUMES NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PRODUCTS INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. IN NO EVENT SHALL QUEST BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION OR LOSS OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF QUEST HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Quest makes no representations or warranties with respect to the accuracy or completeness of the contents of this document and reserves the right to make changes to specifications and product descriptions at any time without notice. Quest does not make any commitment to update the information contained in this document. If you have any questions regarding your potential use of this material, contact: Quest Software World Headquarters LEGAL Dept 5 Polaris Way Aliso Viejo, CA 92656 www.quest.com Email: [email protected] Refer to our Web site (www.quest.com) for regional and international office information. TRADEMARKS Quest, Quest Software, the Quest Software logo, Simplicity at Work are trademarks and registered trademarks of Quest Software, Inc. For a complete list of Quest Software's trademarks, please see http://www.quest.com/legal/trademark-information.aspx. Other trademarks and registered trademarks are property of their respective owners. This documentation is also available online at http://documents.quest.com. This site provides robust search capabilities that allow you to search across all related documents. Migration Manager for Exchange Version 8.10 Last updated – May 7, 2015 Contents About This Guide ...................................................................................................... 5 Overview ............................................................................................................................ 5 Conventions ............................................................................................................... 5 Introduction................................................................................................................ 6 Preparation Overview ............................................................................................... 7 Preparation Checklist ........................................................................................................ 9 Prerequisites .................................................................................................................... 10 Step 1: Checking System Requirements .............................................................. 11 Step 2: Setting Up Accounts and Required Permissions ................................... 13 Step 2.1: Setting Up the Target Active Directory Synchronization Account ................... 14 Step 2.2: Setting Up the Target Exchange Account ....................................................... 15 Step 2.2.1: Changing the Default Target Exchange Account ................................. 16 Step 2.2.2: Granting Read Access to the Target Active Directory Domain ............ 16 Step 2.2.3: Granting Membership in Server Local Administrators Group ............... 17 Step 2.2.4: Granting Full Control on Organizational Unit ........................................ 18 Step 2.2.5 Granting Full Control on the Microsoft Exchange System Objects Organizational Unit .................................................................................................. 19 Step 2.2.6: Granting Permission to Make Public Folders Mail-Enabled ................. 20 Step 2.2.7: Granting Full Control on Exchange 2013 Mailboxes ............................ 22 Step 2.2.8: Granting Membership in Recipient Management Group ...................... 23 Step 2.2.9: Granting ApplicationImpersonation Role .............................................. 24 Step 2.3: Setting Up the Target Active Directory Account .............................................. 24 Step 2.3.1: Changing the Default Target Active Directory Account ........................ 24 Step 2.3.2: Granting Read Access to Active Directory Domain .............................. 25 Step 2.3.3: Granting Full Control on Organizational Unit ........................................ 26 Step 2.3.4: Granting Read Permission for the Microsoft Exchange Container ....... 27 Step 2.4: Setting Up Target Agent Host Account ............................................................ 28 Step 2.4.1: Changing the Default Target Agent Host Account ................................ 29 Step 2.4.2: Granting Membership in the Local Administrators Group .................... 29 Step 2.5: Setting Up Single Administrative Account for Exchange Migration (Optional) 30 Step 2.5.1: Creating the Single Administrative Account ......................................... 30 Step 2.5.2: Granting Access to Active Directory ..................................................... 31 Step 2.5.3: Granting Full Control on Exchange Organization ................................. 32 Step 2.5.4: Granting Full Control on Exchange 2013 Mailboxes ............................ 33 Step 2.5.5: Granting Access to SQL Server ............................................................ 34 Step 2.5.6: Granting Read Permission for the Microsoft Exchange Container ....... 35 Step 2.5.7: Granting Permission to Make Public Folders Mail-Enabled ................. 36 Step 2.5.8: Granting Membership in Recipient Management Group ...................... 38 Step 2.5.9: Granting Local Administrative Rights .................................................... 39 Step 2.5.10: Granting ApplicationImpersonation Role ............................................ 40 Step 2.5.11: Changing the Default Active Directory, Exchange and Agent Host Account .................................................................................................................... 40 Step 3: Preparing the Target Exchange Environment for Exchange Migration 42 Step 3.1: Backing Up Exchange ...................................................................................... 42 Step 3.2: Creating Aelita EMW Recycle Bin Public Folder (Optional) ............................ 43 3 Step 3.3: Configuring Public Folder Migration Administrator Mailboxes ......................... 43 Step 3.4: Creating Custom Throttling Policies ................................................................ 44 Step 3.5: Installing the Microsoft Exchange Server MAPI Client and Collaboration Data Objects 1.2.1 .................................................................................................................... 44 Step 4: Setting Up Connection with the Source Exchange Organization Using SMTP Connectors ................................................................................................... 45 Step 4.1: Setting up Target Exchange 2013 Organization for Internet Mail Flow between Target and Source Exchange Organizations .................................................................. 45 Step 4.1.1: Creating Send Connector ..................................................................... 46 Step 4.1.2: Modifying Default Receive Connector .................................................. 46 Step 4.1.3: Adding E-mail Domain Used for Redirection to the List of Accepted Domains ................................................................................................................... 47 Step 4.2: Configuring Target DNS Server for Mail Forwarding ....................................... 48 Step 4.3: Testing the SMTP Connectors (Optional) ........................................................ 48 Summary .................................................................................................................. 50 About Quest Software, Inc. .................................................................................... 51 Contacting Quest Software.............................................................................................. 51 Contacting Quest Support ............................................................................................... 51 Third Party Contributions ....................................................................................... 52 4 Migration Manager for Exchange 8.10 - Target Exchange 2013 Environment Preparation About This Guide Overview This document is prepared to assist you in setting up your Exchange 2013 organization and its environment for being target organization in Exchange migration process conducted by Migration Manager for Exchange. It is intended for network administrators, consultants, analysts, and any other IT professionals using Migration Manager for Exchange. Conventions In order to help you get the most out of this guide, we have used specific formatting conventions. These conventions apply to procedures, icons, keystrokes and crossreferences. ELEMENT CONVENTION Select This word refers to actions such as choosing or highlighting various interface elements, such as files and radio buttons. Bolded text Interface elements that appear in Quest products, such as menus and commands. Italic text Used for comments. Bold Italic text Blue text Introduces a series of procedures. Indicates a cross-reference. When viewed in Adobe® Acrobat®, this format can be used as a hyperlink. Used to highlight additional information pertinent to the process being described. Used to provide Best Practice information. A best practice details the recommended course of action for the best result. Used to highlight processes that should be performed with care. + A plus sign between two keystrokes means that you must press them at the same time. | A pipe sign between elements means that you must select the elements in that particular sequence. 5 Migration Manager for Exchange 8.10 - Target Exchange 2013 Environment Preparation Introduction Follow the steps in this guide to prepare your Exchange 2013 organization and its environment for being the target organization in the Exchange migration process conducted by Migration Manager for Exchange. For more information about Migration Manager for Exchange refer to the Quest Migration Manager for Exchange Overview. On some of steps you may need to coordinate the setup process with the administrator of the source Exchange organization. 