...
...
...
...
...
...
Inhalt |
---|
1. introduction
Setting up PowerShell is only necessary for environments if:
...
We recommend the current LTS version, e.g. from https://learn.microsoft.com/de-de/powershell/scripting/install/installing-powershell-on-windows?view=powershell-7.4 to be used.
2.1. 2.1 Enable/enforce TLS 1.2
To use secure TLS 1.2 connections, please issue the following command in an administrator PowerShell
...
3. Exchange Online and Entra ID
3.1. 3.1 Installing the required modules
Please execute run the following once in the Administrator PowerShell to install the modules for Exchange Online, Microsoft Online and Azure AD:
Codeblock |
---|
[Net.ServicePointManager]::SecurityProtocol=[Net.SecurityProtocolType]::Tls12; Install-Module ExchangeOnlineManagement,MSOnline,AzureAD # Optional: Wenn Entra-ID verwendet werden soll: [Net.ServicePointManager]::SecurityProtocol=[Net.SecurityProtocolType]::Tls12; Install-Module -Name Microsoft.Graph.Entra -Repository PSGallery -allowprerelease |
3.2. 3.2 Store Exchange Online access data
ATTENTION: Microsoft no longer allows Basic Auth since September/October 2022. Therefore, please also carry out the following for existing installations
Sign in to the Azure AD portal
...
Codeblock |
---|
.\stanocPowerHelper.ps1 -createPFX -AppID "AppID aus der oben angelegten App einfügen" -passphrase "Passphrase zum Schützen des PFX-Files" -Organization "firma.onmicrosoft.com" |
...
Attention: The certificate creation under Windows Server 2012 R2 does not work correctly. The certificate creation must therefore be executed on a different server operating system (Windows Server 2019 / Windows Server 2022) or on a local client installation of the 'stanoc PowerHelper script' (min . Windows 10). Otherwise, the following error will occur during the connection:
...
→ You can also define and assign a role group yourself.
Move Go up one level and switch to "Roles and administrators"
...
Search for "Exchange Administrator" role
...
3.3. 3.3 Testing the connection
Codeblock |
---|
.\stanocPowerHelper.ps1 -ReadAllMailBoxproperties -domain Ihre-Domäne -outputfile D:\stanoc\TEMP\test.txt |
4. exchange on premises / active directory
4.1. 4.1 Important note on Exchange on Premises
During the migration phase, a large number of transactions are executed on the Exchange database files. It is therefore important to provide sufficient disk space for storing the transaction logs of the database files. Ideally, these should be stored on a separate volume that can be enlarged if necessary. The size of the transaction logs can exceed the size of the database files.
Alternatively, you can also activate circulation logging for the mailbox databases during the migration.
4.2. 4.2 Install Exchange Management PowerShell / Active Directory Management Tools (migration server is a member of the AD domain with Exchange)
To do this, execute the following in the PowerShell of the Domino server:
...
Codeblock |
---|
LAUFWERKSBUCHSTABE_EXCHANGE_ISO:\setup.exe /role:managementtools /IAcceptExchangeServerLicenseTerms_DiagnosticDataOFF |
Please check and if not availablecopy the Microsoft.Exchange.ManagedLexRuntime.MPPGRuntime.dll from the Exchange server to the current computer (target and source folder C:\Program Files\Microsoft\Exchange Server\V15\Bin ) Otherwise the following error will occur during execution:
...
View file | ||
---|---|---|
|
4.3. 4.3 Set up Remote PowerShell with Basic-Auth (migration server is not a member server of the domain with Exchange)
Additional requirement: Ports TCP 80,443 (5985/5986)
4.3.1. 4.3.1 Client
Check current setting
Codeblock |
---|
Get-Item wsman:\localhost\client\trustedhosts |
...
Codeblock |
---|
winrm set winrm/config/client/auth @{Basic="true"} |
4.3.2. 4.3.2 Exchange server
...
Codeblock |
---|
Enable-PSRemoting -Force Set-PowerShellVirtualDirectory -Identity "PowerShell (Default Web Site)" -BasicAuthentication $true iisreset |
4.4. 4.4 Set up Exchange on Premises ApplicationImpersonation
To do this, execute the following command in the Exchange Management PowerShell:
...
adminstanoc@ad.kunde.de with the corresponding AD user who is to perform the migration
4.5. 4.5 Adjust Exchange on Premises limits
Codeblock |
---|
Get-Mailbox | Set-Mailbox -MaxSendSize 150MB -MaxReceiveSize 150MB Get-MailboxPlan | Set-MailboxPlan -MaxSendSize 150MB -MaxReceiveSize 150MB New-ThrottlingPolicy Migrationpolicy Set-ThrottlingPolicy Migrationpolicy -RCAMaxConcurrency Unlimited -EWSMaxConcurrency Unlimited -EWSMaxSubscriptions Unlimited -CPAMaxConcurrency Unlimited -EwsCutoffBalance Unlimited -EwsMaxBurst Unlimited -EwsRechargeRate Unlimited Get-Mailbox | Set-Mailbox -ThrottlingPolicy Migrationpolicy |
4.6. 4.6 Store Exchange on Premises access data
Then execute the stanocPowerHelper.ps1 once with the parameter -prepareCredentials to store the credentials for accessing Exchange PowerShell:
...
These are then stored in AES encrypted form and used for the connection to Exchange from the Domino server.
5. 5 SharePoint Online
PnP PowerShell must be installed in PowerShell 7.2+: To do this, start an administrative PowerShell 7.2+ (pwsh.exe)
...
For SharePoint, the app must be registered in the same way as Exchange Online and also authenticated using a certificate.
If a different registered app is to be used for Shift than for SWAP, the credentials for this case must be saved separately and the path must be specified absolutely (without \ at the end!) in the Shift target configuration.
Codeblock |
---|
.\stanocPowerHelper.ps1 -prepareCredentials -CredentialPath "C:\Program Files\HCL\Domino\stanoc\stanocPowerHelperShift" |
...
The MS Graph API functions for SharePoint Online are also requiredfollowing API authorizations must also be set (application with administrator approval)
SharePoint → Sites.FullControl.All
SharePoint → TermStore.ReadWrite.All
SharePoint → User.ReadWrite.All
For testing
Codeblock |
---|
.\stanocPowerHelper.ps1 -ConnectPNP -PnpSiteURL "https://.."" -CredentialPath "C:\Program Files\HCL\Domino\stanoc\stanocPowerHelperShift" |
can be used.
The application ID and a secret are also required for use via API (not PowerShell).
6. troubleshooting for the execution
...