This is the complete onboarding task flow for migrating mailboxes from On-Premises Lotus Notes, or On-Premises Lotus Domino, to Microsoft 365.
There are some tools and resources that will make the migration easier. We suggest reading through the following information and linked guides before beginning your migration.
MigrationWiz
MigrationWiz is a migration tool, not a syncing tool. If changes are made at the source after migration, they will not sync to the destination, nor will changes made at the destination sync to the source. We do not have “live” monitoring of changes (as with a sync agent) and we cannot handle scenarios such as conflict resolution without user interaction.
MigrationWiz supports the capability to share migration projects across a Workgroup. When the Project Sharing feature is turned on, all Agents besides those who are Inactive can view all migrations projects.
First migration?
We’ve created a guide to scoping, planning, and managing the migration process for your use. If this is your first migration, we recommend reading this guide carefully.
Prerequisites
It is important to highlight and meet the following prerequisites for a smooth migration project.
Lotus Notes
Lotus Notes requires local software installation to use MigrationWiz, as there are no remote APIs for the messaging system. The Lotus Extractor is a small console application (a standalone .exe file) responsible for extracting data from the Domino server and securely streaming this data to the MigrationWiz platform. The steps and requirements to install this extractor are included in the Prepare the Source Environment section of this guide. After installing the Lotus Notes Extractor, you can then manage the migration from the MigrationWiz web portal (e.g., to stop/start migrations, view statistics, etc.).
Licensing
We recommend that you purchase User Migration Bundle licenses for this migration scenario. User Migration Bundle licenses allow the performance of multiple migrations with a single license. For questions on licensing, visit MigrationWiz Licenses.
To use your license by following the next steps:
- Purchase Licenses.
- Create a Customer.
- Apply Licenses.
- Review Considerations.
Purchase licenses by following the steps below:
- Sign in to your BitTitan account.
- In the top navigation bar, click Purchase.
- Click the Select button and choose User Migration Bundle licenses.
- Enter the number of licenses you want to purchase. Click Buy Now.
- Enter a Billing address if applicable.
- Click Next.
- Review the Order Summary and enter a payment method.
- Click Place Your Order.
Create Customer on MSPComplete by performing these steps:
- Click the Add button in the top navigation bar
- Click the Add Customer button on the All Customers page
- Select the appropriate workgroup in the left navigation pane and click All Customers.
- Click Add Customer.
- Enter the new customer’s information in the Add Customer form. Primary Email Domain and Company Name are required. The rest are optional.
- Click Save.
- Repeat steps 1 through 4 for each customer you want to add.
Perform these steps on MSPComplete:
- Select the correct workgroup on the top of the left navigation pane.
Important
This is the workgroup which the customer and migration projects were created under. Your account must be part of the workgroup if the project was not created under your account. - Click Customers on the left navigation pane.
- Click the customer that employs the user to whom you want to use the User Migration Bundle license.
- Click the Users tab at the top of the page.
- Apply the license to the users by checking the box to the left of their emails.
- Click the Apply User Migration Bundle License button at the top of the page.
Tip
We recommend adding users to the Customer page with the vanity domain. Then apply the User Migration Bundle Licenses, before editing to show the .onmicrosoft domain, if the .onmicrosoft domain will be used for the migration. - Click Confirm if at least one unassigned User Migration Bundle license is available for each selected user.
Important
If there are no User Migration Bundle licenses currently available to be assigned and your role in the workgroup is Manager or higher, the form that appears provides all the necessary information and will walk you through the steps of purchasing User Migration Bundle licenses.
Licenses are released once payment has been received:
- Licenses are available immediately upon payment if you purchase via credit card.
- If you purchase via wire transfer (100+ licenses), the licenses will be available once payment is received and accepted.
- We do not accept purchase orders because of processing overhead.
In both cases, you will be notified by email that payment has been accepted and licenses are available in your account upon notification.
For more information on licensing, including coupon redemption and other licensing types, see our Licensing FAQ.
Limitations
- We are not able to support migrations with two-factor or multifactor authentication.
- App passwords are not supported for the Microsoft 365 endpoint.
- The maximum file size for migration through MigrationWiz varies by migration type and environment, but may never exceed 60GB.
Migrated Items
Please click the bars below to check the migrated and non-migrated items. We are constantly working to create a better migration experience for you so these items may change over time.
