This post will focus on having the technical prerequisites ready and in place for a successful Domino/Notes migration.
Before going into any details, if you are planning to do a migration from Domino and want to use Dell Software’s Notes Migrator for Exchange, it is important to mention that there is a requirement from the vendor to use certified people for the project.
I recommend using three accounts, one with Domino permissions, one with Active Directory (AD) permissions and one with Exchange permissions.
Domino
The Domino account should be Manager for all .NSF files (database files), Editor on the NAB (names.nsf) and Reader on all users archive files. Username example: Quest Migrator/DominoDomain
This is done by following the steps below:
Create a new migration account in People & Groups, select the directory and People. On the right hand side, press People – Register. Fill in a proper name, I typically create an account called Quest Migrator as shown in the example below. Finally, press Register.
To configure the permissions on the NAB (directory), go to Files and select the directory (names.nsf), right click, choose Access Control and Manage. Add the account by browsing for it, give it the User type: Person and the Access: Editor. (see picture below)
The final step is granting the Quest Migrator/dominodomain account Manager permissions on all NSF files that will be migrated. Go to Files and select the folder where the NSF files are located. Right click and choose Access Control and Manage. Add the account by browsing for it, give it the User type: Person and the Access: Manager. (see picture below)
Active Directory
For the AD account, it’s recommended to be a member of “Domain Admins”. However, this is not a requirement, because delegated permissions can be used. The important aspect is that the AD account have “Full Control” over the OUs where user objects are located. The AD account also needs to be a member of “View-Only Organization Management”. If using the provision feature within Notes Migrator for Exchange (NME), the AD account needs to have “Full Control” over the OU where the contact objects are located as well.
This account also needs to have Remote PowerShell enabled, use the command:
This user is not used for logging on interactively. The important aspect with this user is that it has the correct permissions on the Mailbox Databases. Configure the databases so that the account has Receive-As permissions, this can be done by using the command below:
Also make sure to configure the Windows Remote Management with the following settings.
“winrm set winrm/config/winrs '@{MaxShellsPerUser="150"}'” “winrm set winrm/config/winrs '@{MaxConcurrentUsers="100"}'” “winrm set winrm/config/winrs '@{MaxProcessesPerShell="150"}'” “winrm set winrm/config/winrs '@{AllowRemoteShellAccess="true"}'” “set-executionpolicy unrestricted”
If you are migrating to Exchange 2013, the throttling policies have been changed. Create a new throttling policy and assign it to the migration mailbox “SA-MIG”.
Notes Migrator for Exchange leverages SQL for saving user information (and much more).
The Native Client needs to be installed together with SQL Server 2005 or SQL Express 2005, or newer.
I do prefer running at least SQL 2008 R2 and I would recommend using the SQL Server instead of the Express version, since you have more flexibility of creating maintenance jobs for example.
A little heads up if you are about to run a large migration, make sure to take full backups of the NME40DB so that you have a copy of it, if anything happens and also for having the logs truncated.
In smaller migration projects the SQL Express version works fine, I would still recommend taking full backup of the database or dumping it to a .bak file and then backup the .bak file.
Configure the account “Domain\SA-NME” as DBCreator, for allowing it to create the NME40DB during the setup of Notes Migrator for Exchange.
Lotus Notes client
I would recommend you to use the latest Lotus Notes client. In my last projects I’ve been using version 8.5.3 Basic or Normal client.
An important thing to never forget is to install Lotus Notes in single user mode.
.NET Framework 4
Make sure to install the .NET Framework 4 since this is a prerequisite for NME. I would recommend upgrading it to the latest service pack level.
Antivirus
If Antivirus is installed, make sure all Quest folders and %temp% are excluded from any Antivirus scans. If not it may result in slower performance and potential disruption of migrated content. Most likely, there will be a mail gateway of some kind in the environment which takes care of the antispam. In those situations, antivirus and antispam are already addressed in the Domino environment.
On the target side, Exchange probably has antivirus and antispam solution installed as a second layer protection to the Transport services.
As a result, I have not encountered any problems when excluding a couple of folders for the migration from scanning process.
Outlook
Outlook 2007, 2010 and 2013 are all supported. I’ve been using Outlook 2010 in all my projects and it have been working very well.
Configure Outlook with the “SA-MIG” account, since this is the account that will insert migrated content into the Exchange mailboxes using the Receive-As permission.
I’ve been learned to create and configure a Outlook profile using the SA-MIG account. Make sure to configure it for not using the cached-mode.
However, in theory, a profile should not need to be created in advance, because NME creates temporary profiles during the migration. However, this step shouldn’t hurt anything either.
User Account Control (UAC)
It’s recommended to disable UAC on all migration servers.
This is done in the Control Panel under User Accounts, Change User Account Control settings.
Make sure to set it to “Never notify” and then restart the sever.
Data Execution Prevention (DEP)
It’s highly recommended to disable DEP, so make sure to do that.
If you’re using Windows 2008 R2 like I do, then you disable DEP by running:
"bcdedit /set nx AlwaysOff"
Also, make sure to restart the server when this is done to allow it to take effect.
Local administrator
If you choose to delegate the permissions instead of using the Domain Admin group for the SA-NME account, then it is required to add the SA-NME account into the local administrators group.
Regional Settings
During the migration, the folder names (Inbox, Inkorgen etc.) are created based on the regional settings on the migration console.
So, for example, if you are migrating a UK/English mailbox, make sure to configure the regional settings to match this and for example, if migrating a Swedish mailbox, set it to match the Swedish locale settings.
With this said, I would recommend migrating users using the same language at the same time. And then change the regional settings on the migration console and continue with another region.
Office 365 Prerequisites
Migrating to Office 365 is like a normal migration, besides the target is a cloud service which can be a bit special.
There are two requirements that needs to be fulfilled on the migration servers before starting the migration to Office 365. Install the following (select the one that suits your operation system):
The Admin Account Pooling Utility (AAPU) is used for getting better throughput performance. The AAPU tool provides a workaround by using different migration accounts for each migration thread, instead of having one migration account with a throttling limit, you could have ten migration accounts which would give 10 migration threads in total. You can have up to 10000 migration accounts (NME 4.7.0.82).
If you are going to use the AAPU, you should add the parameter below into the NME Global Defaults or Task Parameters.
For NME 4.7.0.82 the following text is stated in the release notes (always read them!):
Office 365 Wave 15 Throttling: NME has been updated to better address the PowerShell Runspace throttling introduced in O365 Wave 15. In order to efficiently proceed with migrations to Wave 15, the tenant admin must submit a request through Microsoft to ease the PowerShell throttling restrictions. The tenant admin must open a service request with Microsoft and reference “Bemis Article: 2835021.” The Microsoft Product Group will need this information:
tenant domain (tenant.onmicrosoft.com)
version of Exchange (in this case, for Wave 15)
number of mailboxes to be migrated
number of concurrent admin accounts to be used for the migration
number of concurrent threads to be used
number of Runspaces to be created per minute*
proposed limit (powershellMaxTenantRunspaces, powershellMaxConcurrency, etc.), and the number to which to increase the limit*
* For the last two items in this list, the tenant admin should take the total number of threads across all migration machines and add a buffer, because it is difficult to predict the timing of the Runspace initiation. It is best to assume that all potential Runspaces could be created within a minute, so the values for both items should probably both be submitted as the total number.
More information about migration performance and throttling can be found by reading the provided link at the end of this post.
Network Ports
Port
In/Out
Type
Source
Target
Description
1352
Out
Domino
Quest NME servers
All Domino mail serversDomino Qcalcon server
Domino/Notes client (migration)
445
Out
NetBIOS/SMB
Quest NME servers
All Domino mail serversDomino Qcalcon serverQuest NME master server
Microsoft-DS/NetBIOS traffic for Migration. For reaching SMB shares. Note: Not required, but recommended.
389
Out
LDAP
Quest NME servers
Active Directory DC server(s)
LDAP
3268
Out
LDAP GC
Quest NME servers
Active Directory DC server(s)
LDAP Global Catalog
1025-65535
Out
High-ports
Quest NME servers
Active Directory DC server(s)Exchange server(s)
High-ports(differs depending on version)
1433
Out
Microsoft SQL
Quest NME servers
Quest NME master server
For reaching SQL DB
443
Out
HTTPS
Quest NME servers
Office 365
Transferring migration content
Notes from the field
Network Monitoring or Wireshark may sometimes be your best friend during troubleshooting network connectivity.
Portqry is another tool that could be of great value during initial network verification.
Read through the release notes and the User Guide (PDF), it is included within the NME zip file. All information is collected into that document.
Feel free to comment the post, I hope you liked the information. If you find something that might be incorrect/other experiences, leave a comment so it can be updated.
We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.
Published: 2013-06-06 (at www.testlabs.se/blog)
Updated: -
Version: 1.0
This post will focus on having the technical prerequisites ready and in place for a successful Domino/Notes migration.
Before going into any details, if you are planning to do a migration from Domino and want to use Dell Software’s Notes Migrator for Exchange, it is important to mention that there is a requirement from the vendor to use certified people for the project.
If you would like to read the other parts:
Part 1: Migrations – Overview
Migration Accounts
I recommend using three accounts, one with Domino permissions, one with Active Directory (AD) permissions and one with Exchange permissions.
Domino
The Domino account should be Manager for all .NSF files (database files), Editor on the NAB (names.nsf) and Reader on all users archive files.
Username example: Quest Migrator/DominoDomain
This is done by following the steps below:
Create a new migration account in People & Groups, select the directory and People.
On the right hand side, press People – Register. Fill in a proper name, I typically create an account called Quest Migrator as shown in the example below. Finally, press Register.
To configure the permissions on the NAB (directory), go to Files and select the directory (names.nsf), right click, choose Access Control and Manage. Add the account by browsing for it, give it the User type: Person and the Access: Editor. (see picture below)
The final step is granting the Quest Migrator/dominodomain account Manager permissions on all NSF files that will be migrated. Go to Files and select the folder where the NSF files are located. Right click and choose Access Control and Manage. Add the account by browsing for it, give it the User type: Person and the Access: Manager. (see picture below)
Active Directory
For the AD account, it’s recommended to be a member of “Domain Admins”. However, this is not a requirement, because delegated permissions can be used. The important aspect is that the AD account have “Full Control” over the OUs where user objects are located. The AD account also needs to be a member of “View-Only Organization Management”. If using the provision feature within Notes Migrator for Exchange (NME), the AD account needs to have “Full Control” over the OU where the contact objects are located as well.
This account also needs to have Remote PowerShell enabled, use the command:
“Set-User ”SA-NME” –RemotePowerShellEnabled $True”
Username example: Domain\SA-NME
Migration User
This user is not used for logging on interactively. The important aspect with this user is that it has the correct permissions on the Mailbox Databases. Configure the databases so that the account has Receive-As permissions, this can be done by using the command below:
”Get-Mailboxdatabase | Add-Adpermission -user “SA-MIG” -extendedrights Receive-As”
Username example: Domain\SA-MIG
Office 365 account
Most permissions are done automatically by NME but you must manually set account impersonation. This is done by using the command below:
New-ManagementRoleAssignment -Role "ApplicationImpersonation" –User SA-MIG
More information about the migration performance and throttling can be found by reading the provided link in the end of this post.
Throttling Policies and Windows Remote Management
Another thing to keep in mind is the configuration of the Throttling Policies and the Windows Remote Management.
If you are migrating to Exchange 2010, make sure to configure the Throttling Policy according to the configuration below.
“New-ThrottlingPolicy Migration”
“Set-throttlingpolicy Migration -RCAMaxConcurrency $null -RCAPercentTimeInAD $null `
-RCAPercentTimeInCAS $null -RCAPercentTimeInMailboxRPC $null”
“Set-Mailbox “SA-MIG” -ThrottlingPolicy Migration”
Also make sure to configure the Windows Remote Management with the following settings.