6 Migration Manager for Exchange 8.10 - Target Exchange 2013 Environment Preparation Preparation Overview This section provides a short overview of the main steps that should be performed to set up your target Exchange 2013 organization and its environment for migration using Migration Manager for Exchange. These steps are described in detail in the related subtopics. Setting up the target Exchange 2013 organization consists of four main steps: Step 1: Checking the System Requirements On this step make sure that your environment meets the minimal system requirements for Migration Manager for Exchange agents. For more details, see Step 1: Checking System Requirements. Step 2: Setting Up Accounts and Required Permissions On the second step you should set up the accounts and required permissions for Exchange migration. There are four main types of accounts used by Migration Manager for Exchange agents: Target Active Directory Synchronization Account This account is used by: a) The Directory Synchronization Agent (DSA) to access the target Active Directory domain b) The Migration Agent for Exchange (MAgE) to perform mailbox switch Target Exchange Account This account is used by Migration Manager for Exchange agents installed on agent host to access the target Exchange server. Target Active Directory Account This account is used by Migration Manager for Exchange agents to access the target domain. Target Agent Host Account This account is used to install and run the Migration Manager for Exchange agents on agent host and to access the license server. You can simplify the setup by using a single administrative account with all Migration Manager for Exchange agents. Such account should have permissions that are required for all the agents on every server that is involved in the migration, both in the source and in the target organization. For more details, see Step 2: Setting Up Accounts and Required Permissions. 7 Migration Manager for Exchange 8.10 - Target Exchange 2013 Environment Preparation Step 3: Preparing the Target Exchange Environment for Exchange Migration On the third step you should perform common environment preparations: Back up Exchange. Create the Aelita EMW Recycle Bin public folder (optional) Configure public folder migration administrator mailboxes Create custom throttling policies Install Microsoft Exchange Server MAPI Client and Collaboration Data Objects 1.2.1 version 08.03.0.8309.000 or later on agent hosts For more details, see Step 3: Preparing the Target Exchange Environment for Exchange Migration. Step 4: Setting Up Connection with the Source Exchange Organization Using SMTP Connectors On the final fourth step you should set up the connection with the source Exchange organization using SMTP connectors. This task consists of three subtasks given below: 1. 2. 3. Setting up the target Exchange 2013 organization for Internet mail flow between target and source Exchange organizations Configuring target DNS server for mail forwarding Testing the SMTP connectors (optional) For more details, see Step 4: Setting Up Connection with the Source Exchange Organization Using SMTP Connectors. 8 Migration Manager for Exchange 8.10 - Target Exchange 2013 Environment Preparation Preparation Checklist This checklist will help you set up your target Exchange 2013 organization and its environment properly. Make sure you have done all the steps below before completing the preparation. CHECK STEP REFER TO Check the system requirements Step 1 Set up the Target Active Directory Synchronization Account Step 2.1 Set up the Target Exchange Account Step 2.2 Set up the Target Active Directory Account Step 2.3 Set up the Target Agent Host Account Step 2.4 Set up a single administrative account (optional) Step 2.5 Back up Exchange Step 3.1 Create the Aelita EMW Recycle Bin public folder (optional) Step 3.2 Configure public folder migration administrator mailboxes Step 3.3 Create custom throttling policies Step 3.4 Install Microsoft Exchange Server MAPI Client and Collaboration Data Objects 1.2.1 version 08.03.0.8309.000 or later on agent hosts Step 3.5 Set up the target Exchange 2013 organization for Internet mail flow between target and source Exchange organizations Step 4.1 Configure the target DNS server for mail forwarding Step 4.2 Test the SMTP connectors (optional) Step 4.3 9 Migration Manager for Exchange 8.10 - Target Exchange 2013 Environment Preparation Prerequisites Before starting the preparation of the target Exchange 2013 organization and its environment, make sure that you have the privileges to grant all of the following permissions to accounts. The list of permissions given below contains all required permissions for the accounts. However some of the permissions can be replaced with their equivalents. For more information, see the corresponding steps for each account. Target Active Directory Synchronization Account Membership in the Administrators or Domain Admins group of the target domain. Target Exchange Account Read access to the target domain. Membership in the local Administrators group on all target Exchange servers involved in the migration. If a server is a domain controller, the account should be added to the domain local Administrators group of the domain. Full Control permission on the organizational units (OUs) (and their child objects) where the target synchronized objects are located. Full Control permission on the Microsoft Exchange System Objects organizational unit in all domains in which target Exchange 2013 servers involved in public folder synchronization reside. Full Control permission on target Exchange 2013 organization Membership in the Public Folder Management group. Permissions to log on to every mailbox involved in the migration. Membership in the Recipient Management group. The ApplicationImpersonation role in the target Exchange 2013 organization Target Active Directory Account Read access to the target domain. Full Control permission on the organizational units (OUs) (and their child objects) where the target synchronized objects are located. Read permission for the Microsoft Exchange container in the target Active Directory. Target Agent Host Account Membership in the local Administrators group on the license server (unless alternative credentials are used for the license server). If server is located in another trusted forest, the account should have local Administrator permissions on the license server. Local Administrator permissions on the agent host server. 10 Migration Manager for Exchange 8.10 - Target Exchange 2013 Environment Preparation Step 1: Checking System Requirements Any computer that does not meet the requirements should be upgraded before installing Migration Manager for Exchange components. Migration Manager for Exchange uses the following Exchange-specific agents involved in the process of migration to Exchange 2013 organization: Public Folder Source Agent (PFSA) Public Folder Target Agent (PFTA) Transmission Agent (NTA) Migration Agent for Exchange Agents work on agent host servers. Agent host can be: 1. 2. 3. An Exchange server itself, which is the default configuration for PFSA, PFTA and NTA. After you enumerate an Exchange organization all Exchange servers are registered as agent hosts for themselves. Another Exchange server from the same Exchange organization. A stand-alone server. It can be located in another forest or workgroup. For detailed information about system requirements for agent hosts, see the Exchange Migration Agents section of the System Requirements and Access Rights. Target Exchange 2013 Organization Considerations The Migration Manager for Exchange console shows only those servers from target Exchange 2013 organization that host the Mailbox role. This is required because only servers with actual data are considered for migration. The Exchange Autodiscover service must be properly configured and run in your Exchange 2013 organization. For information on Autodiscover for Exchange 2013, go to http://msdn.microsoft.com/en-us/library/exchange/jj900169.aspx. 11 Migration Manager for Exchange 8.10 - Target Exchange 2013 Environment Preparation SSL certificates enabled on Exchange 2013 Client Access Servers of the target organization should be signed by a trusted publisher. If you use self-signed certificates, you need to log on to each agent host under the Agent Host Account and add certificate from CAS to the Trusted Root Certification Authorities and Trusted Publisher lists. The Exchange 2013 Calendar Repair Assistant (CRA) should be disabled during the migration period. 12 Migration Manager for Exchange 8.10 - Target Exchange 2013 Environment Preparation Step 2: Setting Up Accounts and Required Permissions This section describes requirements for accounts working with the target Exchange servers. Migration Manager for Exchange allows you to use different administrative accounts for different purposes. Exchange data is migrated by Migration Manager for Exchange agents, which use the following accounts: Target Active Directory Synchronization Account This account is used by: a) The Directory Synchronization Agent (DSA) to access the target Active Directory domain b) The Migration Agent for Exchange (MAgE) to perform mailbox switch For more details, see Step 2.1: Setting Up the Target Active Directory Synchronization Account. Target Exchange Account This account is used by Migration Manager for Exchange agents installed on agent host to access the target Exchange server. For more details, see Step 2.2: Setting Up the Target Exchange Account. Target Active Directory Account This account is used by Migration Manager for Exchange agents to access the target domain. For more details, see Step 2.3: Setting Up the Target Active Directory Account. Target Agent Host Account This account is used to install and run the Migration Manager for Exchange agents on agent host and to access the license server. For more details, see Step 2.4: Setting Up Target Agent Host Account. If you want to have a single administrative account for Exchange migration, you should skip steps 2.1–2.4 and perform Step 2.5: Setting Up the Single Administrative Account for Exchange Migration. 13 Migration Manager for Exchange 8.10 - Target Exchange 2013 Environment Preparation Step 2.1: Setting Up the Target Active Directory Synchronization Account This section describes how to set the required permissions for the Target Active Directory Synchronization Account. This account is used by: The Directory Synchronization Agent (DSA) to access the target Active Directory domain The Migration Agent for Exchange (MAgE) to perform mailbox switch The required privilege level for the Target Active Directory Synchronization Account is membership in the Domain Admins group of the target domain. If for some reason you cannot grant such privileges to the Target Active Directory Synchronization Account, then refer to the System Requirements and Access Rights document for the list of minimal required permissions. To grant the necessary permission to the Target Active Directory Synchronization Account, perform the following: 1. 