1. introduction
Setting up PowerShell is only necessary for environments if:
the archive system is connected to Exchange
the Outlook add-in is to be used
Migrations from/to Exchange are to be carried out
SharePoint is to be controlled via Shift
2. installation stanoc PowerShell script
The PowerHelper must be installed in <Domino program directory> in the subdirectory stanoc be copied:
https://stanoc.atlassian.net/l/c/vBF13fut
Prerequisite: PowerShell 5.x (version can be changed via command
$psversiontable
in PowerShell) or newer. (From Windows Server 2016).
Older servers require an update ( https://www.microsoft.com/en-us/download/details.aspx?id=54616 - Attention - a reboot is probably due)
The file stanocPowerHelper.zip contains a PowerShell script for accessing Exchange Online or on Premises.
The following work must be carried out in preparation (please continue with either 3. Exchange Online or 4. Exchange on Premises)
Microsoft .NET Framework 4.7.1 or higher is also required for the Exchange Online Management module ( https://learn.microsoft.com/en-us/powershell/exchange/exchange-online-powershell-v2?view=exchange-ps#windows )
PowerShell 7.2 or newer is required for SharePoint (see also https://pnp.github.io/powershell/articles/installation.html ) is required.
We recommend the current LTS version, e.g. from https://learn.microsoft.com/de-de/powershell/scripting/install/installing-powershell-on-windows?view=powershell-7.4 to be used.
2.1 Enable/enforce TLS 1.2
To use secure TLS 1.2 connections, please issue the following command in an administrator PowerShell
cd <Domino Programmverzeichnis>\stanoc .\stanocPowerHelper -ConfigureTLS
If the output looks like in the screenshot (options not set), please answer the query with "Y" and restart the server.
3. Exchange Online and Entra ID
3.1 Installing the required modules
Please execute the following once in the Administrator PowerShell to install the modules for Exchange Online, Microsoft Online and Azure AD:
[Net.ServicePointManager]::SecurityProtocol=[Net.SecurityProtocolType]::Tls12; Install-Module ExchangeOnlineManagement,MSOnline,AzureAD # Optional: Wenn Entra-ID verwendet werden soll: [Net.ServicePointManager]::SecurityProtocol=[Net.SecurityProtocolType]::Tls12; Install-Module -Name Microsoft.Graph.Entra -Repository PSGallery -allowprerelease
3.2 Store Exchange Online access data
ATTENTION: Microsoft no longer allows Basic Auth since September/October 2022. Therefore, please also carry out the following for existing installations
Sign in to the Azure AD portal
App registrations → New registration
Name: "stanocPowerHelper"
→ Register
Copy and save the application ID (client) (required later)
Call up the manifest and in the editor (from approx. line 42) resourceAppId
,id
and type
customize and save
"requiredResourceAccess": [ { "resourceAppId": "00000002-0000-0ff1-ce00-000000000000", "resourceAccess": [ { "id": "dc50a0fb-09a3-484d-be87-e023b12c6440", "type": "Role" } ] } ],
API authorizations
The following API authorizations must also be selected for Entra ID:
Contacts.ReadWrite Directory.ReadWriteAll Group.ReadWriteAll User.ReadWriteAll
Grant administrator approval for the tenant
On the computer on which the PowerShell script is to be executed, create and save the certificate using stanocPowerHelper.ps1
.\stanocPowerHelper.ps1 -createPFX -AppID "AppID aus der oben angelegten App einfügen" -passphrase "Passphrase zum Schützen des PFX-Files" -Organization "firma.onmicrosoft.com"
Attention: The certificate creation under Windows Server 2012 R2 does not work correctly. The certificate creation must therefore be executed on a different server operating system (Windows Server 2019 / Windows Server 2022) or on a local client installation of the 'stanoc PowerHelper script' (min . Windows 10). Otherwise, the following error will occur during the connection:
→ Assign certificate to the app
Select and upload cert.pem
Assign Entra ID roles (Global Reader / Exchange Administrator)
→ You can also define and assign a role group yourself.
Move up one level and switch to "Roles and administrators"
Search for "Exchange Administrator" role
3.3 Testing the connection
.\stanocPowerHelper.ps1 -ReadAllMailBoxproperties -domain Ihre-Domäne -outputfile D:\stanoc\TEMP\test.txt
4. exchange on premises / active directory
4.1 Important note on Exchange on Premises
During the migration phase, a large number of transactions are executed on the Exchange database files. It is therefore important to provide sufficient disk space for storing the transaction logs of the database files. Ideally, these should be stored on a separate volume that can be enlarged if necessary. The size of the transaction logs can exceed the size of the database files.
Alternatively, you can also activate circulation logging for the mailbox databases during the migration.
