This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Accounts required for QMM for AD

I will be starting a Migration of 11 AD Forest Objects to 1 AD Forest, like consolidating 11 AD Forest Objects to 1 AD. I have read the service accounts requirement but can anyone precisely tell me in total how many service as well as Administrator accounts. Please keep in mind i'll not be doing anything related to Exchange. Only AD Migration...

Thanks,

Sam

Parents
  • Hi Enrico. Quick question on this. We are going through a domain split. Our consultant we hired to split the domains is requesting 2 service accounts. 1 for the AD portion, and 1 for the Exchange portion. I understand the reason for 2 accounts, but would 1 account work?

    Also, he's requesting that the the AD service account have the following permissions:
    a. This account needs to be a DOMAIN ADMIN of source domain.
    b. This account needs to be a LOCAL ADMINISTRATOR on all workstations and servers that are going to be migrated to target domain.
    c. This account needs FULL CONTROL over the Organizational Units where source accounts are going to be migrated from.

    Does this seem accurate?

    And for the Exchange account, they are requesting the following permissions:
    a. This account needs to have impersonation rights in the source exchange organization (msdn.microsoft.com/.../bb204095(v=exchg.140).aspx)
    b. This account needs to be a local administrator on every exchange server in the source domain
    c. This account needs full control over the mailbox databases in the source domain (ADSI Edit – configuration container  services  ex org  expand the administrative group and then databases, right click each database and grant full control to each database).
    d. A throttling policy in source exchange environment needs to be set on this account so that it is unrestricted in its ability to sync mail for hundreds of mailboxes simultaneously.

    Does this seem accurate as well?


    I can't seem to find any documentation on the Quest site regarding the service accounts needed for AD and for Exchange respectively. I have only been searching for a couple minutes though. Could you point me in the right direction?

    Thanks!
Reply
  • Hi Enrico. Quick question on this. We are going through a domain split. Our consultant we hired to split the domains is requesting 2 service accounts. 1 for the AD portion, and 1 for the Exchange portion. I understand the reason for 2 accounts, but would 1 account work?

    Also, he's requesting that the the AD service account have the following permissions:
    a. This account needs to be a DOMAIN ADMIN of source domain.
    b. This account needs to be a LOCAL ADMINISTRATOR on all workstations and servers that are going to be migrated to target domain.
    c. This account needs FULL CONTROL over the Organizational Units where source accounts are going to be migrated from.

    Does this seem accurate?

    And for the Exchange account, they are requesting the following permissions:
    a. This account needs to have impersonation rights in the source exchange organization (msdn.microsoft.com/.../bb204095(v=exchg.140).aspx)
    b. This account needs to be a local administrator on every exchange server in the source domain
    c. This account needs full control over the mailbox databases in the source domain (ADSI Edit – configuration container  services  ex org  expand the administrative group and then databases, right click each database and grant full control to each database).
    d. A throttling policy in source exchange environment needs to be set on this account so that it is unrestricted in its ability to sync mail for hundreds of mailboxes simultaneously.

    Does this seem accurate as well?


    I can't seem to find any documentation on the Quest site regarding the service accounts needed for AD and for Exchange respectively. I have only been searching for a couple minutes though. Could you point me in the right direction?

    Thanks!
Children
No Data