2. On the target domain controller in the Active Directory Users and Computers snap-in, click Users, then in the right pane right-click Domain Admins and click Properties. Go to the Members tab, click Add and select the Target Active Directory Synchronization Account (in our example, QMM_Trg_DSA). 14 Migration Manager for Exchange 8.10 - Target Exchange 2013 Environment Preparation 3. Close the dialog boxes by clicking OK. Step 2.2: Setting Up the Target Exchange Account This section describes how to set the required permissions for the Target Exchange Account used by Migration Manager for Exchange agents. This account is used for the following: Working with target Exchange mailboxes and public folders (used by Migration Agent for Exchange, Public Folder Source Agent, and Public Folder Target Agent) Making the newly-created public folders mail-enabled (used by the public folder agents only: Public Folder Source Agent and Public Folder Target Agent) Moving mailboxes The required privileges for the Target Exchange Account are as follows: Read access to the target domain. Membership in the local Administrators group on all target Exchange servers involved in the migration. If a server is a domain controller, the account should be added to the domain local Administrators group of the domain. 15 Migration Manager for Exchange 8.10 - Target Exchange 2013 Environment Preparation Full Control permission on the organizational units (OUs) (and their child objects) where the target synchronized objects are located. Full Control permission on the Microsoft Exchange System Objects organizational unit in all domains in which target Exchange 2013 servers involved in public folder synchronization reside. Full Control permission on target Exchange 2013 organization Membership in the Public Folder Management group. Permissions to log on to every mailbox involved in the migration. Membership in the Recipient Management group. The ApplicationImpersonation role in the target Exchange 2013 organization To set up the Target Exchange Account, perform the steps described in the related subtopics. Note that the steps are given only as an example of a possible Target Exchange Account setup. Step 2.2.1: Changing the Default Target Exchange Account This section is relevant to the public folder synchronization only. Target Exchange Account for mailbox or calendar synchronization is specified during corresponding job configuration. The default Target Exchange Account (initially displayed on the Connection page of the Exchange server Properties) is set when you add the target organization to the migration project (see the Registering Source and Target Organizations section of the Migration Manager for Exchange User Guide for details). If necessary, you can change the default Target Exchange Account by clicking Modify on the General | Connection page in the properties of the corresponding target server in the Migration Manager for Exchange Console. To go on using the default Target Exchange Account for Exchange migration, grant the permissions required for Exchange migration to this account (see the next steps). Step 2.2.2: Granting Read Access to the Target Active Directory Domain Target Exchange Account should have Read access to the target Active Directory. To grant this permission to the Target Exchange Account, complete the following steps: 1. 2. 3. In the Active Directory Users and Computers snap-in, right-click the domain name (in our example, targetdomain), and then click Properties. On the Security tab, click Add and select the Target Exchange Account (in our example, QMM_Trg_Ex). Select the Target Exchange Account, and then check the Allow box for the Read permission in the Permissions box. 16 Migration Manager for Exchange 8.10 - Target Exchange 2013 Environment Preparation 4. 5. 6. Click the Advanced button. In the Advanced Security Settings dialog box, select the account you specified on step 2, and click Edit. In the Permission Entry dialog box, select This object and all descendant (child) objects from the Apply to drop-down list. Close the dialog boxes by clicking OK. Step 2.2.3: Granting Membership in Server Local Administrators Group The Target Exchange Account used by Migration Manager for Exchange agents should be a member of the local Administrators group on each target Exchange server involved in the migration. If the Exchange server is a domain controller, the account should be added to the domain local Administrators group of the domain. To grant the required permissions to the account , perform the following on each target Exchange server involved in the migration: 1. Open the Computer Management snap-in (Click Start | Run, enter compmgmt.msc and then click OK). 17 Migration Manager for Exchange 8.10 - Target Exchange 2013 Environment Preparation 2. 3. 4. 5. In the left pane click System Tools | Local Users and Groups | Groups. Right-click the Administrators group and click Add to Group. Click Add and select the Target Exchange Account (in our example, QMM_Trg_Ex). Close the dialog boxes by clicking OK. Step 2.2.4: Granting Full Control on Organizational Unit To work with the target Active Directory objects, the Target Exchange Account needs the Full Control permission on the organizational units and their child objects that contain the objects to be synchronized. This permission should be set on the domain controller where the objects you need to synchronize are located. To grant the required permissions to the account, perform the following steps: 1. 2. In the Active Directory Users and Computers snap-in, right-click the OU where the objects are located, and click Properties. On the Security tab, click Add, and select the Target Exchange Account (in our example, QMM_Trg_Ex). If there is no Security tab, you should select View | Advanced Features in the Active Directory Users and Computers snap-in. 18 Migration Manager for Exchange 8.10 - Target Exchange 2013 Environment Preparation 3. 4. 5. 6. Select the account name, and then enable the Allow option for the Full Control permission in the Permissions box. Click the Advanced button. In the Advanced Security Settings dialog box, select the account you specified on step 2, and click Edit. In the Permission Entry dialog box, select This object and all descendant (child) objects from the Apply to drop-down list. Close the dialog boxes by clicking OK. Step 2.2.5 Granting Full Control on the Microsoft Exchange System Objects Organizational Unit The Target Exchange Account used by Migration Manager for Exchange agents needs the Full Control permission on the Microsoft Exchange System Objects organizational unit (OU) in all domains in which target Exchange 2013 servers involved in public folder synchronization reside. 1. In the Active Directory Users and Computers snap-in, right-click the Microsoft Exchange System Objects OU and click Properties. If there is no Microsoft Exchange System Objects OU, you should select View | Advanced Features in the Active Directory Users and Computers snap-in. 19 Migration Manager for Exchange 8.10 - Target Exchange 2013 Environment Preparation 2. 3. 4. 5. 6. On the Security tab, click Add, and select the Target Exchange Account (in our example, QMM_Trg_Ex). Select the account name, and then enable the Allow option for the Full Control permission in the Permissions box. Click the Advanced button. In the Advanced Security Settings dialog box, select the account you specified on step 2, and click Edit. In the Permission Entry dialog box, select This object and all descendant (child) objects from the Apply to drop-down list. Close the dialog boxes by clicking OK. Step 2.2.6: Granting Permission to Make Public Folders Mail-Enabled If a public folder is mail-enabled in the source organization, the Public Folder Target Agent needs to be able to make it mail-enabled in the target organization as well. To achieve this, assign your Target Exchange Account permissions to run the EnableMailPublicFolder cmdlet, as follows: 1. Add this account to the Public Folder Management group in the target Exchange 2013 organization: a) In the Active Directory Users and Computers snap-in select the Microsoft Exchange Security Groups node. 20 Migration Manager for Exchange 8.10 - Target Exchange 2013 Environment Preparation b) In the right pane, right-click Public Folder Management group and click Properties . c) On the Members tab click Add and select the Target Exchange Account (in our example, QMM_Trg_Ex). d) Close the dialog boxes by clicking OK If the Target Exchange Account is located in another trusted forest, you cannot add the account to the Public Folder Management group. In this case grant the following permissions for the Exchange Administrative Group (FYDIBOHF23SPDLT) container and its descendant (child) objects to the account in the Configuration partition using the ADSIEdit snap-in: 2. Modify public folder replica list permission Modify public folder deleted item retention permission Modify public folder quotas permission Give the account the Full Control permission on the CN=<ExchangeOrganizationName>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<...>,DC=<...> container: a) From the Start menu, select Run. In the Run dialog box, type ADSIEdit.msc. Click OK. b) In the ADSIEdit snap-in, open the CN=<ExchangeOrganizationName>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<...>,DC=<...> container 21 Migration Manager for Exchange 8.10 - Target Exchange 2013 Environment Preparation c) Right-click the CN=<ExchangeOrganizationName> container and click Properties. d) In the Properties dialog box, click the Security tab. e) On the Security tab, click Advanced. f) In the Advanced Security Settings dialog box, click Add. g) In the Select User, Computer, Service Account, or Group (or similar) dialog box, select the Target Exchange Account (in our example, QMM_Trg_Ex) and click OK. h) In the Permission Entry for dialog box, select This object and all descendant (child) objects from the Apply to drop-down list. i) Allow Full Control permission for the Target Exchange Account. j) Close the dialog boxes by clicking OK. Step 2.2.7: Granting Full Control on Exchange 2013 Mailboxes The Target Exchange Account used by Migration Manager for Exchange agents needs the Full Control permission on each mailbox database involved in migration. To grant the required permissions to the <User> (in our example, LA\QMM_Trg_Ex), run the following cmdlet in Exchange Management Shell: Get-MailboxDatabase | Add-ADPermission -User <User> -AccessRights GenericAll -ExtendedRights Receive-As To verify that all permissions for the Target Exchange Account are set correctly, select any mailbox involved in the migration in the Migration Manager Console and check that the Target Exchange Account has Full Access permissions for the mailbox. 