Lotus Notes to Microsoft 365 Migration Guide

This is the complete onboarding task flow for migrating mailboxes from On-Premises Lotus Notes, or On-Premises Lotus Domino, to Microsoft 365. 

There are some tools and resources that will make the migration easier. We suggest reading through the following information and linked guides before beginning your migration. 

First migration?

We’ve created a guide to scoping, planning, and managing the migration process for your use. If this is your first migration, we recommend reading this guide carefully.


MigrationWiz is a migration tool, not a syncing tool. If changes are made at the source after migration, they will not sync to the destination, nor will changes made at the destination sync to the source. We do not have “live” monitoring of changes (as with a sync agent) and we cannot handle scenarios such as conflict resolution without user interaction.

MigrationWiz supports the capability to share migration projects across a Workgroup. When the Project Sharing feature is turned on, all Agents besides those who are Inactive can view all migrations projects. 

We are not able to support migrations with two-factor or multifactor authentication. 

App passwords are not supported for the Microsoft 365 endpoint. 

The maximum file size for migration through MigrationWiz varies by migration type and environment, but may never exceed 60GB.

Lotus Notes

Lotus Notes requires local software installation to use MigrationWiz, as there are no remote APIs for the messaging system. The Lotus Extractor is a small console application (a standalone .exe file) responsible for extracting data from the Domino server and securely streaming this data to the MigrationWiz platform. The steps and requirements to install this extractor are included in the Prepare the Source Environment section of this guide. After installing the Lotus Notes Extractor, you can then manage the migration from the MigrationWiz web portal (e.g., to stop/start migrations, view statistics, etc.).

The following information is applicable to Lotus Notes (Domino Server) 6.5+ - 9.0.1 

What items are and are not migrated?


  • Inbox
  • Folders
  • Email
  • Contacts
  • Calendars
  • Tasks

Not Migrated

  • Lotus Distribution Groups
  • All Documents view
  • Lotus Mail Groups
  • Journals
  • Items in the Trash folder
  • Resources field inside a Calendar event
  • Task alarms & reminders

Prepare the Source Environment

Set up the administrator account

Set up an administrator account for migration on the Domino server. A single administrative account will be used to migrate all mailboxes. This means there is no need to specify a password for each user's mailbox.

  1. Open Notes/Domino Administrator.
  2. Select the server where the mailboxes are located.
  3. Go to the Files tab.
  4. Select the folder containing the mailboxes and right-click on it.
  5. Go to the menu to manage access control.
  6. Select the user to be used to perform the migration.
  7. Grant this account sufficient rights to access the mailboxes.

The administrator account will need to have the following included for permissions applied to each .nsf file being migrated as well as the Public address book (names.nsf):

  • Access: Manager
  • Delete Documents: Enabled (This is not a default permission and must be manually selected, or your Domino server will run out of space very quickly.)

Perform mailbox cleanup

  • Mailboxes should be emptied of unneeded/unsupported data.
  • Old/unwanted email (this will reduce the time for migration.)
  • Large attachments (any attachment larger than 150MB will not be migrated.)
  • Unwanted mailboxes should be archived/deleted according to company compliance policies.

Synchronize address books

Synchronize users' personal address books on the Lotus Domino server. Lotus Notes contacts are stored locally on the users’ hard drives, in a local .nsf file. To migrate them, each user must synchronize their personal address book on the Lotus Domino server before the migration begins.

We recommend that you send an email to all users with instructions on how to synchronize their personal address books.

For Lotus Notes 8+ - 9.0.1

Lotus Notes versions after 9.0.1 are not supported.

Each user must proceed with the following on their machine.

To synchronize contacts manually:

  1. Start the Lotus Notes client and open its session.
  2. From the File menu, select Preferences.
  3. Under the Contacts section, checkmark Enable "Synchronize Contacts" on the Replication and Sync tab.
  4. Click OK.
  5. From the Tools menu, select Replicate and Sync All.
  6. Click Open > Replicationor if Open List is docked, click the Replication icon.
  7. Make sure that there is a checkmark next to Synchronize Contacts in the Enabled column and click Start Now.

To synchronize contacts automatically:

  1. Open the Schedule.
  2. Set your Replication Schedule options and define when the replication should occur, when the client starts or is shut down, and click OK.