The following information is applicable to Lotus Notes (Domino Server) 6.5+ - 9.0.1
Migrated
- Inbox
- Folders
- Contacts
- Calendars
- Tasks
Not Migrated
- Lotus Distribution Groups
- All Documents view
- Lotus Mail Groups
- Journals
- Items in the Trash folder
- Resources field inside a Calendar event
- Task alarms & reminders
Prepare the Source Environment
Set up the Administrator Account
Set up an administrator account for migration on the Domino server. A single administrative account will be used to migrate all mailboxes. This means there is no need to specify a password for each user's mailbox.
- Open Notes/Domino Administrator.
- Select the server where the mailboxes are located.
- Go to the Files tab.
- Select the folder containing the mailboxes and right-click on it.
- Go to the menu to manage access control.
- Select the user to be used to perform the migration.
- Grant this account sufficient rights to access the mailboxes.
The administrator account will need to have the following included for permissions applied to each .nsf file being migrated as well as the Public address book (names.nsf):
- Access: Manager
- Delete Documents: Enabled (This is not a default permission and must be manually selected, or your Domino server will run out of space very quickly.)
Perform Mailbox Cleanup
- Mailboxes should be emptied of unneeded/unsupported data.
- Old/unwanted email (this will reduce the time for migration.)
- Large attachments (any attachment larger than 150MB will not be migrated.)
- Unwanted mailboxes should be archived/deleted according to company compliance policies.
Synchronize Address Books
Synchronize users' personal address books on the Lotus Domino server. Lotus Notes contacts are stored locally on the users’ hard drives, in a local .nsf file. To migrate them, each user must synchronize their personal address book on the Lotus Domino server before the migration begins.
We recommend that you send an email to all users with instructions on how to synchronize their personal address books.
Lotus Notes versions after 9.0.1 are not supported.
Each user must proceed with the following on their machine.
To synchronize contacts manually:
- Start the Lotus Notes client and open its session.
- From the File menu, select Preferences.
- Under the Contacts section, checkmark Enable "Synchronize Contacts" on the Replication and Sync tab.
- Click OK.
- From the Tools menu, select Replicate and Sync All.
- Click Open > Replication, or if Open List is docked, click the Replication icon.
- Make sure that there is a checkmark next to Synchronize Contacts in the Enabled column and click Start Now.
To synchronize contacts automatically:
- Open the Schedule.
- Set your Replication Schedule options and define when the replication should occur, when the client starts or is shut down, and click OK.
Then, under Schedule, select Enable Scheduled Replication for it to take effect.
Each user must proceed with the following on their own machine:
- Start the Lotus Notes client and open its session.
- From the Actions menu, select Synchronize Address Book.
Set up the Lotus Notes Extractor
The Lotus Extractor requires that you have the .NET Framework version 4.6.1 or later installed on the computer on which you install and run the Extractor. To determine the .NET Framework version currently installed, follow the instructions provided by Microsoft: How to: Determine Which .NET Framework Versions Are Installed. The Lotus Extractor will require ports 80 and 443 to be open.
Do not deploy Lotus Extractor on a machine on which the Domino Server is deployed. Do not deploy more than one instance of Lotus Extractor on the same machine.
Running the Extractor now will result in a message that the Extractor is unable to find a mailbox connector. This is an expected message and is not a problem for this step.
Follow these steps on each machine that will run a Lotus Extractor:
- Install the Lotus Notes client on the machine (or virtual machine).
- Open the Lotus Notes client and log in with the same administrative account that was set up for migration.
- Retrieve the ID file for the administrative account being used for migration and copy it to the machine (or virtual machine).
- Ensure that the Internet proxy settings are correct on the machine (or virtual machine). If you are unable to connect to the internet with this option disabled, contact the network administrator to allow the Lotus Extractor.
- Close the Lotus Notes client. This will release the lock taken by the Lotus Notes client on the notes.ini file.
- Install the Lotus Extractor. It is available for download here.
- Once installed, start the Lotus Extractor.
- Each Lotus Extractor displays a unique identifier called Lotus Extractor Identifier, which is located near the top of the .exe window. See the screenshot below. Copy this identifier, because it will be needed later, during the migration configuration.
- Enter your BitTitan account username and password.
- Enter the password of the Lotus Notes administrative account that was created for migration.
Each Lotus Extractor can simultaneously migrate up to 15 mailboxes. Therefore, once you have set up your MigrationWiz mailbox migration projects, you should go into Advanced Options and set the number of concurrent migrations to 15.
Deploy each Lotus Extractor within the same Local Area Network where its target Lotus Domino server is located. Do not deploy a Lotus Extractor on a machine on which the Lotus Domino server is deployed. In the case of clustered Domino servers set up with replication enabled, a single Domino server has to be selected as a source of data for all migration activities using MigrationWiz.
