Notes:
  • Any user account that is a part of the domain administrator, schema administrator, or enterprise administrator groups will not have any administrative rights to mailboxes no matter how many permissions are granted. A security default of Exchange Server is to explicitly deny any user that is a member of these groups. This is why we recommend creating a new user account specific for migration. Note: This does not apply to Exchange Online (Office 365).
  • If the Hosted Exchange provider does not provide administrative credentials, or rather the admin account does not have sufficient permissions to log in to user mailboxes, click here.
  • Once this administrator account has been created, then you can test access to the mailboxes by following the steps in KB004616.

Exchange 2003

To create an account, perform the following from the Exchange Server 2003 machine:
  1. Open the Active Directory Users and Computers snap-in.
  2. Navigate to the organizational unit (OU) in which the administrative account will be created.
  3. Right-click on the OU and select New > User.
  4. Enter “Migration” as the first name.
  5. Enter “Migration” as the user login name, and optionally select a user principal name (UPN) domain.
  6. Click Next.
  7. Enter a password and confirm the password.
  8. Uncheck User must change password at next login.
  9. Click Next.
  10. Click Next to assign a mailbox.
  11. Click Finish.
  12. Right-click on the Migration user in the Active Directory Users and Computers snap-in, and select Properties.
  13. Click on the Exchange Advanced tab.
  14. Click Hide from Exchange address lists.
  15. Click OK.
To grant the account access, perform the following from the Exchange Server 2003 machine:
  1. Open the Exchange System Manager snap-in.
  2. Expand the Servers node. screenshot Note: In some Exchange System Manager consoles, the Servers node may be under Administrative Groups.
  3. Right-click on the server that administrative access will be granted access to, and select Properties. screenshot
  4. Click on the Security tab. screenshot
  5. Click on Add.
  6. Enter “Migration”. screenshot
  7. Click on OK.
  8. Ensure Allow Send As is selected.
  9. Ensure Allow Receive As is selected. screenshot
  10. Click on OK.
  11. Repeat from Step 3 until permissions have been set on each mailbox server (if there is more than one).

Exchange 2007

Note: If the Hosted Exchange provider does not provide administrative credentials, or rather the admin account does not have sufficient permissions to log in to user mailboxes, click here. To create an account, perform the following from the Exchange Server 2007 machine:
  1. Open the Exchange Management Console.
  2. Expand Recipient Configuration node.
  3. Right click on Mailbox node.
  4. Click New Mailbox.
  5. Click Next.
  6. Click Next again.
  7. Enter “Migration” as the first name.
  8. Enter “Migration” as the user login name and optionally select a user principal name (UPN) domain.
  9. Enter a password and confirm the password.
  10. Click Next.
  11. Click Browse to select a Mailbox database.
  12. Click Next.
  13. Click New.
  14. Click Finish.
To grant the account access, perform the following from the Exchange Server 2007 machine:
  1. Open the Exchange Management Shell.
  2. Enter the following command:Get-Mailbox -server -ResultSize Unlimited | Add-MailboxPermission -AccessRights FullAccess -User Migration
Notes:
  • The command needs to be applied each time a new mailbox is created since permissions are set directly on each mailbox. The administrative account will not have access until the permissions are applied.
  • In the script above, the username “Migration” should be replaced with the name of the administrative account that was set up by following the instructions in this article.
  • This username is the Administrative Username that needs to be entered under the project’s Source or Destination settings when checking the box labeled Use Administrative Login.
  • Any user account that is a part of the domain administrator, schema administrator, or enterprise administrator groups will not have any administrative rights to mailboxes, no matter how many permissions are granted. A security default of Exchange Server is to explicitly deny any user that is a member of these groups. This is why we recommend creating a new user account specific for migration.