“winrm set winrm/config/winrs '@{MaxShellsPerUser="150"}'”
“winrm set winrm/config/winrs '@{MaxConcurrentUsers="100"}'”
“winrm set winrm/config/winrs '@{MaxProcessesPerShell="150"}'”
“winrm set winrm/config/winrs '@{AllowRemoteShellAccess="true"}'”
“set-executionpolicy unrestricted”
If you are migrating to Exchange 2013, the throttling policies have been changed. Create a new throttling policy and assign it to the migration mailbox “SA-MIG”.
“New-ThrottlingPolicy Migration -RCAMaxConcurrency Unlimited -EWSMaxConcurrency Unlimited”
”Set-Mailbox “SA-MIG” -ThrottlingPolicy Migration”
SQL Server
Notes Migrator for Exchange leverages SQL for saving user information (and much more).
The Native Client needs to be installed together with SQL Server 2005 or SQL Express 2005, or newer.
I do prefer running at least SQL 2008 R2 and I would recommend using the SQL Server instead of the Express version, since you have more flexibility of creating maintenance jobs for example.
A little heads up if you are about to run a large migration, make sure to take full backups of the NME40DB so that you have a copy of it, if anything happens and also for having the logs truncated.
In smaller migration projects the SQL Express version works fine, I would still recommend taking full backup of the database or dumping it to a .bak file and then backup the .bak file.
Configure the account “Domain\SA-NME” as DBCreator, for allowing it to create the NME40DB during the setup of Notes Migrator for Exchange.
Lotus Notes client
I would recommend you to use the latest Lotus Notes client. In my last projects I’ve been using version 8.5.3 Basic or Normal client.
An important thing to never forget is to install Lotus Notes in single user mode.
.NET Framework 4
Make sure to install the .NET Framework 4 since this is a prerequisite for NME. I would recommend upgrading it to the latest service pack level.
Antivirus
If Antivirus is installed, make sure all Quest folders and %temp% are excluded from any Antivirus scans. If not it may result in slower performance and potential disruption of migrated content. Most likely, there will be a mail gateway of some kind in the environment which takes care of the antispam. In those situations, antivirus and antispam are already addressed in the Domino environment.
On the target side, Exchange probably has antivirus and antispam solution installed as a second layer protection to the Transport services.
As a result, I have not encountered any problems when excluding a couple of folders for the migration from scanning process.
Outlook
Outlook 2007, 2010 and 2013 are all supported. I’ve been using Outlook 2010 in all my projects and it have been working very well.
Configure Outlook with the “SA-MIG” account, since this is the account that will insert migrated content into the Exchange mailboxes using the Receive-As permission.
I’ve been learned to create and configure a Outlook profile using the SA-MIG account. Make sure to configure it for not using the cached-mode.
However, in theory, a profile should not need to be created in advance, because NME creates temporary profiles during the migration. However, this step shouldn’t hurt anything either.
User Account Control (UAC)
It’s recommended to disable UAC on all migration servers.
This is done in the Control Panel under User Accounts, Change User Account Control settings.
Make sure to set it to “Never notify” and then restart the sever.
Data Execution Prevention (DEP)
It’s highly recommended to disable DEP, so make sure to do that.
If you’re using Windows 2008 R2 like I do, then you disable DEP by running:
"bcdedit /set nx AlwaysOff"
Also, make sure to restart the server when this is done to allow it to take effect.
Local administrator
If you choose to delegate the permissions instead of using the Domain Admin group for the SA-NME account, then it is required to add the SA-NME account into the local administrators group.
Regional Settings
During the migration, the folder names (Inbox, Inkorgen etc.) are created based on the regional settings on the migration console.
So, for example, if you are migrating a UK/English mailbox, make sure to configure the regional settings to match this and for example, if migrating a Swedish mailbox, set it to match the Swedish locale settings.
