Jump to content


Andersson

Part 2: Prerequisites for Domino/Notes migrations

Recommended Posts

Published: 2013-06-06 (at www.testlabs.se/blog)
Updated: -
Version: 1.0

 

This post will focus on having the technical prerequisites ready and in place for a successful Domino/Notes migration.

Before going into any details, if you are planning to do a migration from Domino and want to use Dell Software’s Notes Migrator for Exchange, it is important to mention that there is a requirement from the vendor to use certified people for the project.

If you would like to read the other parts:
Part 1: Migrations – Overview

 

Migration Accounts

I recommend using three accounts, one with Domino permissions, one with Active Directory (AD) permissions and one with Exchange permissions.

 

Domino

The Domino account should be Manager for all .NSF files (database files), Editor on the NAB (names.nsf) and Reader on all users archive files.
Username example: Quest Migrator/DominoDomain

 

This is done by following the steps below:

Create a new migration account in People & Groups, select the directory and People.
On the right hand side, press People – Register. Fill in a proper name, I typically create an account called Quest Migrator as shown in the example below. Finally, press Register.

image_thumb.png

 

To configure the permissions on the NAB (directory), go to Files and select the directory (names.nsf), right click, choose Access Control and Manage. Add the account by browsing for it, give it the User type: Person and the Access: Editor. (see picture below)

image_thumb1.png

 

The final step is granting the Quest Migrator/dominodomain account Manager permissions on all NSF files that will be migrated. Go to Files and select the folder where the NSF files are located. Right click and choose Access Control and Manage. Add the account by browsing for it, give it the User type: Person and the Access: Manager. (see picture below)

image_thumb2.png

 

Active Directory

For the AD account, it’s recommended to be a member of “Domain Admins”. However, this is not a requirement, because delegated permissions can be used. The important aspect is that the AD account have “Full Control” over the OUs where user objects are located. The AD account also needs to be a member of “View-Only Organization Management”. If using the provision feature within Notes Migrator for Exchange (NME), the AD account needs to have “Full Control” over the OU where the contact objects are located as well.

 

This account also needs to have Remote PowerShell enabled, use the command:

“Set-User ”SA-NME” –RemotePowerShellEnabled $True”

Username example: Domain\SA-NME

 

Migration User

This user is not used for logging on interactively. The important aspect with this user is that it has the correct permissions on the Mailbox Databases. Configure the databases so that the account has Receive-As permissions, this can be done by using the command below:

”Get-Mailboxdatabase | Add-Adpermission -user “SA-MIG” -extendedrights Receive-As”

Username example: Domain\SA-MIG

 

Office 365 account

Most permissions are done automatically by NME but you must manually set account impersonation. This is done by using the command below:

New-ManagementRoleAssignment -Role "ApplicationImpersonation" –User SA-MIG

More information about the migration performance and throttling can be found by reading the provided link in the end of this post.

 

Throttling Policies and Windows Remote Management

Another thing to keep in mind is the configuration of the Throttling Policies and the Windows Remote Management.

If you are migrating to Exchange 2010, make sure to configure the Throttling Policy according to the configuration below.

“New-ThrottlingPolicy Migration”
“Set-throttlingpolicy Migration -RCAMaxConcurrency $null -RCAPercentTimeInAD $null `
-RCAPercentTimeInCAS $null -RCAPercentTimeInMailboxRPC $null”
“Set-Mailbox “SA-MIG” -ThrottlingPolicy Migration”

Also make sure to configure the Windows Remote Management with the following settings.

“winrm set winrm/config/winrs '@{MaxShellsPerUser="150"}'
“winrm set winrm/config/winrs '@{MaxConcurrentUsers="100"}'
“winrm set winrm/config/winrs '@{MaxProcessesPerShell="150"}'
“winrm set winrm/config/winrs '@{AllowRemoteShellAccess="true"}'
“set-executionpolicy unrestricted”

 

If you are migrating to Exchange 2013, the throttling policies have been changed. Create a new throttling policy and assign it to the migration mailbox “SA-MIG”.

