Zum Ende der Metadaten springen
Zum Anfang der Metadaten

Sie zeigen eine alte Version dieser Seite an. Zeigen Sie die aktuelle Version an.

Unterschiede anzeigen Seitenhistorie anzeigen

« Vorherige Version anzeigen Version 30 Nächste Version anzeigen »

1. introduction

Setting up PowerShell is only necessary for environments if:

  • the archive system is connected to Exchange

  • the Outlook add-in is to be used

  • Migrations from/to Exchange are to be carried out

  • SharePoint is to be controlled via Shift

2. installation stanoc PowerShell script

The PowerHelper must be installed in <Domino program directory> in the subdirectory stanoc be copied:
https://stanoc.atlassian.net/l/c/vBF13fut

Prerequisite: PowerShell 5.x (version can be changed via command

$psversiontable 

in PowerShell) or newer. (From Windows Server 2016).

Older servers require an update ( https://www.microsoft.com/en-us/download/details.aspx?id=54616 - Attention - a reboot is probably due)
The file stanocPowerHelper.zip contains a PowerShell script for accessing Exchange Online or on Premises.

The following work must be carried out in preparation (please continue with either 3. Exchange Online or 4. Exchange on Premises)

Microsoft .NET Framework 4.7.1 or higher is also required for the Exchange Online Management module ( https://learn.microsoft.com/en-us/powershell/exchange/exchange-online-powershell-v2?view=exchange-ps#windows )

PowerShell 7.2 or newer is required for SharePoint (see also https://pnp.github.io/powershell/articles/installation.html ) is required.

We recommend the current LTS version, e.g. from https://learn.microsoft.com/de-de/powershell/scripting/install/installing-powershell-on-windows?view=powershell-7.4 to be used.

2.1 Enable/enforce TLS 1.2

To use secure TLS 1.2 connections, please issue the following command in an administrator PowerShell

cd <Domino Programmverzeichnis>\stanoc
.\stanocPowerHelper -ConfigureTLS

If the output looks like in the screenshot (options not set), please answer the query with "Y" and restart the server.

3. Exchange Online and Entra ID

3.1 Installing the required modules

Please execute the following once in the Administrator PowerShell to install the modules for Exchange Online, Microsoft Online and Azure AD:

[Net.ServicePointManager]::SecurityProtocol=[Net.SecurityProtocolType]::Tls12; Install-Module ExchangeOnlineManagement,MSOnline,AzureAD
# Optional: Wenn Entra-ID verwendet werden soll:
[Net.ServicePointManager]::SecurityProtocol=[Net.SecurityProtocolType]::Tls12; Install-Module -Name Microsoft.Graph.Entra -Repository PSGallery -allowprerelease

3.2 Store Exchange Online access data

ATTENTION: Microsoft no longer allows Basic Auth since September/October 2022. Therefore, please also carry out the following for existing installations

Sign in to the Azure AD portal

https://aad.portal.azure.com/

App registrations → New registration

Name: "stanocPowerHelper"

→ Register

Copy and save the application ID (client) (required later)

Call up the manifest and in the editor (from approx. line 42) resourceAppId,id and type customize and save

"requiredResourceAccess": [
   {
      "resourceAppId": "00000002-0000-0ff1-ce00-000000000000",
      "resourceAccess": [
         {
            "id": "dc50a0fb-09a3-484d-be87-e023b12c6440",
            "type": "Role"
         }
      ]
   }
],

API authorizations

The following API authorizations must also be selected for Entra ID:

Contacts.ReadWrite
Directory.ReadWriteAll
Group.ReadWriteAll
User.ReadWriteAll

Grant administrator approval for the tenant

On the computer on which the PowerShell script is to be executed, create and save the certificate using stanocPowerHelper.ps1

.\stanocPowerHelper.ps1 -createPFX -AppID "AppID aus der oben angelegten App einfügen" -passphrase "Passphrase zum Schützen des PFX-Files" -Organization "firma.onmicrosoft.com"

Attention: The certificate creation under Windows Server 2012 R2 does not work correctly. The certificate creation must therefore be executed on a different server operating system (Windows Server 2019 / Windows Server 2022) or on a local client installation of the 'stanoc PowerHelper script' (min . Windows 10). Otherwise, the following error will occur during the connection:

image-20240207-155547.png

→ Assign certificate to the app

Select and upload cert.pem

Assign Entra ID roles (Global Reader / Exchange Administrator)

→ You can also define and assign a role group yourself.

Move up one level and switch to "Roles and administrators"

Search for "Exchange Administrator" role

3.3 Testing the connection

.\stanocPowerHelper.ps1 -ReadAllMailBoxproperties -domain Ihre-Domäne -outputfile D:\stanoc\TEMP\test.txt

4. exchange on premises / active directory

4.1 Important note on Exchange on Premises

During the migration phase, a large number of transactions are executed on the Exchange database files. It is therefore important to provide sufficient disk space for storing the transaction logs of the database files. Ideally, these should be stored on a separate volume that can be enlarged if necessary. The size of the transaction logs can exceed the size of the database files.