Exchange 2010

Note: If your Hosted Exchange provider does not provide administrative credentials, or rather if the admin account does not have sufficient permissions to log in to user mailboxes, click here. To create an account, perform the following from the Exchange Server 2010 machine:
  1. Open the Exchange Management Console.
  2. Expand Recipient Configuration node.
  3. Right-click on the Mailbox node.
  4. Click New Mailbox.
  5. Click Next.
  6. Click Next again.
  7. Enter “Migration” as the first name.
  8. Enter “Migration” as the user login name and optionally select a user principal name (UPN) domain.
  9. Enter a password and confirm the password.
  10. Click Next.
  11. Click Browse to select a Mailbox database.
  12. Click Next.
  13. Click New.
  14. Click Finish.
To grant the account access, perform the following from the Exchange Server 2010 machine:
  1. Open the Exchange Management Shell.
  2. Enter the following command:Get-Mailbox -ResultSize Unlimited | Add-MailboxPermission -AccessRights FullAccess -User Migration
Notes:
  • The command needs to be applied each time a new mailbox is created since permissions are set directly on each mailbox. The administrative account will not have access until the permissions are applied.
  • In the script above, the username “Migration” should be replaced with the name of the administrative account that was set up by following the instructions in this article.
  • This username is the Administrative Username that needs to be entered under the project’s Source or Destination settings when checking the box labeled Use Administrative Login.
  • Any user account that is a part of the domain administrator, schema administrator, or enterprise administrator groups will not have any administrative rights to mailboxes, no matter how many permissions are granted. A security default of Exchange Server is to explicitly deny any user that is a member of these group. This is why we recommend creating a new user account specific for migration.

Exchange 2013 or 2016

Note: If the hosted Exchange provider does not provide administrative credentials, or rather the admin account does not have sufficient permissions to log in to user mailboxes, click here. First, create an account and attach a mailbox for it in Exchange 2013 or 2016 Server. To grant the account access, perform the following from the Exchange Server 2013 or 2016 machine:
  1. Open the Exchange Management Shell.
  2. Enter the following command:Get-Mailbox -ResultSize Unlimited | Add-MailboxPermission -AccessRights FullAccess -User Migration
Notes:
  • The command needs to be applied each time a new mailbox is created since permissions are set directly on each mailbox. The administrative account will not have access until the permissions are applied.
  • In the above script, the username “Migration” should be replaced with the name of the administrative account that was set up, by following the instructions in this article.
  • This username is the Administrative Username that needs to be entered under the project’s Source or Destination settings when checking the box labeled Use Administrative Login.
  • Any user account that is a part of the domain administrator, schema administrator, or enterprise administrator groups will not have any administrative rights to mailboxes, no matter how many permissions are granted. A security default of Exchange Server is to explicitly deny any user that is a member of these groups. This is why we recommend creating a new user account specific for migration.

Office 365

In order to have administrative permissions to migrate mailbox data, grant the account permissions on each mailbox. Notes:
  • Having administrative access to the Microsoft Office 365 control panel to manage users does not mean the same account has permissions to access all mailboxes for migration.
  • Having delegated admin access to accounts does not provide enough access.
To manually grant administrative access for migration, execute the following remote PowerShell commands: $cred = Get-Credential $session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $cred -Authentication Basic -AllowRedirection Import-PSSession $session Get-Mailbox -ResultSize Unlimited | Add-MailboxPermission -AccessRights FullAccess -Automapping $false -User Migration Remove-PSSession $session Notes:
  • The command needs to be applied each time a new mailbox is created since permissions are set directly on each mailbox. The administrative account will not have access until the permissions are applied.
  • In the script above, the username “Migration” should be replaced with the name of the administrative account that was set up, by following the instructions in this Knowledge Base article.
  • This username is the Administrative Username that needs to be entered under the project’s Source or Destination settings when checking the box labeled Use Administrative Login.
  • It is also possible to use impersonation for large-scale migrations.

Zimbra

Zimbra installation comes with an administrator account, which is admin@domain.com. To create an extra one, or to turn an existing account into an administrator, follow the instructions here: