Migrate to Exchange or Office 365 using delegation

Please refer to the section that applies to the appropriate Destination. This article refers to the use of delegation to log in to individual user mailboxes using an "admin" account that has full access rights to each mailbox.

Note: We strongly recommend using impersonation, rather than just delegation, when migrating to Office 365. However, when migrating to Exchange, rather than Office 365, either delegation or impersonation can be used. Refer to KB005004 for more information on this decision, and the exact steps to set these up.

 

Office 365:

Having administrative access to the Microsoft Office 365 control panel to manage users does not necessarily mean that the same account has permissions to access all mailboxes for migration. In order to have administrative permissions to migrate mailbox data, it is necessary to grant the account permissions on each mailbox.

To manually grant administrative access for migration, execute the following remote PowerShell command:

$cred = Get-Credential

$session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $cred -Authentication Basic -AllowRedirection

Import-PSSession $session

Get-Mailbox -ResultSize Unlimited | Add-MailboxPermission -AccessRights FullAccess -Automapping $false -User MigrationWiz

Remove-PSSession $session

 

Notes:

  • The above command needs to be applied each time a new mailbox is created, as permissions are set directly on the mailbox. The administrative account will not have access until the permissions are applied.​
  • The global admin account does have the necessary rights for delegation. However, again, we recommend using impersonation for migrations​ from and/or to Office 365.

 ​​​

​Exchange 2007/2010/2013/2016:​

This is a two-step process:

  1. Create an account with full access rights to each Exchange: How do I setup an Administrator account on Exchange
    • ​Important: Any user account that is a part of the domain administrator, schema administrator, or enterprise administrator groups will not have any administrative rights to mailboxes no matter how many permissions are granted. A security default of Exchange Server is to explicitly deny any user that is a member of these groups. This is why we recommend creating a new user account specific for migration. Note: This does not apply to Exchange Online (Office 365).
  2. Disable throttling against this "administrator" account in order to speed up the migrations. Option 1 in KB004945 provides the exact steps to disable throttling against this account.​
Was this article helpful?
3 out of 5 found this helpful