Then, under Schedule, select Enable Scheduled Replication for it to take effect.

For Lotus Notes 6 and 7:

Each user must proceed with the following on their own machine:

  1. Start the Lotus Notes client and open its session.
  2. From the Actions menu, select Synchronize Address Book.​​

Set up the Lotus Notes Extractor

The Lotus Extractor requires that you have the .NET Framework version 4.6.1 or later installed on the computer on which you install and run the Extractor. To determine the .NET Framework version currently installed, follow instructions provided by Microsoft: How to: Determine Which .NET Framework Versions Are Installed. The Lotus Extractor will require ports 80 and 443 to be open.

Do not deploy Lotus Extractor on a machine on which the Domino Server is deployed. Do not deploy more than one instance of Lotus Extractor on the same machine.

Running the Extractor now will result in a message that the Extractor is unable to find a mailbox connector. This is an expected message and is not a problem for this step.

Follow these steps on each machine that will run a Lotus Extractor:

  1. Install the Lotus Notes client on the machine (or virtual machine).
  2. Open the Lotus Notes client and log in with the same administrative account that was set up for migration.
  3. Retrieve the ID file for the administrative account being used for migration and copy it to the machine (or virtual machine).
  4. Ensure that the Internet proxy settings are correct on the machine (or virtual machine). If you are unable to connect to the internet with this option disabled, contact the network administrator to allow the Lotus Extractor.
  5. Close the Lotus Notes client. This will release the lock taken by the Lotus Notes client on the notes.ini file.
  6. Install the Lotus Extractor. It is available for download here.
  7. Once installed, start the Lotus Extractor.
  8. Each Lotus Extractor displays a unique identifier called Lotus Extractor Identifier, which is located near the top of the .exe window. See the screenshot below. Copy this identifier, because it will be needed later, during the migration configuration.


  9. Enter your BitTitan account username and password.
  10. Enter the password of the Lotus Notes administrative account that was created for migration.

Each Lotus Extractor can simultaneously migrate up to 15 mailboxes. Therefore, once you have set up your MigrationWiz mailbox migration projects, you should go into Advanced Options and set the number of concurrent migrations to 15. 

Deploy each Lotus Extractor within the same Local Area Network where its target Lotus Domino server is located. Do not deploy a Lotus Extractor on a machine on which the Lotus Domino server is deployed. In the case of clustered Domino servers set up with replication enabled, a single Domino server has to be selected as a source of data for all migration activities using MigrationWiz.

Do not deploy more than one Lotus Extractor on the same machine. Do not stop a running Lotus Extractor. Leave the console window open; the migration will start automatically after the last step of the configuration. After authenticating, the Lotus Extractor will generate a CSV file named "LotusExtractor.csv". This can be used to bulk-add users within your MigrationWiz project. 

The Lotus Extractor works with the Lotus Client to create a list of all users.  On initial startup, the Lotus Extractor will generate a CSV file named "LotusExtractor.csv" that can be used to bulk import mailboxes for migration into MigrationWiz. This file is automatically generated in the same directory as the Lotus Extractor executable. If the file already exists, it will not be regenerated when opened. If you need to generate a new CSV file, delete the existing one, and restart the Lotus Extractor.

Prepare the Destination Environment

Create Administrator Account

Create a Global Administrator or a delegated admin with full access rights or permissions account in Microsoft 365 to be used for migration or use the Global Administrator or delegated admin with full access rights or permissions account for the tenant. In order to have administrative permissions to migrate mailbox data, grant the account permissions on each mailbox.

  • Having administrative access to the Microsoft 365 control panel to manage users does not mean the same account has permissions to access all mailboxes for migration.
  • Having delegated admin access to accounts does not provide enough access.

Enabling an administrative account the ability to access Microsoft 365 user mailboxes can be performed by adding the Impersonation role or Full Access mailbox permissions.  The below steps will explain how to configure the permissions access for both options. Microsoft 365 does NOT allow Impersonation for Small Business plans.

Note: The remote PowerShell commands below can take several minutes to complete.