22 Migration Manager for Exchange 8.10 - Target Exchange 2013 Environment Preparation Step 2.2.8: Granting Membership in Recipient Management Group To perform Move mailbox operations, the Target Exchange Account needs to be assigned permissions to run the following cmdlets: New-MoveRequest Get-MoveRequest Remove-MoveRequest Get-MoveRequestStatistics To grant these permissions, add the account to the Recipient Management group in the target Exchange 2013 organization, as follows: 1. 2. 3. 4. In the Active Directory Users and Computers snap-in select the Microsoft Exchange Security Groups node. In the right pane, right-click Recipient Management group and select Properties from the shortcut menu. On the Members tab click Add and select the Target Exchange Account (in our example, QMM_Trg_Ex). Close the dialog boxes by clicking OK. 23 Migration Manager for Exchange 8.10 - Target Exchange 2013 Environment Preparation Step 2.2.9: Granting ApplicationImpersonation Role The Target Exchange Account used by Migration Manager for Exchange agents needs the ApplicationImpersonation role in the target Exchange 2013 organization. To grant the required permission to the <User> (in our example, LA\QMM_Trg_Ex), run the following cmdlet in Exchange Management Shell: New-ManagementRoleAssignment -Role ApplicationImpersonation -User LA\QMM_Trg_Ex Step 2.3: Setting Up the Target Active Directory Account This section describes how to set the required permissions for the Target Active Directory Account used by Migration Manager for Exchange agents. This account is used for the following: Working with the target Active Directory Re-homing mailboxes Switching mailboxes (Migration Agent for Exchange) The required permissions for the Target Active Directory Account are as follows: Read access to the target domain Full Control permission on the organizational units (OUs) (and their child objects) where the target synchronized objects are located. Read permission for the Microsoft Exchange container in the target Active Directory To set up the Target Active Directory Account, perform the steps described in the related subtopics. Note that these steps are given only as an example of a possible Target Active Directory Account setup. Step 2.3.1: Changing the Default Target Active Directory Account This section is relevant to the public folder synchronization only. Target Active Directory Account for mailbox or calendar synchronization is specified during corresponding job configuration. The default Target Active Directory Account (initially displayed on the Associated domain controller page of the Exchange server's properties) is set when you add the target organization to the migration project (see the Registering Source and Target Organizations section of the Migration Manager for Exchange User Guide for details). 24 Migration Manager for Exchange 8.10 - Target Exchange 2013 Environment Preparation To change the Target Active Directory Account, click Modify on the General | Associated domain controller page of the corresponding target server properties in the Migration Manager for Exchange Console. To go on using the default Target Active Directory Account for Exchange migration, grant the permissions required for Exchange migration to this account (see the next steps). Step 2.3.2: Granting Read Access to Active Directory Domain The Target Active Directory Account used by Migration Manager for Exchange agents needs Read access to the target domain to work with servers and target Active Directory. To grant this permission to the account, complete the following steps: 1. 2. On the target domain controller in the Active Directory Users and Computers snap-in, right-click the domain name, and then click Properties on the shortcut menu. On the Security tab, click Add and select the account to which you wish to assign permissions (in our example, QMM_Trg_AD). If there is no Security tab, you should select View | Advanced Features in the Active Directory Users and Computers snap-in. 3. 4. 5. Select the account name, and then enable the Allow option for the Read permission in the Permissions box. Click the Advanced button. In the Advanced Security Settings dialog box, select the account you specified on step 2 and click Edit. In the Permission Entry dialog box, select This object and all descendant (child) objects from the Apply to drop-down list. 25 Migration Manager for Exchange 8.10 - Target Exchange 2013 Environment Preparation 6. Close the dialog boxes by clicking OK. Step 2.3.3: Granting Full Control on Organizational Unit To work with the target Active Directory objects, the Target Active Directory Account needs the Full Control permission on the organizational units and their child objects that contain the objects to be synchronized. This permission should be set on the domain controller where the objects you need to synchronize are located. To grant the required permissions to the account, perform the following steps: 1. 2. In the Active Directory Users and Computers snap-in, right-click the OU where the objects are located, and click Properties. On the Security tab, click Add, and select the Target Active Directory Account (in our example, QMM_Trg_AD). If there is no Security tab, you should select View | Advanced Features in the Active Directory Users and Computers snap-in. 3. 4. Select the account name, and then enable the Allow option for the Full Control permission in the Permissions box. Click the Advanced button. In the Advanced Security Settings dialog box, select the account you specified on step 2, and click Edit. 26 Migration Manager for Exchange 8.10 - Target Exchange 2013 Environment Preparation 5. In the Permission Entry dialog box, select This object and all descendant (child) objects from the Apply to drop-down list. 6. Close the dialog boxes by clicking OK. Step 2.3.4: Granting Read Permission for the Microsoft Exchange Container In the target Exchange 2013 organization, the Target Active Directory Account requires the Read permission on the Microsoft Exchange container in the target Active Directory. To grant this permission, add the account to the View-Only Organization Management group in the target Exchange 2013 organization, as follows: 1. 2. 3. In the Active Directory Users and Computers snap-in select the Microsoft Exchange Security Groups node. In the right pane, right-click View-Only Organization Management group and click Properties. On the Members tab click Add and select the Target Exchange Account (in our example, QMM_Trg_AD). 27 Migration Manager for Exchange 8.10 - Target Exchange 2013 Environment Preparation 4. Close the dialog boxes by clicking OK. If the Target Active Directory Account is located in another trusted forest, you cannot add the account to the View-Only Organization Management group. In this case grant the Read permission for the Microsoft Exchange container and its child objects to the account in the Configuration partition using the ADSIEdit snap-in. Step 2.4: Setting Up Target Agent Host Account This section describes how to set the required permissions for the Target Agent Host Account used by Migration Manager for Exchange agents. This account is used to install and run Migration Manager for Exchange agents on the target agent host and to access the license server. The required privileges for the Target Agent Host Account are as follows: Membership in the local Administrators group on the license server (unless alternative credentials are used for the license server). If server is located in another trusted forest, the account should have local Administrator permissions on the license server Local Administrator permissions on the agent host server. By default, for public folder synchronization each Exchange server is an agent host for itself. If you use the default agent host then to simplify the account setup process, you can grant these permissions to the Target Exchange 28 Migration Manager for Exchange 8.10 - Target Exchange 2013 Environment Preparation Account and use it instead of the Target Agents Host Account. Note that Active Directory and Exchange accounts for mailbox or calendar synchronization and for public folder synchronization are set separately, and therefore may be different. To set up the Target Agent Host Account, perform the steps described in the related subtopics. Note that the steps are given only as an example of a possible Target Agent Host Account setup. Step 2.4.1: Changing the Default Target Agent Host Account This section is relevant to the public folder synchronization only. Target Agent Host Account for mailbox or calendar synchronization is specified during corresponding job configuration. The default Target Agent Host Account (initially displayed on the Default Agent Host page of the Exchange server Properties) is set when you add the target organization to migration project (see the Registering Source and Target Organizations section of the Migration Manager for Exchange User Guide for details). If necessary, you can change the default Target Agent Host Account. For that, go to the Agent Management node in the Migration Manager for Exchange Console, and use properties of the corresponding agent host server. To go on using the default Target Agent Host Account for Exchange migration, grant the permissions required for Exchange migration to this account (see the next steps). Step 2.4.2: Granting Membership in the Local Administrators Group The Target Agent Host Account should be a member of the local Administrators group on the agent host server and on the license server (unless alternative credentials are used for the license server). If license server is a domain controller, the account should be added to the domain local Administrators group of the domain. Local Administrator permissions are required on the license server if this license server is located in another trusted forest. To add the Target Agents Host Account to the local Administrators group on a server perform the following: 1. Open the Computer Management snap-in (Click Start | Run, enter compmgmt.msc and then click OK). 