Assign permissions for migration in Exchange Online

In the second part of the six-part email migration from on-premises Exchange server to Exchange Online series, we will be discussing about assigning the necessary permissions to access and sometimes modify the mailboxes during migration. To migrate the mailboxes, the user account of the migration admin with which you would connect to your on-premises Exchange server, needs certain permissions along with the administrative privileges in your on-premises Exchange server.

Administrative privileges required during the following types of migration:

1. Staged migration – Domain Admin in Active Directory Domain Services (ADDS) (or) FullAccess and WriteProperty permissions (or) Receive As and WriteProperty permissions for all on-premises mailboxes.
2. Cutover migration – Domain Admin in Active Directory Domain Services (ADDS) (or) FullAccess permission (or) Receive As permission for all on-premises mailboxes.
3. Hybrid migration – Domain Admin in Active Directory Domain Services (ADDS) (or) a member of Exchange Recipients Administrators group (or) a member of Organization Management or Recipient Management group in the Active Directory.

You can use Exchange Online PowerShell in your on-premises organization to assign the necessary permissions. Given below are few example PowerShell cmdlets that can be used to assign on-premises mailboxes permissions to the migration admin’s user account to get you started.

1. Full Access Permission –

   Eg.Get-Mailbox -ResultSize unlimited -Filter "RecipientTypeDetails -eq‘usermailbox’” | Add-MailboxPermission -User migrationadmin -AccessRightsFullAccess -InheritanceType all

   This cmdlet assigns FullAccess permissions of all user mailboxes to the migration admin account.

2. Receive As Permission –

   Eg.Add-ADPermission -Identity "user mailbox" -User migrationadmin -ExtendedRights receive-as

   This cmdlet assigns Receive As permission of user mailbox to the migration admin account.

3. WriteProperty Permission –

   Eg.Get-User -ResultSize unlimited -Filter "RecipientTypeDetails -eq ‘UserMailbox’" | Add-ADPermission -User migrationadmin -AccessRightsWriteProperty -Properties TargetAddress

   This cmdlet assigns WriteProperty permission of all user mailboxes to the migration admin account for modifying the target address attributes.

After assigning these permissions you can migrate the mailboxes.

M365 Manager Plus, a comprehensive Microsoft 365 reporting, management, monitoring, auditing, and alerting tool, helps you to keep track of the migration process by offering pre-defined and intuitive reports. It provides reports on Exchange server to Exchange Online migration statistics and users. Follow the steps given below to generate migration statistics report using M365 Manager Plus.

1. Click on the Reports tab.
2. Navigate to Exchange Online > Mailbox Reports > General Mailbox Reports.
3. Choose the Migration Statistics report.
4. Select the corresponding Microsoft 365 Tenant.
5. Click on Generate Now.

Why choose M365 Manager Plus for your Microsoft 365 organization?

• Reports with advanced features: Offers 700+ pre-configured reports with attribute and condition-based filters. The reports are geolocation-enabled.
• Historical data and storage: Generates reports evenfor data that is older than 180 days. The audit logs can be stored for an indefinite period.
• Customizable dashboard: Offers customizable dashboards to help you get a quick peek at the summarized data. These dashboards can also be embedded in your web pages to enable constant monitoring.
• Report scheduler: Reports can be scheduled to be generated and emailed to the stakeholders at regular intervals. This reduces the arduous job of manual report generation.
• Report exporting: Reports can be exported to PDF, XLSX, HTML, or CSV formats and saved in the local computer for future reference.
• Templates and automation: Helps manage Microsoft 365 objects like users, contacts and groups in bulk. Create templates for user provisioning and automating other Microsoft 365 tasks.
• Customizable templates: Set rules to auto-populate fields and create your own custom naming formats and password policies for the templates.
• Secure delegation: Delegate the task of report generation to technicians and IT staffs without giving them elevated rights and access over Microsoft 365 objects. Create your own custom roles with just enough granular permission.
• Virtual tenants: Create customizable virtual tenants, and delegate it to the technicians to perform help desk activities.

Click here to learn more about how M365 Manager Plus offers simple solution for complex Microsoft 365 issues.