“New-ThrottlingPolicy Migration -RCAMaxConcurrency Unlimited -EWSMaxConcurrency Unlimited”
”Set-Mailbox “SA-MIG” -ThrottlingPolicy Migration”

 

SQL Server

Notes Migrator for Exchange leverages SQL for saving user information (and much more).

The Native Client needs to be installed together with SQL Server 2005 or SQL Express 2005, or newer.

I do prefer running at least SQL 2008 R2 and I would recommend using the SQL Server instead of the Express version, since you have more flexibility of creating maintenance jobs for example.

 

A little heads up if you are about to run a large migration, make sure to take full backups of the NME40DB so that you have a copy of it, if anything happens and also for having the logs truncated.

In smaller migration projects the SQL Express version works fine, I would still recommend taking full backup of the database or dumping it to a .bak file and then backup the .bak file.

Configure the account “Domain\SA-NME” as DBCreator, for allowing it to create the NME40DB during the setup of Notes Migrator for Exchange.

 

Lotus Notes client

I would recommend you to use the latest Lotus Notes client. In my last projects I’ve been using version 8.5.3 Basic or Normal client.

An important thing to never forget is to install Lotus Notes in single user mode.

 

.NET Framework 4

Make sure to install the .NET Framework 4 since this is a prerequisite for NME. I would recommend upgrading it to the latest service pack level.

 

Antivirus

If Antivirus is installed, make sure all Quest folders and %temp% are excluded from any Antivirus scans. If not it may result in slower performance and potential disruption of migrated content. Most likely, there will be a mail gateway of some kind in the environment which takes care of the antispam. In those situations, antivirus and antispam are already addressed in the Domino environment.

 

On the target side, Exchange probably has antivirus and antispam solution installed as a second layer protection to the Transport services.

As a result, I have not encountered any problems when excluding a couple of folders for the migration from scanning process.

 

Outlook

Outlook 2007, 2010 and 2013 are all supported. I’ve been using Outlook 2010 in all my projects and it have been working very well.

Configure Outlook with the “SA-MIG” account, since this is the account that will insert migrated content into the Exchange mailboxes using the Receive-As permission.

I’ve been learned to create and configure a Outlook profile using the SA-MIG account. Make sure to configure it for not using the cached-mode.

However, in theory, a profile should not need to be created in advance, because NME creates temporary profiles during the migration. However, this step shouldn’t hurt anything either.

 

User Account Control (UAC)

It’s recommended to disable UAC on all migration servers.

This is done in the Control Panel under User Accounts, Change User Account Control settings.

Make sure to set it to “Never notify” and then restart the sever.

 

Data Execution Prevention (DEP)

It’s highly recommended to disable DEP, so make sure to do that.

If you’re using Windows 2008 R2 like I do, then you disable DEP by running:

"bcdedit /set nx AlwaysOff"

Also, make sure to restart the server when this is done to allow it to take effect.

 

Local administrator

If you choose to delegate the permissions instead of using the Domain Admin group for the SA-NME account, then it is required to add the SA-NME account into the local administrators group.

 

Regional Settings

During the migration, the folder names (Inbox, Inkorgen etc.) are created based on the regional settings on the migration console.

So, for example, if you are migrating a UK/English mailbox, make sure to configure the regional settings to match this and for example, if migrating a Swedish mailbox, set it to match the Swedish locale settings.

With this said, I would recommend migrating users using the same language at the same time. And then change the regional settings on the migration console and continue with another region.

 

Office 365 Prerequisites

Migrating to Office 365 is like a normal migration, besides the target is a cloud service which can be a bit special.

There are two requirements that needs to be fulfilled on the migration servers before starting the migration to Office 365. Install the following (select the one that suits your operation system):

 

MSOL Sign-in Assistant:

32 bit

64 bit

 

MSOL Module for Windows PowerShell:

32 bit

64 bit

 

The Admin Account Pooling Utility (AAPU) is used for getting better throughput performance. The AAPU tool provides a workaround by using different migration accounts for each migration thread, instead of having one migration account with a throttling limit, you could have ten migration accounts which would give 10 migration threads in total. You can have up to 10000 migration accounts (NME 4.7.0.82).

