Assign Roles and Permissions Required for migrating to Microsoft 365

Read time: 5 minutes

Mailbox migration presents a challenging endeavor, demanding a blend of technical expertise and a deep understanding of both the source and target environments. A pivotal query that arises prior to migration pertains to the essential roles and permissions needed for a successful transition to Microsoft 365. In this article, we will delve into the diverse roles and permissions essential for executing mailbox migration and outline the process of assigning them to users.

Are you contemplating the migration of your on-premises Exchange server to Microsoft 365? To achieve this, you’ll need a set of distinct roles and permissions designed for connecting to your on-premises Exchange organization. These roles and permissions play a crucial role in facilitating access to and modifications of mailboxes throughout the migration process. In the following blog, we will explore the specific roles and permissions essential for a successful migration to Office 365, along with a detailed guide on how to assign them.

Different Ways to Migrate to Microsoft 365

Before moving to the admin roles in Office 365, it’s important to understand the different ways to migrate on-premises mailboxes to Microsoft 365. These are as follows:

• Hybrid Migration
• Cutover Migration
• Staged Migration
• IMAP Migration

Roles & Permissions Required to Migrate Mailboxes to Microsoft365

You must assign roles and permissions to the administrator or user accounts based on these migration methods.

1. Hybrid Migration

   In order to perform mailbox migrations from an on-premises Exchange server to Exchange Online using methods such as remote move migration or Hybrid migration, the administrator account or user account undertaking this task must hold membership in the following groups:

   • Exchange Recipients Administrators Groups in the Active Directory
   • Domain Admins Group in AD DS (Active Directory Domain Services)
   • Recipient Management or Organization Management Group member in Exchange 2010 or later
2. Cutover Migration

   For the cutover migration for mailbox transfer, the administrator account or user account must fulfill any of these conditions:

   • Must be a part or member of the Domain Admins Group in AD DS (Active Directory Domain Services)
   • Must have the Receive as Permission on the mailbox database
   • Must have Full Access Permission for all on-premises mailboxes
3. Staged Migration

   To perform staged migration, you must assign any of the following roles and permission to the user account:

   • Must be a part or member of the Domain Admins Group in AD DS (Active Directory Domain Services)
   • Full Access Permission for each on-premises mailbox & WriteProperty permission on the on-premises Exchange server for the account (to edit TargetAddress)
   • Receive As permission for the on-premises mailbox database that saves the user mailboxes & WriteProperty permission on the on-premises Exchange server for the user account (to edit TargetAddress)
4. IMAP Migration

   A comma-separated value or .csv file is used for the IMAP migration, which contains mailbox information. Here, you need to check the .csv file for the following:

   • Username and password for each mailbox you want to migrate to Microsoft 365
   • Username and password for the IMAP messaging system user account that has administrative access to each user mailbox

How to Assign Roles and Permission

If you want to assign roles and permission required for mailbox migration to Microsoft 365, open Exchange Online PowerShell and follow the steps below based on the migration method.

1. Assign FullAccess Permission

   Run the below command in the online PowerShell window to assign FullAccess permission to a specific mailbox.

   Add – Mailbox Permission – Identity “Mailbox name” – User administrator – Access Rights FullAccess – InheritanceType all

   Note – Change administrator with the administrator account or user account which you are using to migrate mailboxes to Microsoft 365.
   Similarly, you can also assign the FullAccess permission to all the mailboxes by executing the below command.

   Get-Mailbox – Result Size unlimited – Filter ‘RecipientTypeDetails -eq ‘User Mailbox’” | Add – Mailbox Permission – User administrator – Access Rights FullAccess – InheritanceType all

   You can also check whether the permission assigned or not using the below command:

   Get-Mailbox Permission – Identity – User administrator
   Get – DistributionGroupMember Migration Batch1 | Get-Mailbox Permission – user administrator
2. Assign Receive As Permission

   Run the below command in the Microsoft 365 PowerShell to assign the Receive As permission.

   Add – ADPermission – Identity “Database name” – User administrator – Extended Rights receive-as

   Check and verify whether the permission assigned or not using the below command:

   Get – ADPermission – Identity “Database name” – User administrator
3. Assign WriteProperty Permission

   The WriteProperty Permission allows the user or administrator account to modify the Target Address property for the user account on the on-premises Exchange. Run the below command to execute the WriteProperty permission:

   Add – ADPermission – Identity “Database name” – User administrator – Access Rights WriteProperty – properties TargetAddress

   You can also assign WriteProperty permission to all user mailboxes using the below command:

   Get – user – ResultSize Unlimited – Filter “RecipientTypeDetails -eq ‘User Mailbox’” | Add – ADPermission – User administrator – Access Rights WriteProperty – Properties TargetAddress

   Check and verify whether the WriteProperty permission assigned successfully or not using the below command:

   Get – ADPermission – Identity – User administrator
   Get – Mailbox – ResultSize Unlimited– Filter “RecipientTypeDetails -eq ‘User Mailbox’ | Get – ADPermission – User administrator

   Once you have assigned the required permissions and fulfilled the other conditions mentioned for various migration methods, you can successfully perform the mailbox migration to Microsoft 365.

A Professional Tool to Migrate to Microsoft 365

Certainly, there exist various mailbox migration methods, such as staged, cutover, IMAP, and Hybrid, to facilitate the transfer of mailboxes from your Exchange server to Microsoft 365. However, it’s important to acknowledge that each of these methods demands meticulous planning and entails a substantial investment of time and effort, which can vary depending on factors like mailbox database size and the total number of mailboxes involved.

To address the limitations and challenges that come with manual migration methods, you have the option of employing a professional migration tool called Kernel Office 365 Migration. This powerful tool streamlines the process by swiftly exporting all your mailboxes to Microsoft 365. Kernel Office 365 Migration offers a range of advanced features to facilitate a smooth and organized migration. Here are some of its key capabilities:

• Migrate single and multiple mailboxes to/from Office 365
• Migrate mailboxes, archive mailboxes, public folders, and more
• Automated migration using a CSV file
• Advanced filtering options for specific item migration
• Quick migration between two Office tenants and Office 365 plans
• Complete migration report after the migration task

Conclusion

Having gone through this blog, I trust you now have a comprehensive understanding of the roles and permissions necessary for a successful migration to Microsoft 365. We’ve outlined various migration methods and clarified the roles and permissions needed for user accounts or administrator accounts, tailored to each specific migration approach.

You can go with a Kernel Office 365 migration tool for quick and efficient migration. This tool allows various migration functionalities, such as migrate shared mailboxes between Office 365 tenants. Use its free demo version for more information about the tool.