  1. Make sure you are using a global admin account to perform these steps
  2. Click the Windows Start button.
  3. Search for Windows PowerShell (PowerShell should already be installed).
  4. Start PowerShell under an administrator context (right-click -> run as administrator).
  5. Run the following PowerShell commands one at a time:
    Set-ExecutionPolicy Unrestricted$LiveCred = Get-Credential

    Install-Module -Name ExchangeOnlineManagement
    Import-Module -Name ExchangeOnlineManagement
    Connect-ExchangeOnline -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred


    The Enable command may take a long time to run and may error out. If so, wait a few minutes and run it again.
    New-ManagementRoleAssignment -Role "ApplicationImpersonation" -User admin@domain.com
  • Make sure to replace "admin@domain.com" in the PowerShell command above with the admin account being used for migration.
  • Ignore any errors such as "This operation is not available in current service offer."
  • Ignore any errors such as "The assignment of the management role 'ApplicationImpersonation' [...] won't take effect until user is migrated."


Using impersonation, it is possible to stop sharing the throttling quota and connection limits associated with a single administrative account. ​Instead, the throttling quota of each user is used to log in to each user mailbox.

Using impersonation means:

  • Eliminating most "Connection did not succeed" errors
  • Allowing migration of more mailboxes concurrently
  • Reducing the impact of throttling and connection limits
  • Using an admin account without assigning a license to it

Full Access

To manually grant administrative access for migration, execute the following remote PowerShell commands: 

Note: The remote PowerShell commands below can take several minutes to complete.

  1. Make sure you are using a global admin account to perform these steps
  2. Click the Windows Start button.
  3. Search for Windows PowerShell (PowerShell should already be installed).
  4. Start PowerShell under an administrator context (right-click -> run as administrator).
  5. Run the following PowerShell commands one at a time:
  6. Run the following PowerShell commands one at a time:
    Set-ExecutionPolicy Unrestricted$LiveCred = Get-Credential

    Install-Module -Name ExchangeOnlineManagement
    Import-Module -Name ExchangeOnlineManagement
    Connect-ExchangeOnline -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred

    Get-Mailbox -ResultSize Unlimited | Add-MailboxPermission -AccessRights FullAccess -Automapping $false
  • The command to grant Full Access rights needs to be applied each time a new mailbox is created since permissions are set directly on each mailbox. The administrative account will not have access until the permissions are applied.
  • In the script above, the username "MigrationWiz" should be replaced with the name of the administrative account that was set up, by following the instructions in this Knowledge Base article.
  • This username is the Administrative Username that needs to be entered under the project's Source or Destination settings, within MigrationWiz, when checking the box labeled Use Administrative Login.

 Create and License User Accounts

 Set up accounts on Microsoft 365 and assign licenses. These can be created in several ways:

Modern Authentication Requirements

The steps listed in the Obtain Client and Tenant ID Settings for Mailbox and Exchange Online Migrations section of the Authentication Methods Migrations KB apply to both the source and destination tenant when they are Exchange Online, in regards to Exchange Web Services (EWS) in mailbox, archive mailbox, and public folder projects. Use a Global Administrator for the configuration steps.

Please review the documentation before preparing the destination.

Prepare the tenant to send & receive large items

We do not impose any limit on item/attachment sizes. However, large items/attachments can fail to migrate because of external factors.  There are two considerations:​

  1. What is the maximum attachment size allowed by the Destination system? 
  • Most email systems impose size limits. For example, if the Destination system has a 30MB limit, any item/attachment larger than 30MB will fail to migrate.
  • What is the connection timeout for the Source and Destination system? 
    • ​​For security reasons, most email systems close opened connections after a predetermined amount of time. For example, if the Destination system only has 512Kbps of network bandwidth and closes connections after 30 seconds, we may be unable to transfer large items/attachments before the connection is closed.

    MigrationWiz will automatically make multiple attempts to migrate large items. Upon completion of a migration, you may resubmit it in error retry mode to try to migrate failed items. This is always free of charge.:

    When migrating from or to Office 365 use the steps provided here to increase the Max Send and Max Recieve quotas, Change message size limits in Office 365.

    MigrationWiz Steps

    Create a Mailbox Migration project

    You will need to create one project per Lotus Notes Extractor. The server for each Source Server Name will be the Lotus Notes Identifier from the Lotus Extractor.

