How do I create an administrator account in Office 365, and then use this during migration?

 

The easiest approach to follow is to use the global admin account. This was set up at the time of tenant creation.

However, if you do not wish to use this global admin account during migration, then a new user account can be created instead. This will then need to be granted full access rights to each mailbox user.

Steps:

  1. Create a user in Office 365: Create user mailbox in Exchange Online
  2. Connect to Exchange Online by using remote PowerShell. For more information about how to do this, go to the following Microsoft website: Connect to Exchange Online Using Remote PowerShell
  3. Type the following command, and then press Enter:
    Get-Mailbox -ResultSize unlimited -Filter {(RecipientTypeDetails -eq 'UserMailbox') -and (Alias -ne 'Admin')} | Add-MailboxPermission -User AdministratorAccount@mydomain.com -AccessRights fullaccess -InheritanceType all

After you perform these steps, the specified user will be able to access all user mailboxes in Office 365. The user will be able to view the contents of the mailboxes from either Outlook or Outlook Web App.

When migrating mailboxes into Office 365, our best practice is to use impersonation.

Steps:

To migrate using impersonation:

  1. Sign in to your MigrationWiz account.​
  2. Create your mailbox migration project, make sure to checkmark the box labelled Use Administrator Login, and then fill in the fields marked Administrator Username and Administrator Password, when defining the MigrationWiz project.
  3. From the MigrationWiz Project Dashboard, click on Edit the Project, and select Advanced Options from the drop-down list.
  4. If migrating from Office 365, under Source: Microsoft Office 365, checkmark the box labelled Use impersonation to authenticate.
  5. If migrating to Office 365, under Destination: Microsoft Office 365, checkmark the box labelled Use impersonation to authenticate.
  6. Click Save Options.

MigrationWiz will automatically run a remote PowerShell command to allow the admin account to log in to (impersonate) user mailboxes.

These are the remote PowerShell commands that are executed when a mailbox is submitted for migration:

Enable-OrganizationCustomization

New-ManagementRoleAssignment -Role ApplicationImpersonation -User <admin_user_name>

To learn how to run these commands man​ually, click here. This is useful if there are delays from Microsoft and the PowerShell command does not run immediately.

Notes:

  • If using the global admin account, the delegation steps listed above to grant full mailbox access are not necessary, since it already has the necessary rights.
  • If using impersonation, the account that was set up with full access rights to user mailboxes (as described above), or the global admin account, does not need an Exchange Online license granted to it since it is impersonating accounts that do have a license.

Was this article helpful?
4 out of 4 found this helpful