29 Migration Manager for Exchange 8.10 - Target Exchange 2013 Environment Preparation 2. 3. 4. 5. In the left pane click System Tools | Local Users and Groups | Groups. Right-click the Administrators group and click Add to Group. Click Add and select the Target Agent Host Account (in our example, QMM_Trg_AH). Close the dialog boxes by clicking OK. Step 2.5: Setting Up Single Administrative Account for Exchange Migration (Optional) You can simplify the setup by using one account with all Migration Manager for Exchange agents. This account should have the permissions that are required for all the agents on every server that is involved in the migration both in the source and in the target organization. However, using such an account in a production environment may be a security risk because it would be extremely powerful. The steps described in the related subtopics will help you to set up a single administrative account that can be used by all agents. The same account should be used to launch Migration Manager for Exchange Console. Step 2.5.1: Creating the Single Administrative Account This step should be performed in coordination with the administrator of the source Exchange organization. 30 Migration Manager for Exchange 8.10 - Target Exchange 2013 Environment Preparation The Migration Manager for Exchange administrative account should be created either in the source or in the target domain. Two-way trusts between the source and the target domain should be established. To ensure that the Migration Manager for Exchange administrative account is not a member of any Active Directory group with some of the permissions denied, we recommend creating a new user account. In our example we create the new user account in the target domain and name it QMMEx. To create such account, perform the following: 1. 2. 3. On the target domain controller in the Active Directory Users and Computers, right-click Users and then click New | User. In the New Object - User wizard, type First name and User logon name of the administrative account (in our example, QMMEx), then click Next. Type and confirm the password, select necessary options for the account, click Next and then click Finish. Step 2.5.2: Granting Access to Active Directory The administrative account should have access to the target Active Directory to create objects and modify their properties. To grant such access privileges to the account, add the account to the domain local Administrators group: 1. In the Active Directory Users and Computers snap-in, click Builtin, then in the right pane right-click Administrators and click Properties. 31 Migration Manager for Exchange 8.10 - Target Exchange 2013 Environment Preparation 2. 3. Go to the Members tab, click Add and select the administrative account (in our example, QMMEx). Close the dialog boxes by clicking OK. Step 2.5.3: Granting Full Control on Exchange Organization Grant the administrative account the Full Control permission on the CN=<ExchangeOrganizationName>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<...>,DC=<...> container: 1. 2. 3. 4. 5. 6. 7. From the Start menu, select Run. In the Run dialog box, type ADSIEdit.msc. Click OK. In the ADSIEdit snap-in, open the CN=<ExchangeOrganizationName>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<...>,DC=<...> container Right-click the CN=<ExchangeOrganizationName> container and click Properties. In the Properties dialog box, click the Security tab. On the Security tab, click Advanced. In the Advanced Security Settings dialog box, click Add. In the Select User, Computer, Service Account, or Group (or similar) dialog box, select the administrative account (in our example, QMMEx) and click OK. 32 Migration Manager for Exchange 8.10 - Target Exchange 2013 Environment Preparation 8. 9. In the Permission Entry for dialog box, select This object and all descendant (child) objects from the Apply to drop-down list. Allow Full Control permission for the administrative account. 10. Close the dialog boxes by clicking OK. Step 2.5.4: Granting Full Control on Exchange 2013 Mailboxes The administrative account used by Migration Manager for Exchange agents needs the Full Control permission on each mailbox database involved in migration. To grant the required permissions to the <User> (in our example, LA\QMMEx), run the following cmdlet in Exchange Management Shell: Get-MailboxDatabase | Add-ADPermission -User <User> -AccessRights GenericAll -ExtendedRights Receive-As To verify that all permissions for the administrative account are set correctly, select any mailbox involved in the migration in the Migration Manager Console and check that the administrative account has Full Access permission for the mailbox. 33 Migration Manager for Exchange 8.10 - Target Exchange 2013 Environment Preparation Step 2.5.5: Granting Access to SQL Server The administrative account should have the appropriate permissions to create and modify databases on a SQL server. In SQL Server Management Studio, browse to the server that will be used by Migration Manager for Exchange, and select Logins from the server Security node. To create a new login for the administrative account, complete the following steps: 1. 2. Right-click Logins and click New Login. On the General page of the Login - New dialog box, specify the administrative account in the Name field (in our example, QMMEx) and select the Windows Authentication method. 3. On the Server Roles page of the Login - New dialog box, select the dbcreator role. 34 Migration Manager for Exchange 8.10 - Target Exchange 2013 Environment Preparation 4. Close the dialog boxes by clicking OK. Step 2.5.6: Granting Read Permission for the Microsoft Exchange Container The administrative account requires the Read permission on the Microsoft Exchange container in the target Active Directory. To grant it, complete the following steps: 1. 2. 3. On the target domain controller in the Active Directory Users and Computers snap-in select the Microsoft Exchange Security Groups node. In the right pane, right-click View-Only Organization Management group and click Properties. On the Members tab click Add and select the administrative account (in our example, QMMEx). 35 Migration Manager for Exchange 8.10 - Target Exchange 2013 Environment Preparation 4. Close the dialog boxes by clicking OK. Step 2.5.7: Granting Permission to Make Public Folders Mail-Enabled If a public folder is mail-enabled in the source organization, the Public Folder Target Agent needs to be able to make it mail-enabled in the target organization as well. To achieve this, assign the administrative account permissions to run the Enable-MailPublicFolder cmdlet, as follows: 1. Add the account to the Public Folder Management group in the target Exchange 2013 organization: a) In the Active Directory Users and Computers snap-in select the Microsoft Exchange Security Groups node. b) In the right pane, right-click Public Folder Management group and click Properties . c) On the Members tab click Add and select the administrative account (in our example, QMMEx). 36 Migration Manager for Exchange 8.10 - Target Exchange 2013 Environment Preparation d) 2. Close the dialog boxes by clicking OK Give the account the Full Control permission on the CN=<ExchangeOrganizationName>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<...>,DC=<...> container: a) From the Start menu, select Run. In the Run dialog box, type ADSIEdit.msc. Click OK. b) In the ADSIEdit snap-in, open the CN=<ExchangeOrganizationName>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<...>,DC=<...> container c) Right-click the CN=<ExchangeOrganizationName> container and click Properties. d) In the Properties dialog box, click the Security tab. e) On the Security tab, click Advanced. f) In the Advanced Security Settings dialog box, click Add. g) In the Select User, Computer, Service Account, or Group (or similar) dialog box, select the administrative account (in our example, QMMEx) and click OK. h) In the Permission Entry for dialog box, select This object and all descendant (child) objects from the Apply to drop-down list. 37 Migration Manager for Exchange 8.10 - Target Exchange 2013 Environment Preparation i) Allow Full Control permission for the administrative account. j) Close the dialog boxes by clicking OK. Step 2.5.8: Granting Membership in Recipient Management Group To perform Move mailbox operations, the administrative account needs to be assigned permissions to run the following cmdlets: New-MoveRequest Get-MoveRequest Remove-MoveRequest Get-MoveRequestStatistics To grant these permissions, add the account to the Recipient Management group in the target Exchange 2013 organization, as follows: 1. 2. 3. In the Active Directory Users and Computers snap-in select the Microsoft Exchange Security Groups node. In the right pane, right-click Recipient Management group and select Properties from the shortcut menu. On the Members tab click Add and select the administrative account (in our example, QMMEx). 38 Migration Manager for Exchange 8.10 - Target Exchange 2013 Environment Preparation 4. Close the dialog boxes by clicking OK. Step 2.5.9: Granting Local Administrative Rights The administrative account should be a member of the local Administrators groups on the following servers: The Directory Synchronization Agent servers The Migration Manager for Exchange Console server The license server specified in the Migration Manager for Exchange Console options The agent host servers If a server is a domain controller, the account should be added to the domain local Administrators group of the domain. To add the administrative account to the Administrators group, perform the following on each server listed above: 1. 2. Open the Computer Management snap-in (Click Start | Run, enter compmgmt.msc and then click OK). In the left pane click System Tools | Local Users and Groups | Groups. 39 Migration Manager for Exchange 8.10 - Target Exchange 2013 Environment Preparation 3. 4. 