Do not deploy more than one Lotus Extractor on the same machine. Do not stop a running Lotus Extractor. Leave the console window open; the migration will start automatically after the last step of the configuration. After authenticating, the Lotus Extractor will generate a CSV file named "LotusExtractor.csv". This can be used to bulk-add users within your MigrationWiz project.
The Lotus Extractor works with the Lotus Client to create a list of all users. On initial startup, the Lotus Extractor will generate a CSV file named "LotusExtractor.csv" that can be used to bulk import mailboxes for migration into MigrationWiz. This file is automatically generated in the same directory as the Lotus Extractor executable. If the file already exists, it will not be regenerated when opened. If you need to generate a new CSV file, delete the existing one, and restart the Lotus Extractor.
Prepare the Destination Environment
Modern Authentication Requirements
The steps listed in the Required Permission for Performing M365 Mailbox and Archive Migrations article apply to both the source and destination tenant when they are Exchange Online, in regards to Exchange Web Services (EWS) in mailbox, and archive mailbox. Use a Global Administrator for the configuration steps.
Please review the documentation before preparing the source.
Create Administrator Account
Create an administrator account in Microsoft 365 to be used for migration or use the global admin account for the tenant. The administrator account must have full access to the user mailboxes, have the required API Permissions, or be granted impersonation rights.
We recommend adding the necessary API permissions to the Modern Authentication app you are using for your O365 mailbox or archive mailbox endpoint, to do so, follow the steps outlined in this guide. This is the suggested method by BitTitan.
However, you can still use BitTitan impersonation approach but consider that this method will be deprecated soon since Microsoft is phasing out RBAC Application Impersonation in Exchange Online.
Full Access
To manually grant administrative access for migration, execute the following remote PowerShell commands:
Important
The remote PowerShell commands below can take several minutes to complete.- Make sure you are using a global admin account to perform these steps
- Click the Windows Start button.
- Search for Windows PowerShell (PowerShell should already be installed).
- Start PowerShell under an administrator context (right-click -> run as administrator).
- Run the following PowerShell commands one at a time:
Set-ExecutionPolicy Unrestricted
$LiveCred = Get-Credential
Install-Module -Name ExchangeOnlineManagement
Import-Module -Name ExchangeOnlineManagement
Connect-ExchangeOnline -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCredGet-Mailbox -ResultSize Unlimited | Add-MailboxPermission -AccessRights FullAccess -Automapping $false
Considerations
- The command to grant Full Access rights needs to be applied each time a new mailbox is created since permissions are set directly on each mailbox. The administrative account will not have access until the permissions are applied.
- In the script above, the username "MigrationWiz" should be replaced with the name of the administrative account that was set up, by following the instructions in this Knowledge Base article.
- This username is the Administrative Username that needs to be entered under the project's Source or Destination settings, within MigrationWiz, when checking the box labeled Use Administrative Login.
Create and License User Accounts
Set up accounts on Microsoft 365 and assign licenses. These can be created in several ways:
- Manually, one at a time. Read the Add users individually or in bulk to Microsoft 365 article from Microsoft for more information.
- By bulk import, via CSV file. Read the Add several users at the same time to Microsoft 365 article from Microsoft for more information.
- By PowerShell script. Read the Create user accounts with Microsoft 365 PowerShell from Microsoft for more information.
Prepare the Tenant to Send and Receive Large Items
We do not impose any limit on item/attachment sizes. However, large items/attachments can fail to migrate because of external factors. There are two considerations:
What is the maximum attachment size allowed by the Destination system?
Most email systems impose size limits. For example, if the Destination system has a 30MB limit, any item/attachment larger than 30MB will fail to migrate.
What is the connection timeout for the Source and Destination system?
For security reasons, most email systems close opened connections after a predetermined amount of time. For example, if the Destination system only has 512Kbps of network bandwidth and closes connections after 30 seconds, we may be unable to transfer large items/attachments before the connection is closed.
MigrationWiz will automatically make multiple attempts to migrate large items. Upon completion of a migration, you may resubmit it in error retry mode to try to migrate failed items. This is always free of charge.
When migrating from or to Office 365 use the steps provided here to increase the Max Send and Max Recieve quotas, Change message size limits in Office 365.
MigrationWiz Steps
Create a Mailbox Migration project
You will need to create one project per Lotus Notes Extractor. The server for each Source Server Name will be the Lotus Notes Identifier from the Lotus Extractor.