4.2 Install Exchange Management PowerShell / Active Directory Management Tools (migration server is a member of the AD domain with Exchange)
To do this, execute the following in the PowerShell of the Domino server:
Enable-WindowsOptionalFeature -Online -FeatureName IIS-ManagementScriptingTools,IIS-ManagementScriptingTools,IIS-IIS6ManagementCompatibility,IIS-LegacySnapIn,IIS-ManagementConsole,IIS-Metabase,IIS-WebServerManagementTools,IIS-WebServerRole Add-WindowsFeature -name RSAT-AD-AdminCenter,RSAT-ADDS,RSAT-ADDS-Tools,RSAT-AD-PowerShell,RSAT-ADLDS,RSAT-AD-Tools
If you only need the Active Directory Management Tools, you are finished at this point.
Install Visual Studio C++ 2012 Redistributable (source https://download.microsoft.com/download/1/6/B/16B06F60-3B20-4FF2-B699-5E9B7962F9AE/VSU_4/vcredist_x64.exe )
If .Net 4.8 is not yet installed, please install it (Source: https://go.microsoft.com/fwlink/?linkid=2088631 )
Mount the Exchange ISO file and then install the management tools
LAUFWERKSBUCHSTABE_EXCHANGE_ISO:\setup.exe /role:managementtools /IAcceptExchangeServerLicenseTerms
(from Exchange 2019 CU 11 (or possibly already CU 10):
LAUFWERKSBUCHSTABE_EXCHANGE_ISO:\setup.exe /role:managementtools /IAcceptExchangeServerLicenseTerms_DiagnosticDataOFF
Please check and if not availablecopy the Microsoft.Exchange.ManagedLexRuntime.MPPGRuntime.dll from the Exchange server to the current computer (target and source folder C:\Program Files\Microsoft\Exchange Server\V15\Bin ) Otherwise the following error will occur during execution:
4.3 Set up Remote PowerShell with Basic-Auth (migration server is not a member server of the domain with Exchange)
Additional requirement: Ports TCP 80,443 (5985/5986)
4.3.1 Client
Check current setting
Get-Item wsman:\localhost\client\trustedhosts
If there is an "*" there, this is already OK
Otherwise,
Set-Item wsman:\localhost\client\trustedhosts -Value "Zielserver-IP"
Set basic auth on the client
winrm set winrm/config/client/auth @{Basic="true"}
4.3.2 Exchange server
Enable-PSRemoting -Force Set-PowerShellVirtualDirectory -Identity "PowerShell (Default Web Site)" -BasicAuthentication $true iisreset
4.4 Set up Exchange on Premises ApplicationImpersonation
To do this, execute the following command in the Exchange Management PowerShell:
New-ManagementRoleAssignment -name:impersonationAssignmentName -Role:ApplicationImpersonation -User:adminstanoc@ad.kunde.de
adminstanoc@ad.kunde.de with the corresponding AD user who is to perform the migration
4.5 Adjust Exchange on Premises limits
Get-Mailbox | Set-Mailbox -MaxSendSize 150MB -MaxReceiveSize 150MB Get-MailboxPlan | Set-MailboxPlan -MaxSendSize 150MB -MaxReceiveSize 150MB New-ThrottlingPolicy Migrationpolicy Set-ThrottlingPolicy Migrationpolicy -RCAMaxConcurrency Unlimited -EWSMaxConcurrency Unlimited -EWSMaxSubscriptions Unlimited -CPAMaxConcurrency Unlimited -EwsCutoffBalance Unlimited -EwsMaxBurst Unlimited -EwsRechargeRate Unlimited Get-Mailbox | Set-Mailbox -ThrottlingPolicy Migrationpolicy
4.6 Store Exchange on Premises access data
Then execute stanocPowerHelper.ps1 once with the parameter -prepareCredentials to store the credentials for accessing Exchange PowerShell:
.\stanocPowerHelper.ps1 -preprareCredentials
These are then stored in AES encrypted form and used for the connection to Exchange from the Domino server.
5 SharePoint Online
PnP PowerShell must be installed in PowerShell 7.2+: To do this, start an administrative PowerShell 7.2+ (pwsh.exe)
Install-Module PnP.PowerShell -Scope AllUsers
For SharePoint, the app must be registered in the same way as Exchange Online and also authenticated using a certificate.
The following API authorizations must also be set (application with administrator approval)
SharePoint → Sites.FullControl.All
SharePoint → TermStore.ReadWrite.All
SharePoint → User.ReadWrite.All
The application ID and a secret are also required for use via API (not PowerShell).
6. troubleshooting for the execution
If an "is not digitally signed" error occurs during execution, please execute this command:
Set-ExecutionPolicy -Scope LocalMachine -ExecutionPolicy bypass