    1. Click the Go to My Projects button.
    2. Click the Create Project button.
    3. Click on the type of project that you wish to create. For this migration:
    • Mailbox: Mailbox projects are used to migrate the contents of the primary user mailbox from the previous environment to the new environment. Most mailbox migrations can migrate email, calendars, and contacts.

    For mailbox migrations, use administrative credentials to access mailboxes. In most migration scenarios, the admin account needs to have full access rights to the Source mailboxes. 

    1. Click Next Step.
    2. Enter a Project name and select a Customer.
    3. Click Next Step.


    During the migration setup, create the Source and Destination endpoints.

    Endpoints are now created through MigrationWiz, rather than through MSPComplete. The steps for this section outline how to create the endpoints in MigrationWiz.

    If you are selecting an existing endpoint, keep in mind that only ten endpoints will show in the drop-down. If you have more than ten, you may need to search. Endpoint search is case and character-specific. For example, Cust0mer will not show up if the search is customer. We recommend keeping a list of endpoints you have created, along with any unique spellings or capitalization you may have used.

    Create a Source Endpoint

    1. Click New.
    2. Enter the endpoint name.
    3. Endpoint type: Lotus Notes 6.5+.
    4. In the Server Name field, enter the Lotus Extractor Identifier.
      • Create separate Source endpoints for each Extractor that you set up. These will be used when setting up your MigrationWiz projects. You will be setting up one MigrationWiz project per Extractor.
      • The Lotus Extractor Identifier was generated when setting up your Lotus Extractor(s) and is at the top of the Lotus Extractor window.

    Create the Destination Endpoint

    1. Click Endpoints.
    2. Click Add Endpoint.
    3. Enter endpoint name.
    4. Select endpoint type Office 365.
    5. Click Provide Credentials.
    6. Enter the admin account credentials. This should be for the global admin account. 
    7. Click Add.
    8. Complete the Application (client) ID and the Directory (tenant) ID fields, otherwise, you cannot save your project.Destintation Settings.png
    9. Click Next Step.


    When configuring the destination endpoint, do not forget to complete the client ID and the tenant ID fields for the Destination endpoint, otherwise, you cannot save your project migration.

    Once the information has been provided for both, the source and/or destination endpoint, and the customer selects Save and Go to Summary, MigrationWiz performs an endpoint validation check for the Microsoft 365 endpoint.

    This validation tests the administrator credentials entered into the project and the Modern Authentication setup only. If there is an issue, the screen redirects to the endpoint and provides an error message or flyout that can be selected for more information regarding the error.

    Common Errors when Configuring Your Endpoint

    For more information, review the AADSTS700016, AADSTS90002, and ADDSTS50126 issues on the Common Errors Using Modern Authentication page.

    Add Accounts

    Add the accounts (also referred to as "items") to be migrated to the project. You can use the LotusExtractor.csv that was generated when setting up the Lotus Extractor to bulk-add the users. You can edit the .csv before using it to bulk import. 

    This generated file contains all identified user email addresses from the Domino Directory. Our Lotus Notes migration solution requires administrative credentials, so the “Source Username” and “Source Password” fields will not be used in either the LotusExtractor.csv or the Bulk Upload option within MigrationWiz.


    1. Open the folder where the Lotus Extractor has been installed.
    2. Locate the LotusExtractor.csv file.
    3. Copy the LotusExtractor.csv file to the desktop or another location.
    4. Open the copy of the LotusExtractor.csv file from the same location.
    5. Find the column titled Source Email.
    6. Delete all columns except the Source Email column.
    7. Make sure that all the email addresses in the Source Email column are the ones to be included in the migration.
      Note: Email addresses can be added or removed from this column without affecting the Lotus Extractor.
    8. Save the file.

    This can then be copied into the Bulk Add form.

    Purchase licenses

    We recommend that you purchase the User Migration Bundle license for this migration scenario. User Migration Bundle licenses allow multiple types of migrations to be performed with a single license. They also allow DeploymentPro to be used to configure Outlook email profiles. For questions on licensing, visit MigrationWiz Licenses

    To purchase licenses:

    1. Sign in to your BitTitan account. 
    2. In the top navigation bar, click Purchase.
    3. Click the Select button and choose User Migration Bundle licenses.
    4. Enter the number of licenses you want to purchase. Click Buy Now.
    5. Enter a Billing address if applicable.
    6. Click Next.
    7. Review the Order Summary and enter a payment method.
    8. Click Place Your Order.

