How do I assign the elevated admin role 'Organization Management' to the administrative account that is performing a Public Folder migration?
When setting certain fields in Exchange, the user performing a migration needs to be assigned the correct permissions through assigned admin roles. In most cases, the admin role for migration is relatively straightforward. For Public Folders, however, the role is not so obvious.
In most cases, the assumption is that simply creating a new admin role and assigning the 'Public Folders' and 'Mail Enabled Public Folders' roles to the group would allow any users in that group to have full access to the Public Folders and be able to set all of the appropriate fields. However, this is not the case. In terms of read-only fields, such as the received date, simply having these two permissions is not enough. If these are the roles set, and if a read-only field such as the received date is set in the message being migrated, it is ignored and the current date and time are set instead of the value passed in.
In order to allow read-only fields to be set, an elevated admin role has to be assigned to the user performing the migration. The role that is recommended is 'Organization Management', which provides all of the necessary permissions to set fields like the received date without any problems.
Click here to learn more about the Organization Management role, and how to add it.
This can be set via the Exchange Administration Center (EAC) or via PowerShell.
Via Exchange Administration Center:
- In the Exchange Administration Center (EAC), navigate to Permissions > Admin Roles.
- Select the group: Organization Management and then click on Edit .
- In the Members section, click on Add .
- Select the users, USGs, or other role groups you want to add to the role group, click on Add, and then click on OK.
- Click on Save to save the changes to the role group.
- The PowerShell command to add this is:
Add-RoleGroupMember "Organization Management" -Member username
- To migrate from Exchange 2007, elevate the permissions of the admin to be part of the Exchange Organization Administrator role. To add the user to the role, follow the TechNet article How to Add a User or Group to an Administrator Role.
- If migrations are performed with an account that does not have this elevated admin role level assigned, then the received date will change to the current time, after the migration of Public Folder content.