Alternatively, you can also activate circulation logging for the mailbox databases during the migration.

4.2 Install Exchange Management PowerShell / Active Directory Management Tools (migration server is a member of the AD domain with Exchange)

To do this, execute the following in the PowerShell of the Domino server:

Enable-WindowsOptionalFeature -Online -FeatureName IIS-ManagementScriptingTools,IIS-ManagementScriptingTools,IIS-IIS6ManagementCompatibility,IIS-LegacySnapIn,IIS-ManagementConsole,IIS-Metabase,IIS-WebServerManagementTools,IIS-WebServerRole
Add-WindowsFeature -name RSAT-AD-AdminCenter,RSAT-ADDS,RSAT-ADDS-Tools,RSAT-AD-PowerShell,RSAT-ADLDS,RSAT-AD-Tools

If you only need the Active Directory Management Tools, you are finished at this point.

Install Visual Studio C++ 2012 Redistributable (source https://download.microsoft.com/download/1/6/B/16B06F60-3B20-4FF2-B699-5E9B7962F9AE/VSU_4/vcredist_x64.exe )
If .Net 4.8 is not yet installed, please install it (Source: https://go.microsoft.com/fwlink/?linkid=2088631 )

Mount the Exchange ISO file and then install the management tools

LAUFWERKSBUCHSTABE_EXCHANGE_ISO:\setup.exe /role:managementtools /IAcceptExchangeServerLicenseTerms 

(from Exchange 2019 CU 11 (or possibly already CU 10):

LAUFWERKSBUCHSTABE_EXCHANGE_ISO:\setup.exe /role:managementtools /IAcceptExchangeServerLicenseTerms_DiagnosticDataOFF 

Please check and if not availablecopy the Microsoft.Exchange.ManagedLexRuntime.MPPGRuntime.dll from the Exchange server to the current computer (target and source folder C:\Program Files\Microsoft\Exchange Server\V15\Bin ) Otherwise the following error will occur during execution:

4.3 Set up Remote PowerShell with Basic-Auth (migration server is not a member server of the domain with Exchange)

Additional requirement: Ports TCP 80,443 (5985/5986)

4.3.1 Client

Check current setting

Get-Item wsman:\localhost\client\trustedhosts

If there is an "*" there, this is already OK

Otherwise,

Set-Item wsman:\localhost\client\trustedhosts -Value "Zielserver-IP"

Set basic auth on the client

winrm set winrm/config/client/auth @{Basic="true"}

4.3.2 Exchange server

Enable-PSRemoting -Force
Set-PowerShellVirtualDirectory -Identity "PowerShell (Default Web Site)" -BasicAuthentication $true
iisreset

4.4 Set up Exchange on Premises ApplicationImpersonation

To do this, execute the following command in the Exchange Management PowerShell:

New-ManagementRoleAssignment -name:impersonationAssignmentName -Role:ApplicationImpersonation -User:adminstanoc@ad.kunde.de

adminstanoc@ad.kunde.de with the corresponding AD user who is to perform the migration

4.5 Adjust Exchange on Premises limits

Get-Mailbox | Set-Mailbox -MaxSendSize 150MB -MaxReceiveSize 150MB
Get-MailboxPlan | Set-MailboxPlan -MaxSendSize 150MB -MaxReceiveSize 150MB

New-ThrottlingPolicy Migrationpolicy
Set-ThrottlingPolicy Migrationpolicy -RCAMaxConcurrency Unlimited -EWSMaxConcurrency Unlimited -EWSMaxSubscriptions Unlimited -CPAMaxConcurrency Unlimited -EwsCutoffBalance Unlimited -EwsMaxBurst Unlimited -EwsRechargeRate Unlimited
Get-Mailbox | Set-Mailbox -ThrottlingPolicy Migrationpolicy

4.6 Store Exchange on Premises access data

Then execute stanocPowerHelper.ps1 once with the parameter -prepareCredentials to store the credentials for accessing Exchange PowerShell:

.\stanocPowerHelper.ps1 -preprareCredentials

These are then stored in AES encrypted form and used for the connection to Exchange from the Domino server.

5 SharePoint Online

PnP PowerShell must be installed in PowerShell 7.2+: To do this, start an administrative PowerShell 7.2+ (pwsh.exe)

Install-Module PnP.PowerShell -Scope AllUsers

For SharePoint, the app must be registered in the same way as Exchange Online and also authenticated using a certificate.

The following API authorizations must also be set (application with administrator approval)

  • SharePoint → Sites.FullControl.All

  • SharePoint → TermStore.ReadWrite.All

  • SharePoint → User.ReadWrite.All

    image-20240913-144454.png

The application ID and a secret are also required for use via API (not PowerShell).

6. troubleshooting for the execution

If an "is not digitally signed" error occurs during execution, please execute this command:

Set-ExecutionPolicy -Scope LocalMachine -ExecutionPolicy bypass

  • Keine Stichwörter