- Click the Go to My Projects button.
- Click the Create Project button.
- Click on the type of project that you wish to create. For this migration:
- Mailbox: Mailbox projects are used to migrate the contents of the primary user mailbox from the previous environment to the new environment. Most mailbox migrations can migrate email, calendars, and contacts.
For mailbox migrations, use administrative credentials to access mailboxes. In most migration scenarios, the admin account needs to have full access rights to the Source mailboxes.
- Click Next Step.
- Enter a Project name and select a Customer.
- Click Next Step.
- Select endpoints or follow the steps below to create new ones.
- Click Save and Go to Summary.
Endpoints
Endpoints are created through MigrationWiz. If you select an existing endpoint from the dropdown, it will only show ten endpoints. If you have more than ten, you may need to search it.
Consider that endpoint search is case and character-specific. For example, Cust0mer will not show up if the search is customer. We recommend keeping a list of endpoints you have created, along with any unique spellings or capitalization you may have used.
Create your Endpoints
Please review the following tabs to create your destination and source endpoints.
Create your source endpoint by following the next steps:
- Click New.
- Enter the endpoint name.
- Endpoint type: Lotus Notes 6.5+.
- In the Server Name field, enter the Lotus Extractor Identifier.
- Create separate Source endpoints for each Extractor that you set up. These will be used when setting up your MigrationWiz projects. You will be setting up one MigrationWiz project per Extractor.
- The Lotus Extractor Identifier was generated when setting up your Lotus Extractor(s) and is at the top of the Lotus Extractor window.
Create your destination endpoint by following the next steps:
- Click New.
- Name the endpoint.
-
Select Microsoft 365 for the endpoint type.
- Select one of the following credential options.
- Provide Credentials, the form expands to show more fields for username and password. MigrationWiz uses the credentials to access the service chosen. In most cases, you must provide credentials for an administrator account on those services, as this will enable MigrationWiz to have full access to the cloud service.
- Do not Provide Credentials, MigrationWiz requests credentials from end users before a migration can be started. This may slow your migration, as you are now dependent on end users to provide these credentials.
- Click Add Endpoint.
- Complete the Application (client) ID, the Directory (tenant) ID, the Client Secret, and the Region of Destination Tenant fields.
- Click Next Step.
Important
When configuring the destination endpoint, do not forget to complete the client ID and the tenant ID fields for the Destination endpoint, otherwise, you cannot save your project migration.
Application (client) ID, Directory (tenant) ID, and Client Secret
For Microsoft 365 Mailbox and Archive migrations, MigrationWiz adds the Application (client) ID, Directory (tenant) ID, and Client Secret fields.
While the Application (client) ID and the Directory (tenant) ID are mandatory, the Client Secret field is not. It will depend on the permissions of the user account that performs the migration. Please review the following information before the creation of your M365 endpoints.
-
The client secret value is not mandatory if you use delegated permissions. Please leave the Client Secret field empty.
-
The client secret value is mandatory if you use the Application Impersonation using API Permissions approach.
- If you already have an admin account with the Impersonation role enabled (not using the Application Impersonation using API Permissions approach) the client secret value is not mandatory. Please leave the Client Secret field empty.
For more information about how to get the Application (client) ID and Directory (tenant) ID values from the Application Registration, please review step 3 of this article.
Region of Destination Tenant
MigrationWiz displays a dropdown to select the Preferred Region of the Tenant at the destination endpoint. This value updates the Preferred Region of the Destination Tenant field in the project's Advanced Options, and vice versa. You will notice that both values are always the same.
The Region of Destination Tenant feature optimizes the migration performance and speed when choosing the region closest to the destination tenant.
Tip
You can find the region of your destination tenant directly in the Microsoft Entra admin center by going to Identity > Overview > Properties, and using the Country or region or the Data location.
For more information on this topic, review this article.
Warning
If you do not complete this field you will not be able to save your project and the “This field cannot be left blank.” error will appear.Endpoint Validation
Once the information has been provided for both, the source and destination endpoint, and the customer selects Save and Go to Summary, MigrationWiz performs an endpoint validation check.
This validation tests the administrator credentials entered into the project and the Modern Authentication setup only. If there is an issue, the screen redirects to the endpoint and provides an error message or flyout that can be selected for more information regarding the error.
Common Errors when Configuring Your Endpoint
For more information on the AADSTS700016, AADSTS90002, and ADDSTS50126 issues review the Common Errors Using Modern Authentication page.
