Assign roles and permissions required for migrating to Microsoft 365

Read time: 5 minutes

Mailbox migration is not an easy task as it requires both technical skills as well as knowledge of the source and the target environments. But the major question before migration is – ‘What roles and permission are required to migrate to Microsoft 365 successfully?’. This post will look at various roles and permissions required to perform mailbox migration and the steps to assign them to users.

Are you planning to migrate your on-premises Exchange server to Microsoft 365? For that, you require various roles and permissions that will be used to connect to the on-premises Exchange organization. With the help of these roles and permissions, you can allow access to and modify the mailboxes during the migration. Let’s discuss the roles and permissions required to migrate to Office 365 and the steps to assign them in the blog below.

Different ways to migrate to Microsoft 365

Before moving to the admin roles in Office 365, it’s important to understand the different ways to migrate on-premises mailboxes to Microsoft 365. These are as follows:

Hybrid Migration
Cutover Migration
Staged Migration
IMAP Migration

Roles & permissions required to migrate mailboxes to Microsoft365

You must assign roles and permissions to the administrator or user accounts based on these migration methods.

Hybrid Migration
To migrate mailboxes from the on-premises Exchange server to Exchange Online through remote move migration or Hybrid migration, the administrator account or user account must be a member of the below groups:
- Exchange Recipients Administrators Groups in the Active Directory
- Domain Admins Group in AD DS (Active Directory Domain Services)
- Recipient Management or Organization Management Group member in Exchange 2010 or later
Cutover Migration
For the cutover migration for mailbox transfer, the administrator account or user account must fulfill any of these conditions:
- Must be a part or member of the Domain Admins Group in AD DS (Active Directory Domain Services)
- Must have the Receive as Permission on the mailbox database
- Must have Full Access Permission for all on-premises mailboxes
Staged Migration
To perform staged migration, you must assign any of the following roles and permission to the user account:
- Must be a part or member of the Domain Admins Group in AD DS (Active Directory Domain Services)
- Full Access Permission for each on-premises mailbox & WriteProperty permission on the on-premises Exchange server for the account (to edit TargetAddress)
- Receive As permission for the on-premises mailbox database that saves the user mailboxes & WriteProperty permission on the on-premises Exchange server for the user account (to edit TargetAddress)
IMAP Migration
A comma-separated value or .csv file is used for the IMAP migration, which contains mailbox information. Here, you need to check the .csv file for the following:
- Username and password for each mailbox you want to migrate to Microsoft 365
- Username and password for the IMAP messaging system user account that has administrative access to each user mailbox

How to assign roles and permission

If you want to assign roles and permission required for mailbox migration to Microsoft 365, open Exchange Online PowerShell and follow the steps below based on the migration method.

Assign FullAccess Permission
Run the below command in the online PowerShell window to assign FullAccess permission to a specific mailbox.

Add – Mailbox Permission – Identity “Mailbox name” – User administrator – Access Rights FullAccess – InheritanceType all

Note – Change administrator with the administrator account or user account which you are using to migrate mailboxes to Microsoft 365.
Similarly, you can also assign the FullAccess permission to all the mailboxes by executing the below command.

Get-Mailbox – Result Size unlimited – Filter ‘RecipientTypeDetails -eq ‘User Mailbox’” | Add – Mailbox Permission – User administrator – Access Rights FullAccess – InheritanceType all

You can also check whether the permission assigned or not using the below command:

Get-Mailbox Permission – Identity – User administrator

Get – DistributionGroupMember Migration Batch1 | Get-Mailbox Permission – user administrator
Assign Receive As Permission
Run the below command in the Microsoft 365 PowerShell to assign the Receive As permission.

Add – ADPermission – Identity “Database name” – User administrator – Extended Rights receive-as

Check and verify whether the permission assigned or not using the below command:

Get – ADPermission – Identity “Database name” – User administrator
Assign WriteProperty Permission
The WriteProperty Permission allows the user or administrator account to modify the Target Address property for the user account on the on-premises Exchange. Run the below command to execute the WriteProperty permission:

Add – ADPermission – Identity “Database name” – User administrator – Access Rights WriteProperty – properties TargetAddress

You can also assign WriteProperty permission to all user mailboxes using the below command:

Get – user – ResultSize Unlimited – Filter “RecipientTypeDetails -eq ‘User Mailbox’” | Add – ADPermission – User administrator – Access Rights WriteProperty – Properties TargetAddress

Check and verify whether the WriteProperty permission assigned successfully or not using the below command:

Get – ADPermission – Identity – User administrator

Get – Mailbox – ResultSize Unlimited– Filter “RecipientTypeDetails -eq ‘User Mailbox’ | Get – ADPermission – User administrator

Once you have assigned the required permissions and fulfilled the other conditions mentioned for various migration methods, you can successfully perform the mailbox migration to Microsoft 365.

A professional tool to migrate to Microsoft 365

Undoubtedly there are migration methods like staged, cutover, IMAP, and Hybrid to migrate mailboxes from your Exchange server to Microsoft 365, but all these methods require adequate planning, significant time, and effort depending on the mailbox database size or the number of mailboxes.

So, to overcome the limitations and challenges associated with manual migration methods, you can use a professional migration tool named Kernel Office 365 migration. Using this tool, you can quickly export all your mailboxes to Microsoft 365. This tool comes with various advanced features for effortless and systematic migration; some of them are:

Free Download 100% Secure

Migrate single and multiple mailboxes to/from Office 365
Migrate mailboxes, archive mailboxes, public folders, and more
Automated migration using a CSV file
Advanced filtering options for specific item migration
Quick migration between two Office tenants and Office 365 plans
Complete migration report after the migration task

Conclusion

After reading this blog, I hope you understand the roles and permission required to migrate to Microsoft 365. We have mentioned different ways of migration and what roles and permission are required for accounts or administrator accounts based on these migration methods.

You can go with a Kernel Office 365 migration tool for quick and efficient migration. This tool allows various migration functionalities, such as migrate shared mailboxes between Office 365 tenants. Use its free demo version for more information about the tool.