With this said, I would recommend migrating users using the same language at the same time. And then change the regional settings on the migration console and continue with another region.
Office 365 Prerequisites
Migrating to Office 365 is like a normal migration, besides the target is a cloud service which can be a bit special.
There are two requirements that needs to be fulfilled on the migration servers before starting the migration to Office 365. Install the following (select the one that suits your operation system):
MSOL Sign-in Assistant:
32 bit
64 bit
MSOL Module for Windows PowerShell:
32 bit
64 bit
The Admin Account Pooling Utility (AAPU) is used for getting better throughput performance. The AAPU tool provides a workaround by using different migration accounts for each migration thread, instead of having one migration account with a throttling limit, you could have ten migration accounts which would give 10 migration threads in total. You can have up to 10000 migration accounts (NME 4.7.0.82).
If you are going to use the AAPU, you should add the parameter below into the NME Global Defaults or Task Parameters.
[Exchange]
O365UsageLocation=<xx>
http://www.iso.org/iso/country_codes/iso_3166_code_lists/country_names_and_code_elements.htm
For NME 4.7.0.82 the following text is stated in the release notes (always read them!):
Office 365 Wave 15 Throttling: NME has been updated to better address the PowerShell Runspace throttling introduced in O365 Wave 15. In order to efficiently proceed with migrations to Wave 15, the tenant admin must submit a request through Microsoft to ease the PowerShell throttling restrictions. The tenant admin must open a service request with Microsoft and reference “Bemis Article: 2835021.” The Microsoft Product Group will need this information:
* For the last two items in this list, the tenant admin should take the total number of threads across all migration machines and add a buffer, because it is difficult to predict the timing of the Runspace initiation. It is best to assume that all potential Runspaces could be created within a minute, so the values for both items should probably both be submitted as the total number.
More information about migration performance and throttling can be found by reading the provided link at the end of this post.
Network Ports
Port
In/Out
Type
Source
Target
Description
1352
Out
Domino
Quest NME servers
All Domino mail serversDomino Qcalcon server
Domino/Notes client (migration)
445
Out
NetBIOS/SMB
Quest NME servers
All Domino mail serversDomino Qcalcon serverQuest NME master server
Microsoft-DS/NetBIOS traffic for Migration. For reaching SMB shares. Note: Not required, but recommended.
389
Out
LDAP
Quest NME servers
Active Directory DC server(s)
LDAP
3268
Out
LDAP GC
Quest NME servers
Active Directory DC server(s)
LDAP Global Catalog
1025-65535
Out
High-ports
Quest NME servers
Active Directory DC server(s)Exchange server(s)
High-ports(differs depending on version)
1433
Out
Microsoft SQL
Quest NME servers
Quest NME master server
For reaching SQL DB
443
Out
HTTPS
Quest NME servers
Office 365
Transferring migration content
Notes from the field
Network Monitoring or Wireshark may sometimes be your best friend during troubleshooting network connectivity.
Portqry is another tool that could be of great value during initial network verification.
Read through the release notes and the User Guide (PDF), it is included within the NME zip file. All information is collected into that document.
Office 365 Migration Performance and throttling information
Read the other parts
Part 1: Migrations – Overview
Part 3: Migrating Domino/Notes to Exchange 2013 On-premise
Part 4: Migrating Domino/Notes to Office 365
Part 5: Migrating Resources Mailboxes, Mail-In databases and Groups
Part 6: Prerequisites for Coexistence between Domino and Exchange 2013/Office 365
Part 7: Configuring Coexistence Manager for Notes with Exchange 2013 On-premise
Part 8: Configuring Coexistence Manager for Notes with Office 365
Part 9: Prerequisites for Quest Migration Manager
Part 10: Migrating User Mailboxes from Exchange 2003 to Exchange 2013 using Migration Manager
Part 11: Migrating User Mailboxes from Exchange On-premise to Office 365
Feel free to comment the post, I hope you liked the information. If you find something that might be incorrect/other experiences, leave a comment so it can be updated.
Share this post
Link to post
Share on other sites