Add Accounts
Add the accounts (also referred to as "items") to be migrated to the project. You can use the LotusExtractor.csv that was generated when setting up the Lotus Extractor to bulk-add the users. You can edit the .csv before using it to bulk import.
This generated file contains all identified user email addresses from the Domino Directory. Our Lotus Notes migration solution requires administrative credentials, so the “Source Username” and “Source Password” fields will not be used in either the LotusExtractor.csv or the Bulk Upload option within MigrationWiz.
Steps:
- Open the folder where the Lotus Extractor has been installed.
- Locate the LotusExtractor.csv file.
- Copy the LotusExtractor.csv file to the desktop or another location.
- Open the copy of the LotusExtractor.csv file from the same location.
- Find the column titled Source Email.
- Delete all columns except the Source Email column.
- Make sure that all the email addresses in the Source Email column are included in the migration.
Important
Email addresses can be added or removed from this column without affecting the Lotus Extractor. - Save the file.
This can then be copied into the Bulk Add form.
Advanced Options
The following options are most valuable for this migration scenario:
Support Tab
- LotusEnableRetryOnGetMIMEFailure=0 This is used if Lotus Notes is configured to use rich text formatting (RTF) by default. This ensures proper MIME conversion of the formatted text.
- If RecipientMapping is being used, we strongly recommend defining fewer than 200 RecipientMapping items, otherwise migration may fail.
Default Options for Microsoft 365 Endpoints
By default, some fields are view-only. In other words, you cannot edit or remove them from the support options page. To edit them, you need to edit the source or destination endpoint of your project.
Among these default options, you can find ModernAuthClientIdExport, ModernAuthTenantIdExport, ModernAuthClientSecretExport, ModernAuthClientIdImport, ModernAuthTenantIdImport, and ModernAuthClientSecretImport.
The support options above are required when configuring your endpoint.
Important
Keep in mind that the ModernAuthClientSecretExport and the ModernAuthClientSecretImport support options are text-masked.
Warning
You cannot update the default Advanced Options, in case you try to modify or add new ones the following message arises.
Performance Tab
Set Maximum concurrent migrations. This should be set to 15. Each Lotus Extractor can simultaneously migrate up to 15 mailboxes only.
Source/Destination Tab
Set the project to use impersonation at Destination by checking the Use impersonation to authenticate box.
Run Verify Credentials
- Open the Project containing items you wish to validate.
- Select the items you wish to validate.
- Click the Start button in your dashboard.
- Select Verify Credentials from the drop-down list.
Once complete, the verification results will be shown in the Status section.
Performing the Migration
Notify users
Send an email to end users to let them know what to expect for their Outlook profile reconfiguration.
Pre-Stage pass
- Select the users you wish to migrate.
- Click the Start button from the top.
- Select Pre-Stage Migration.
- Under the Migration Scheduling section, from the drop-down list, select 90 days ago.
- Click Start Migration.
MX Record Cutover
Change over MX records on the DNS provider's portal.
Also, include the AutoDiscover (CName) setting.
Full (Delta) pass
- Select the users.
- Click the Start button from the top.
- Select Full Migration.
- Click Start Migration.
Run Retry Errors
Look through the user list and click any red "failed migration" errors. Review the information and act accordingly.
If problems persist, contact Support. In order to determine the issues that were encountered while migrating your mailboxes from Lotus Notes, you will need to provide us with certain information that was collected during the migration process. For all Lotus Notes migration issues, provide the log files with your Support request. The required log files are LotusExtractor.log, Coordinator.log, and Heartbeat.log. The log files are located in C:\Users\UserName\AppData\Local\BitTitan.
Nnavigate to %LOCALAPPDATA%\BitTitan on the Extractor machine processing the migration, and locate all files starting with the following:
- Coordinator
- LotusExtractor
- Migrator
Add the log files to a zip file, and attach them to the support request. Archive and send that to Support.
Cannot Resolve Email Addresses
Sometimes we cannot resolve the email addresses provided by Lotus Notes. It happens when a user no longer exists in the Domino Directory (for instance, he/she may have left the company) or when the Domino Directory cannot convert the address.
In that case, we use the values returned by the Notes API to try to provide the most relevant information. The results may look like:
- CN=John/O=Company@Domain
- John Doe/Company@Domain
- John Doe
- John Doe <johndoe@company.com>
- johndoe@company.com
Request Statistics
Click the pie chart icon in the MigrationWiz dashboard to receive an email containing all the project migration statistics.