5. Right-click the Administrators group and click Add to Group. Click Add and select the administrative account (in our example, QMMEx). Close the dialog boxes by clicking OK. Step 2.5.10: Granting ApplicationImpersonation Role The administrative account used by Migration Manager for Exchange agents needs the ApplicationImpersonation role in the target Exchange 2013 organization. To grant the required permission to the <User> (in our example, TARGETDOMAIN\QMMEx), run the following cmdlet in Exchange Management Shell: New-ManagementRoleAssignment -Role ApplicationImpersonation -User TARGETDOMAIN\QMMEx Step 2.5.11: Changing the Default Active Directory, Exchange and Agent Host Account To begin using the single administrative account for Exchange Migration, you should log on under this account to the computer where the Migration Manager for Exchange Console is installed. After that you need to perform the following steps: For mailbox and calendar synchronization jobs you need to specify the administrative account as each required account while configuring the jobs. 40 Migration Manager for Exchange 8.10 - Target Exchange 2013 Environment Preparation To change accounts specified for Active Directory and Exchange in existing mailbox or calendar synchronization job, use properties of the corresponding job. To change account specified for agent host, go to the Agent Management node in the Migration Manager for Exchange Console, and use properties of the corresponding agent host server. For public folder synchronization jobs, you need to change the default accounts to administrative account as follows: To change the default Target Exchange Account, click Modify on the General | Connection page in the properties of the corresponding target server in the Migration Manager for Exchange Console. To change the default Target Active Directory Account, click Modify on the General | Associated domain controller page in the properties of the corresponding target server in the Migration Manager for Exchange Console. To change the default Target Agent Host Account, go to the Agent Management node in the Migration Manager for Exchange Console, and use properties of the corresponding agent host server. 41 Migration Manager for Exchange 8.10 - Target Exchange 2013 Environment Preparation Step 3: Preparing the Target Exchange Environment for Exchange Migration Perform the steps described in the related subtopics to ensure that your Exchange environment is ready for migration: Step 3.1: Backing Up Exchange Step 3.2: Creating Aelita EMW Recycle Bin Public Folder (Optional) Step 3.3: Configuring Public Folder Migration Administrator Mailboxes Step 3.4: Creating Custom Throttling Policies Step 3.5: Installing the Microsoft Exchange Server MAPI Client and Collaboration Data Objects 1.2.1 Step 3.1: Backing Up Exchange Before implementing Migration Manager for Exchange in your production environment, back up your Exchange infrastructure. We recommend that target Active Directory data be backed up at least twice a day during migration. Transaction Log File Cleanup When Migration Manager for Exchange synchronizes mail and public folders, for every megabyte of data migrated from the source to the target, a transaction log file of equal size is generated on the target Exchange server. Exchange-aware backup applications purge the transaction logs after the backup completes. By the time the backup finishes, all logged transactions have already been applied to the store and backed up to tape, making log cleaning safe. Large transaction logs that are generated during mailbox migration quickly occupy free disk space. To work around this problem, perform one of the following: If a full backup strategy is implemented in the organization or there is no backup strategy at all, then circular logging may be enabled for unattended log deletion. If an incremental or differential backup strategy is already implemented in the organization, then make sure that logs are cleared automatically when backup process is finished. Do not enable circular logging in this case. 42 Migration Manager for Exchange 8.10 - Target Exchange 2013 Environment Preparation Note also that Microsoft recommends turning OFF circular logging on the Exchange server. For more information, refer to Microsoft Knowledge Base article 147524: XADM: How Circular Logging Affects the Use of Transaction Logs. Step 3.2: Creating Aelita EMW Recycle Bin Public Folder (Optional) If you skip this step, you must manually turn off using the Aelita EMW Recycle Bin folder during public folder synchronization (set the UseRecycleBin parameter to 0). See the Use Fine-Tuning the Agents section of the Migration Manager for Exchange User Guide for details. If you plan to perform public folder synchronization using Migration Manager Public Folder agents, you should create a special public folder called Aelita EMW Recycle Bin. Replicate this folder to all the public folder servers involved in the public folder synchronization process. This folder will help prevent data loss in case of accidental public folder deletion. When a public folder is deleted in one of the environments, the public folder synchronization agents move the corresponding folder in the other environment to the Aelita EMW Recycle Bin folder, if it exists, instead of permanently deleting the folder. You can use this folder to check whether important information has been deleted, and restore any data deleted by mistake. Only deleted public folders will be put into the Aelita EMW Recycle Bin. If you delete a message from a public folder, it will be destroyed permanently in both the Source and Target Exchange organizations. Step 3.3: Configuring Public Folder Migration Administrator Mailboxes Public folder migration administrator mailboxes should be created on all target Exchange 2013 servers involved in public folder synchronization. These mailboxes will be used to access the public folder tree when creating public folder synchronization jobs. The administrator mailbox specified for the public folder synchronization job should not be changed during the synchronization process. The administrator mailboxes should not be included in mailbox or calendar synchronization jobs. After you created public folder migration administrator mailboxes, take the following steps: 1. Ensure that target Exchange 2013 organization has primary hierarchy mailbox (which is the first created public folder mailbox in organization). If there are no public folder mailboxes yet, create one. It will automatically become primary hierarchy mailbox. 43 Migration Manager for Exchange 8.10 - Target Exchange 2013 Environment Preparation 2. After that associate public folder migration administrator mailbox specified for the public folder synchronization with the primary hierarchy mailbox. To do this, run the following cmdlet in Exchange Management Shell: Set-Mailbox –Identity <Public_Folder_Migration_Administrator_Mailbox> DefaultPublicFolderMailbox <Primary_Hierarchy_Mailbox> Now when creating public folder synchronization jobs, make sure that root public folder of the target organization is located in the primary hierarchy mailbox configured above. The target mailbox database and root public folder specified for the synchronization job should not be renamed during the synchronization process. Before migrating to Exchange 2013, ensure that the size of public folder data to be migrated does not exceed the size limit for the primary hierarchy mailbox. For information on public folders in Exchange 2013, go to http://technet.microsoft.com/en-us/library/jj150538(v=exchg.150).aspx. Step 3.4: Creating Custom Throttling Policies To prevent possible issues in an Exchange 2013 organization, you should create custom throttling policies, apply them to the Target Exchange Accounts and and then restart the Microsoft Exchange Throttling Service. To do this, run the following cmdlets in Exchange Management Shell for each Target Exchange Account: New-ThrottlingPolicy <QMM_Exchange_Account_Throttling_Policy_Name> Set-ThrottlingPolicy <QMM_Exchange_Account_Throttling_Policy_Name> PowerShellMaxConcurrency <MaxConcurrency> Set-ThrottlingPolicyAssociation -Identity <QMM_Exchange_Account_Name> ThrottlingPolicy <QMM_Exchange_Account_Throttling_Policy_Name> Restart-Service -Name MSExchangeThrottling where MaxConcurrency is the number of Migration Agent for Exchange (MAgE) instances simultaneously working with Exchange 2013 server, multiplied by the value of 5. Step 3.5: Installing the Microsoft Exchange Server MAPI Client and Collaboration Data Objects 1.2.1 Migration Manager for Exchange also requires Microsoft Exchange Server MAPI Client and Collaboration Data Objects 1.2.1 version 08.03.0.8309.000 or later to be installed on all computers where Migration Manager for Exchange agents will run. Since the MAPI CDO setup package is not available for distribution, you should download it from the Microsoft Web site. At the moment of the last document update, the download link is http://www.microsoft.com/en-us/download/details.aspx?id=36771. After installing the API, restart the computer. 44 Migration Manager for Exchange 8.10 - Target Exchange 2013 Environment Preparation Step 4: Setting Up Connection with the Source Exchange Organization Using SMTP Connectors This section describes how to set up a connection with the source Exchange organization using SMTP connectors. On this step you may need to coordinate with the administrator of the source Exchange organization to set up the connection properly. For more details, see the related topics: Step 4.1: Setting up Target Exchange 2013 Organization for Internet Mail Flow between Target and Source Exchange Organizations Step 4.2: Configuring Target DNS Server for Mail Forwarding Step 4.3: Testing the SMTP Connectors (Optional) Step 4.1: Setting up Target Exchange 2013 Organization for Internet Mail Flow between Target and Source Exchange Organizations You need to establish Internet mail flow between the target and the source Exchange organizations. For that, you need to create an Internet Send connector and Receive connector on an Exchange 2013 Mailbox server that can be directly reached through the Internet. To establish mail flow to and from the Internet through a Mailbox server, follow these steps: 1. 2. 3. Create a Send connector (to send email from target Exchange 2013 organization to the Internet) on the Mailbox server. Modify the default Receive connector for the target domain to accept anonymous e-mail from the Internet Add the e-mail domain used for redirection to the list of accepted domains. Each step is explained in further detail in the related subtopics. 