 

If you are going to use the AAPU, you should add the parameter below into the NME Global Defaults or Task Parameters.

[Exchange]

O365UsageLocation=<xx>

http://www.iso.org/iso/country_codes/iso_3166_code_lists/country_names_and_code_elements.htm

 

For NME 4.7.0.82 the following text is stated in the release notes (always read them!):

Office 365 Wave 15 Throttling: NME has been updated to better address the PowerShell Runspace throttling introduced in O365 Wave 15. In order to efficiently proceed with migrations to Wave 15, the tenant admin must submit a request through Microsoft to ease the PowerShell throttling restrictions. The tenant admin must open a service request with Microsoft and reference “Bemis Article: 2835021.” The Microsoft Product Group will need this information:

  • tenant domain (tenant.onmicrosoft.com)
  • version of Exchange (in this case, for Wave 15)
  • number of mailboxes to be migrated
  • number of concurrent admin accounts to be used for the migration
  • number of concurrent threads to be used
  • number of Runspaces to be created per minute*
  • proposed limit (powershellMaxTenantRunspaces, powershellMaxConcurrency, etc.), and the number to which to increase the limit*

* For the last two items in this list, the tenant admin should take the total number of threads across all migration machines and add a buffer, because it is difficult to predict the timing of the Runspace initiation. It is best to assume that all potential Runspaces could be created within a minute, so the values for both items should probably both be submitted as the total number.

 

More information about migration performance and throttling can be found by reading the provided link at the end of this post.

 

Network Ports

 

 

Port

In/Out

Type

Source

Target

Description

1352

Out

Domino

Quest NME servers

All Domino mail serversDomino Qcalcon server

Domino/Notes client (migration)

445

Out

NetBIOS/SMB

Quest NME servers

All Domino mail serversDomino Qcalcon serverQuest NME master server

Microsoft-DS/NetBIOS traffic for Migration. For reaching SMB shares. Note: Not required, but recommended.

389

Out

LDAP

Quest NME servers

Active Directory DC server(s)

LDAP

3268

Out

LDAP GC

Quest NME servers

Active Directory DC server(s)

LDAP Global Catalog

1025-65535

Out

High-ports

Quest NME servers

Active Directory DC server(s)Exchange server(s)

High-ports(differs depending on version)

1433

Out

Microsoft SQL

Quest NME servers

Quest NME master server

For reaching SQL DB

443

Out

HTTPS

Quest NME servers

Office 365

Transferring migration content

 

 

Notes from the field

Network Monitoring or Wireshark may sometimes be your best friend during troubleshooting network connectivity.

 

Portqry is another tool that could be of great value during initial network verification.

 

Read through the release notes and the User Guide (PDF), it is included within the NME zip file. All information is collected into that document.

Office 365 Migration Performance and throttling information

 

Read the other parts

Part 1: Migrations – Overview
Part 3: Migrating Domino/Notes to Exchange 2013 On-premise
Part 4: Migrating Domino/Notes to Office 365
Part 5: Migrating Resources Mailboxes, Mail-In databases and Groups
Part 6: Prerequisites for Coexistence between Domino and Exchange 2013/Office 365
Part 7: Configuring Coexistence Manager for Notes with Exchange 2013 On-premise
Part 8: Configuring Coexistence Manager for Notes with Office 365
Part 9: Prerequisites for Quest Migration Manager
Part 10: Migrating User Mailboxes from Exchange 2003 to Exchange 2013 using Migration Manager
Part 11: Migrating User Mailboxes from Exchange On-premise to Office 365

 

Feel free to comment the post, I hope you liked the information. If you find something that might be incorrect/other experiences, leave a comment so it can be updated.

Share this post


Link to post
Share on other sites


Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...