If you are planning to migrate your on-premises Microsoft Exchange Server to Office 365 or Microsoft 365, you need to assign certain roles and permissions to the user account that will be used to connect to the on-premises Exchange organization. These roles and permissions are required to allow access and modify the mailboxes during the migration.
In this article, you will learn various roles and permissions required to migrate mailboxes from on-premises Exchange to Microsoft 365 and the steps to assign these administrative privileges.
Roles and Permissions Required to Migrate Mailboxes to Microsoft 365
There are mainly four different ways to migrate on-premises mailboxes to Office 365 or Microsoft 365. These are:
Based on the migration method you are using to move mailboxes from an on-premises Exchange organization to Office 365, you need to assign the roles and permissions to the user account.
Staged Migration
For Staged Migration, the user account that will be used for migration must have any of the following roles and permissions assigned.
- User should be a member of the Domain Admins group in Active Directory Domain Services (AD DS).
- FullAccess permission for each on-premises mailbox with the WriteProperty permission.
- Receive As permission on the on-premises mailbox database that stores the user mailboxes and the WriteProperty permission for all user accounts on the on-premises Exchange Server.
Cutover Migration
To perform a Cutover Migration for mailbox move, the user account or administrator account should:
- Be a member of the Domain Admins group in Active Directory Domain Services (AD DS) or
- Have FullAccess permission for all on-premises mailboxes or
- Have the Receive As permission on the mailbox database.
Hybrid Migration
If you want to move mailboxes from on-premises Exchange Server to Exchange Online using Remote Move Migration, the user account or administrator account must be a member of any of the below groups:
- Domain Admins group in Active Directory Domain Services (AD DS)
- Exchange Recipients Administrators group in Active Directory
- Recipient Management or Organization Management group in Exchange 2010 or later
IMAP Migration
For an IMAP4 migration, a comma-separated value or .csv file is used for the migration containing mailbox information. You should check the CSV file for the following:
- Username and password for all the mailboxes that you want to move to Microsoft 365 or
- Username and password for the user account in your IMAP4 messaging system that have administrative access to all user mailboxes.
Steps to Assign Required Roles and Permission for Microsoft 365 Migration
To assign the roles and permissions required for mailbox migration to Exchange Online (Microsoft Office 365), open Exchange Online PowerShell and follow these steps based on the migration method you choose.
Step 1: Assign FullAccess Permission
To assign FullAccess permission to a specific mailbox, run the following command in the Online PowerShell window:
Add-MailboxPermission -Identity "Ravi Singh" -User administrator -AccessRights FullAccess -InheritanceType all
Change administrator in the command with the user account or administrator account you are using to move mailboxes from on-premises Exchange to Microsoft 365.
Similarly, you can assign the FullAccess permission to all mailboxes in the on-premises organization to the user account or administrator used for migration by executing the following command:
Get-Mailbox -ResultSize unlimited -Filter "RecipientTypeDetails -eq 'UserMailbox'" | Add-MailboxPermission -User administrator -AccessRights FullAccess -InheritanceType all
To check if the permission is assigned successfully, run the following command:
Get-MailboxPermission -Identity <MailboxName> -User migadmin
Get-DistributionGroupMember MigrationBatch1 | Get-MailboxPermission -User administrator
Step 2: Assign Receive As Permission
To assign the Receive As permission, run the following command in the Microsoft Office 365 PowerShell.
Add-ADPermission -Identity "DatabaseName 152432" -User administrator -ExtendedRights receive-as
This will assign the Receive As permission for the mailbox database DatabaseName 152432 to the user account or administrator account that will be used for moving the mailboxes from on-premises to Microsoft 365.
To check and verify if the permission has been assigned successfully, run the following command:
Get-ADPermission -Identity "DatabaseName 152432" -User administrator
Step 3: Assign WriteProperty Permission
The WriteProperty permission is required to allow the user or administrator account that will be used for moving mailboxes, to modify the TargetAddress property for the user accounts on on-premises Exchange. To assign WriteProperty permission, execute the following command:
Add-ADPermission -Identity "Rainer Witte" -User migadmin -AccessRights WriteProperty -Properties TargetAddress
To assign the WriteProperty permission to all user mailboxes in on-premises Exchange to the user account or administrator account, run the following command:
Get-User -ResultSize unlimited -Filter "RecipientTypeDetails -eq 'UserMailbox'" | Add-ADPermission -User migadmin -AccessRights WriteProperty -Properties TargetAddress
To check if the WriteProperty permission has been assigned successfully, run the following command:
Get-ADPermission -Identity <mailbox> -User administrator
Get-Mailbox -ResultSize unlimited -Filter "RecipientTypeDetails -eq 'UserMailbox'" | Get-ADPermission -User administrator
Once the required permissions are assigned and other conditions mentioned in various migration methods are fulfilled, you can proceed with the mailbox migration.
A Simpler Way to Move Mailboxes from On-Premises Exchange to Microsoft 365
Although you can use the Staged, Cutover, Hybrid, or IMAP migration method to move mailboxes from your Exchange Server to Office 365, they require adequate planning and preparation. In addition, depending on the number of mailboxes or mailbox database size, these methods require significant time and effort to move the mailboxes from your current on-premises organization to Microsoft 365.
If you move the mailboxes in batches, this will put an additional load on your on-premises Exchange Server that can degrade the performance or cause issues.
However, you can overcome the challenges associated with manual mailbox migration methods by using a reliable and advanced EDB to PST converter software, such as Stellar Converter for EDB. With this software, you can export all your mailboxes from on-premises Exchange Server 2003 or later directly to Office 365 tenant in a few clicks and at up to 4x faster speed.
The software also auto-maps the source and destination mailboxes, making it easier for you to move mailboxes to correct user accounts on Office 365. Additionally, you also get many advanced options that you can use to prioritize mailbox move, filter mail items or mailboxes, save scan information to resume moving mailboxes at a later stage, etc.
Was this article helpful?