    To apply for licenses

    1. Select the correct workgroup on the top of the left navigation pane.
      Note: This is the workgroup under the customer and migration project that was created. Your account must be part of the workgroup and project sharing must be enabled, if the project was not created under your account. For more information see Add and Edit Workgroups and Project Sharing in MigrationWiz.
    2. Click the project that requires licenses to be applied.
    3. Check the box to the left of the email for the user(s) to whom you want to apply for a User Migration Bundle license.
    4. Click the More menu (3 stacked lines) at the top of the project page.
    5. Click Apply User Migration Bundle License.

    Set the Project Advanced Options

    Recommended Options

      • The following options are most valuable for this migration scenario:
        • Set Maximum concurrent migrations. This should be set to 15. Each Lotus Extractor can simultaneously migrate up to 15 mailboxes only.
        • Set the project to use impersonation at Destination by checking the Use impersonation to authenticate box.
        • Add the following Support Options:
          Note: This is used if Lotus Notes is configured to use rich text formatting (RTF) by default. This ensures proper MIME conversion of the formatted text.
        • If RecipientMapping is being used, we strongly recommend defining fewer than 200 RecipientMapping items, otherwise migration may fail.

    Default Options

    The client and tenant ID fields for the destination in the Support tab of the project’s Advanced Options, are view-only fields. This means that you cannot edit or remove them from the support options page. To edit them,  you need to edit the project.


    You cannot update the default Advanced Options, in case you try to modify or add new ones the following message arises.
    Duplicate Support Option.png

    Run Verify Credentials

    1. Open the Project containing items you wish to validate.
    2. Select the items you wish to validate.
    3. Click the Start button in your dashboard.
    4. Select Verify Credentials from the drop-down list.

    Once complete, the results of the verification will be shown in the Status section.​ 

    Begin migration

    Notify users

    Send an email to end users to let them know what to expect for their Outlook profile reconfiguration. 

    Pre-Stage pass

    1. Select the users you wish to migrate.
    2. Click the Start button from the top.
    3. Select Pre-Stage Migration.
    4. Under the Migration Scheduling section, from the drop-down list, select 90 days ago.
    5. Click Start Migration.

    MX Record Cutover

    Change over MX records on the DNS provider's portal.

    Also, include the AutoDiscover (CName) setting.

    Full (Delta) pass

    1. Select the users.
    2. Click the Start button from the top.
    3. Select Full Migration.
    4. Click Start Migration.

    Run Retry Errors

    Look through the user list and click any red "failed migration" errors. Review the information and act accordingly.

    If problems persist, contact Support. In order to determine the issues that were encountered while migrating your mailboxes from Lotus Notes, you will need to provide us with certain information that was collected during the migration process. For all Lotus Notes migration issues, provide the log files with your Support request. The required log files are LotusExtractor.log, Coordinator.log, and Heartbeat.log. The log files are located in C:\Users\UserName\AppData\Local\BitTitan.

    Nnavigate to %LOCALAPPDATA%\BitTitan​ on the Extractor machine processing the migration, and locate all files starting with the following:

    • Coordinator
    • ​LotusExtractor
    • Migrator​​​​​

    Add the log files to a zip file, and attach them to the support request.​ Archive and send that to Support.

    Cannot Resolve Email Addresses

    Sometimes we cannot resolve the email addresses provided by Lotus Notes. It happens when a user no longer exists in the Domino Directory (for instance, he/she may have left the company) or when the Domino Directory cannot convert the address.

    In that case, we use the values returned by the Notes API to try to provide the most relevant information. The results may look like:

    • CN=John/O=Company@Domain
    • John Doe/Company@Domain
    • John Doe
    • John Doe <johndoe@company.com>
    • johndoe@company.com

    Request Statistics

    Click the pie chart icon in the MigrationWiz dashboard to receive an email containing all the project migration statistics.

    Was this article helpful?
    5 out of 5 found this helpful