45 Migration Manager for Exchange 8.10 - Target Exchange 2013 Environment Preparation Step 4.1.1: Creating Send Connector To create a Send connector, you can use either Exchange Admin Center (EAC) or Exchange Management Shell. For additional information, refer to the Create a Send Connector for Email Sent to the Internet TechNet article. To create a Send connector using Exchange Admin Center 1. 2. 3. 4. 5. 6. 7. In the Exchange Admin Center, navigate to Mail flow > Send connectors, and then click Add +. In the New send connector wizard, specify a name for the send connector, for example, QMM Send Connector, and then select Custom for the Type. Click Next. Verify that MX record associated with recipient domain is selected. Then select the Use the external DNS lookup settings on servers with transport roles. Click Next. Under Address space, click Add +. In the Add domain window, make sure SMTP is listed as the Type. For Fully Qualified Domain Name (FQDN), specify the address space you want to use for mail redirection from target to source organization (for example, *.source.local). Click Save. Make sure Scoped send connector is not selected, and then click Next. For Source server, click Add +. In the Select a Server window, select one or more Mailbox servers in your organization and click Add. After you've selected the server, click OK. Click Finish. To create a Send connector using Exchange Management Shell Run the following command: new-SendConnector -Name 'QMM Send Connector' -Usage 'Custom' AddressSpaces 'SMTP:*.source.local;1' -IsScopedConnector $false DNSRoutingEnabled $true -UseExternalDNSServersEnabled $true SourceTransportServers 'ServerName' where: *.source.local is the address space you want to use for mail redirection from target to source organization. ServerName is the Mailbox server name. Step 4.1.2: Modifying Default Receive Connector To modify the default Receive connector for the target Exchange 2013 organization to receive mail from the Internet, you can use either Exchange Admin Center or Exchange Management Shell. 46 Migration Manager for Exchange 8.10 - Target Exchange 2013 Environment Preparation To modify the default Receive connector using Exchange Admin Center 1. 2. 3. 4. 5. 6. In the Exchange Admin Center, navigate to Mail flow > Receive connectors. Select the appropriate Mailbox server from the list of servers. Then select the Default <Server Name> connector and click Edit. In the Default <Server Name> window, go to Security. In Permission groups, select Anonymous users to add anonymous permissions. Click Save. To modify the default Receive connector using Exchange Management Shell Run the following command: Set-ReceiveConnector -PermissionGroups 'AnonymousUsers, ExchangeUsers, ExchangeServers, ExchangeLegacyServers' -Identity 'ServerName\Default ServerName' Where ServerName is the Mailbox server name. Step 4.1.3: Adding E-mail Domain Used for Redirection to the List of Accepted Domains To add a new Accepted domain, you can use either Exchange Admin Center or Exchange Management Shell. To add a domain to Accepted Domains list using Exchange Admin Center 1. 2. 3. 4. In the Exchange Admin Center, navigate to Mail flow > Accepted domains, and then click Add +. In the Name field, specify the accepted domain, such as target.local. In the Accepted domain field, specify the SMTP namespace for which the Exchange organization will accept e-mail messages, such as *.target.local. Then select the Authoritative Domain. E-mail is delivered to a recipient in this Exchange organization option. Click Save. To add a domain to Accepted Domains list using Exchange Management Shell Run the following command: new-AcceptedDomain -Name 'target.local' -DomainName '*.target.local' DomainType 'Authoritative' where *.target.local is the address space you want to use for mail redirection from the source to the target organization. 47 Migration Manager for Exchange 8.10 - Target Exchange 2013 Environment Preparation Step 4.2: Configuring Target DNS Server for Mail Forwarding After you have completed setting up the target Exchange 2013 organization for Internet mail flow between target and source Exchange organizations, you should also add the Mail Exchanger (MX) record for the target domain to the DNS server. This is necessary to forward the mail (redirected to the additional SMTP addresses added by the Directory Synchronization Agent) to the target Exchange 2013 server. We will use the following additional address space given as example on the previous steps: @target.local—to redirect mail from source to target mailboxes. A secondary SMTP address will be added to each target mailbox by the Directory Synchronization Agent according to this template. To set MX record for the target domain 1. 2. 3. 4. 5. 6. 7. 8. In the DNS snap-in, connect to the target DNS server and browse to the Forward Lookup Zones container. Right-click the Forward Lookup Zones and select New Zone In the New Zone wizard, select the Primary zone to be created. Type local for the Zone name and complete the wizard. Right-click the zone object local again, and click New Mail Exchanger on the shortcut menu. In the New Resource Record dialog box, type target for the Host or child domain. Click Browse and select the Exchange server in the target domain to which mail sent to the @target.local domain will be redirected. Click OK. Step 4.3: Testing the SMTP Connectors (Optional) After both source and target Exchange organizations have been set up for Internet mail flow as well as both source and target DNS servers have been configured for mail forwarding, it is recommended to test the connection between the source and the target organizations. This step should be performed in coordination the administrator of the source Exchange organization. To test the SMTP connectors: 1. 2. Create test mailboxes on the source and target Exchange servers. In this example, both mailboxes will be called mbx1. Set the same primary SMTP address for both mailboxes. In this example the primary address for both mailboxes will be [email protected] 48 Migration Manager for Exchange 8.10 - Target Exchange 2013 Environment Preparation 3. Set additional addresses for both mailboxes. In this example additional address for the source mailbox will be [email protected], and [email protected] for the target mailbox. 4. Create a contact on the source Exchange server and point it to the additional SMTP address of the target Exchange mailbox ([email protected]). Create a contact on the target Exchange server and point it to the additional SMTP address of the source mailbox ([email protected] ). Open the test source mailbox and send a message to the source contact. Open the test target mailbox and make sure that the message has arrived. From the test target mailbox, send a message to the target contact, and make sure the e-mail has reached the source test mailbox. 5. 6. 7. 8. 49 Migration Manager for Exchange 8.10 - Target Exchange 2013 Environment Preparation Summary This guide has guided you through preparing your Exchange 2013 organization and its environment for being the target organization in the Exchange migration process conducted by Migration Manager for Exchange. After the source Exchange organization also has been prepared, as described in one of the corresponding guides, you should refer to the Migration Manager for Exchange User Guide for further steps. 50 Migration Manager for Exchange 8.10 - Target Exchange 2013 Environment Preparation About Quest Software, Inc. Established in 1987, Quest Software (Nasdaq: QSFT) provides simple and innovative IT management solutions that enable more than 100,000 global customers to save time and money across physical and virtual environments. Quest products solve complex IT challenges ranging from database management, data protection, identity and access management, monitoring, user workspace management to Windows management. For more information, visit www.quest.com. Contacting Quest Software Email [email protected] Mail Quest Software, Inc. World Headquarters 5 Polaris Way Aliso Viejo, CA 92656 USA Web site www.quest.com Refer to our Web site for regional and international office information. Contacting Quest Support Quest Support is available to customers who have a trial version of a Quest product or who have purchased a Quest product and have a valid maintenance contract. Quest Support provides unlimited 24x7 access to our Support Portal at www.quest.com/support From our Support Portal, you can do the following: Retrieve thousands of solutions from our online Knowledge Base Download the latest releases and service packs Create, update and review Support cases View the Global Support Guide for a detailed explanation of support programs, online services, contact information, policies and procedures. The guide is available at: www.quest.com/support. 51 Migration Manager for Exchange 8.10 - Target Exchange 2013 Environment Preparation Third Party Contributions Quest® Migration Manager for Exchange version 8.10.1 contains some third party components (listed below). Copies of their licenses may be found at http://www.quest.com/legal/third-party-licenses.aspx. COMPONENT LICENSE OR ACKNOWLEDGEMENT Boost 1.34.1 Boost 1.0 HTMLayout 1.0 This Application (or Component) uses HTMLayout Component, copyright Terra Informatica Software, Inc. (http://terrainformatica.com). Loki 0.1.4 MIT Loki 0.1.6 MIT NABU-library 1.0* GNU LGPL Version 3, 29 June 2007 Newtonsoft.Json.dll 3.5.0.0 MIT ZLib 1.1.4 zlib 1.2.3 7-ZIP 9.20 7-ZIP 9.20 * a copy of the source code for this component is available at http://rc.quest.com. Boost 1.34.1: License Text Boost Software License - Version 1.0 - August 17th, 2003 Permission is hereby granted, free of charge, to any person or organization obtaining a copy of the software and accompanying documentation covered by this license (the "Software") to use, reproduce, display, distribute, execute, and transmit the Software, and to prepare derivative works of the Software, and to permit third-parties to whom the Software is furnished to do so, all subject to the following: The copyright notices in the Software and this entire statement, including the above license grant, this restriction and the following disclaimer, must be included in all copies of the Software, in whole or in part, and all derivative works of the Software, unless such copies or derivative works are solely in the form of machineexecutable object code generated by a source language processor. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR ANYONE DISTRIBUTING THE SOFTWARE BE LIABLE FOR ANY DAMAGES OR OTHER LIABILITY, WHETHER IN CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Loki 0.1.4: License Text Copyright (c) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, 52 Migration Manager for Exchange 8.10 - Target Exchange 2013 Environment Preparation INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Loki 0.1.6: License Text Copyright (c) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. NABU-library 1.0: License Text GNU LESSER GENERAL PUBLIC LICENSE Version 3, 29 June 2007 Copyright (C) 2007 Free Software Foundation, Inc. Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. This version of the GNU Lesser General Public License incorporates the terms and conditions of version 3 of the GNU General Public License, supplemented by the additional permissions listed below. 0. Additional Definitions. As used herein, "this License" refers to version 3 of the GNU Lesser General Public License, and the "GNU GPL" refers to version 3 of the GNU General Public License. "The Library" refers to a covered work governed by this License, other than an Application or a Combined Work as defined below. An "Application" is any work that makes use of an interface provided by the Library, but which is not otherwise based on the Library. Defining a subclass of a class defined by the Library is deemed a mode of using an interface provided by the Library. A "Combined Work" is a work produced by combining or linking an Application with the Library. The particular version of the Library with which the Combined Work was made is also called the "Linked Version". The "Minimal Corresponding Source" for a Combined Work means the Corresponding Source for the Combined Work, excluding any source code for portions of the Combined Work that, considered in isolation, are based on the Application, and not on the Linked Version. 53 Migration Manager for Exchange 8.10 - Target Exchange 2013 Environment Preparation The "Corresponding Application Code" for a Combined Work means the object code and/or source code for the Application, including any data and utility programs needed for reproducing the Combined Work from the Application, but excluding the System Libraries of the Combined Work. 1. Exception to Section 3 of the GNU GPL. You may convey a covered work under sections 3 and 4 of this License without being bound by section 3 of the GNU GPL. 2. Conveying Modified Versions. If you modify a copy of the Library, and, in your modifications, a facility refers to a function or data to be supplied by an Application that uses the facility (other than as an argument passed when the facility is invoked), then you may convey a copy of the modified version: a) under this License, provided that you make a good faith effort to ensure that, in the event an Application does not supply the function or data, the facility still operates, and performs whatever part of its purpose remains meaningful, or b) under the GNU GPL, with none of the additional permissions of this License applicable to that copy. 3. Object Code Incorporating Material from Library Header Files. The object code form of an Application may incorporate material from a header file that is part of the Library. You may convey such object code under terms of your choice, provided that, if the incorporated material is not limited to numerical parameters, data structure layouts and accessors, or small macros, inline functions and templates (ten or fewer lines in length), you do both of the following: a) Give prominent notice with each copy of the object code that the Library is used in it and that the Library and its use are covered by this License. b) Accompany the object code with a copy of the GNU GPL and this license document. 4. Combined Works. You may convey a Combined Work under terms of your choice that, taken together, effectively do not restrict modification of the portions of the Library contained in the Combined Work and reverse engineering for debugging such modifications, if you also do each of the following: a) Give prominent notice with each copy of the Combined Work that the Library is used in it and that the Library and its use are covered by this License. b) Accompany the Combined Work with a copy of the GNU GPL and this license document. c) For a Combined Work that displays copyright notices during execution, include the copyright notice for the Library among these notices, as well as a reference directing the user to the copies of the GNU GPL and this license document. d) Do one of the following: 0) Convey the Minimal Corresponding Source under the terms of this License, and the Corresponding Application Code in a form 54 Migration Manager for Exchange 8.10 - Target Exchange 2013 Environment Preparation suitable for, and under terms that permit, the user to recombine or relink the Application with a modified version of the Linked Version to produce a modified Combined Work, in the manner specified by section 6 of the GNU GPL for conveying Corresponding Source. 1) Use a suitable shared library mechanism for linking with the Library. A suitable mechanism is one that (a) uses at run time a copy of the Library already present on the user's computer system, and (b) will operate properly with a modified version of the Library that is interface-compatible with the Linked Version. e) Provide Installation Information, but only if you would otherwise be required to provide such information under section 6 of the GNU GPL, and only to the extent that such information is necessary to install and execute a modified version of the Combined Work produced by recombining or relinking the Application with a modified version of the Linked Version. (If you use option 4d0, the Installation Information must accompany the Minimal Corresponding Source and Corresponding Application Code. If you use option 4d1, you must provide the Installation Information in the manner specified by section 6 of the GNU GPL for conveying Corresponding Source.) 5. Combined Libraries. You may place library facilities that are a work based on the Library side by side in a single library together with other library facilities that are not Applications and are not covered by this License, and convey such a combined library under terms of your choice, if you do both of the following: a) Accompany the combined library with a copy of the same work based on the Library, uncombined with any other library facilities, conveyed under the terms of this License. b) Give prominent notice with the combined library that part of it is a work based on the Library, and explaining where to find the accompanying uncombined form of the same work. 6. Revised Versions of the GNU Lesser General Public License. The Free Software Foundation may publish revised and/or new versions of the GNU Lesser General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Library as you received it specifies that a certain numbered version of the GNU Lesser General Public License "or any later version" applies to it, you have the option of following the terms and conditions either of that published version or of any later version published by the Free Software Foundation. If the Library as you received it does not specify a version number of the GNU Lesser General Public License, you may choose any version of the GNU Lesser General Public License ever published by the Free Software Foundation. If the Library as you received it specifies that a proxy can decide whether future versions of the GNU Lesser General Public License shall apply, that proxy's public statement of acceptance of any version is permanent authorization for you to choose that version for the Library. Newtonsoft.Json.dll 3.5.0.0: License Text 55 Migration Manager for Exchange 8.10 - Target Exchange 2013 Environment Preparation Copyright (c) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ZLib 1.1.4: License Text License /* zlib.h -- interface of the 'zlib' general purpose compression library version 1.2.3, July 18th, 2005 Copyright (C) 1995-2005 Jean-loup Gailly and Mark Adler This software is provided 'as-is', without any express or implied warranty. In no event will the authors be held liable for any damages arising from the use of this software. Permission is granted to anyone to use this software for any purpose, including commercial applications, and to alter it and redistribute it freely, subject to the following restrictions: 1. The origin of this software must not be misrepresented; you must not claim that you wrote the original software. If you use this software in a product, an acknowledgment in the product documentation would be appreciated but is not required. 2. Altered source versions must be plainly marked as such, and must not be misrepresented as being the original software. 3. This notice may not be removed or altered from any source distribution. Jean-loup Gailly [email protected] Mark Adler [email protected] */ 7-ZIP 9.20: License Text Licenses for files are: 1) 7z.dll: GNU LGPL + unRAR restriction 2) All other files: GNU LGPL The GNU LGPL + unRAR restriction means that you must follow both GNU LGPL rules and unRAR restriction rules. Note: You can use 7-Zip on any computer, including a computer in a commercial organization. You don't need to register or pay for 7-Zip. GNU LGPL information -------------------This library is free software; you can redistribute it and/or 56 Migration Manager for Exchange 8.10 - Target Exchange 2013 Environment Preparation modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You can receive a copy of the GNU Lesser General Public License from http://www.gnu.org/ unRAR restriction ----------------The decompression engine for RAR archives was developed using source code of unRAR program. All copyrights to original unRAR code are owned by Alexander Roshal. The license for original unRAR code has the following restriction: The unRAR sources cannot be used to re-create the RAR compression algorithm, which is proprietary. Distribution of modified unRAR sources in separate form or as a part of other software is permitted, provided that it is clearly stated in the documentation and source comments that the code may not be used to develop a RAR (WinRAR) compatible archiver. -Igor Pavlov 57
* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project
Related manuals
Download PDF
advertisement