Setting up PowerShell is only necessary for environments if:
the archive system is connected to Exchange
the Outlook add-in is to be used
Migrations from/to Exchange are to be carried out
SharePoint is to be controlled via Shift
The PowerHelper must be installed in <Domino program directory> in the subdirectory stanoc be copied:
https://stanoc.atlassian.net/l/c/vBF13fut
Prerequisite: PowerShell 5.x (version can be changed via command
$psversiontable |
in PowerShell) or newer. (From Windows Server 2016).
Older servers require an update ( https://www.microsoft.com/en-us/download/details.aspx?id=54616 - Attention - a reboot is probably due)
The file stanocPowerHelper.zip contains a PowerShell script for accessing Exchange Online or on Premises.
The following work must be carried out in preparation (please continue with either 3. Exchange Online or 4. Exchange on Premises)
Microsoft .NET Framework 4.7.1 or higher is also required for the Exchange Online Management module ( https://learn.microsoft.com/en-us/powershell/exchange/exchange-online-powershell-v2?view=exchange-ps#windows )
PowerShell 7.2 or newer is required for SharePoint (see also https://pnp.github.io/powershell/articles/installation.html ) is required.
We recommend the current LTS version, e.g. from https://learn.microsoft.com/de-de/powershell/scripting/install/installing-powershell-on-windows?view=powershell-7.4 to be used.
To use secure TLS 1.2 connections, please issue the following command in an administrator PowerShell
cd <Domino Programmverzeichnis>\stanoc .\stanocPowerHelper -ConfigureTLS |
If the output looks like in the screenshot (options not set), please answer the query with "Y" and restart the server.
Please execute the following once in the Administrator PowerShell to install the modules for Exchange Online, Microsoft Online and Azure AD:
[Net.ServicePointManager]::SecurityProtocol=[Net.SecurityProtocolType]::Tls12; Install-Module ExchangeOnlineManagement,MSOnline,AzureAD # Optional: Wenn Entra-ID verwendet werden soll: [Net.ServicePointManager]::SecurityProtocol=[Net.SecurityProtocolType]::Tls12; Install-Module -Name Microsoft.Graph.Entra -Repository PSGallery -allowprerelease |
ATTENTION: Microsoft no longer allows Basic Auth since September/October 2022. Therefore, please also perform the following for existing installations
Sign in to the Azure AD portal
App registrations → New registration
Name: "stanocPowerHelper"
→ Register
Copy and save the application ID (client) (required later)
Call up the manifest and in the editor (from approx. line 42) resourceAppId,id and type customize and save
"requiredResourceAccess": [
{
"resourceAppId": "00000002-0000-0ff1-ce00-000000000000",
"resourceAccess": [
{
"id": "dc50a0fb-09a3-484d-be87-e023b12c6440",
"type": "Role"
}
]
}
], |
API authorizations
The following API authorizations must also be selected for Entra ID:
Contacts.ReadWrite Directory.ReadWriteAll Group.ReadWriteAll User.ReadWriteAll |
Grant administrator approval for the tenant
On the computer on which the PowerShell script is to be executed, create and save the certificate using stanocPowerHelper.ps1
.\stanocPowerHelper.ps1 -createPFX -AppID "AppID aus der oben angelegten App einfügen" -passphrase "Passphrase zum Schützen des PFX-Files" -Organization "firma.onmicrosoft.com" |
Attention: The certificate creation under Windows Server 2012 R2 does not work correctly. The certificate creation must therefore be executed on a different server operating system (Windows Server 2019 / Windows Server 2022) or on a local client installation of the 'stanoc PowerHelper script' (min . Windows 10). Otherwise, the following error will occur during the connection:
→ Assign certificate to the app
Select and upload cert.pem
Assign Entra ID roles (Global Reader / Exchange Administrator)
→ You can also define and assign a role group yourself.
Move up one level and switch to "Roles and administrators"
Search for "Exchange Administrator" role
.\stanocPowerHelper.ps1 -ReadAllMailBoxproperties -domain Ihre-Domäne -outputfile D:\stanoc\TEMP\test.txt |
During the migration phase, a large number of transactions are executed on the Exchange database files. It is therefore important to provide sufficient disk space for storing the transaction logs of the database files. Ideally, these should be stored on a separate volume that can be enlarged if necessary. The size of the transaction logs can exceed the size of the database files.
Alternatively, you can also activate circulation logging for the mailbox databases during the migration.
To do this, execute the following in the PowerShell of the Domino server:
Enable-WindowsOptionalFeature -Online -FeatureName IIS-ManagementScriptingTools,IIS-ManagementScriptingTools,IIS-IIS6ManagementCompatibility,IIS-LegacySnapIn,IIS-ManagementConsole,IIS-Metabase,IIS-WebServerManagementTools,IIS-WebServerRole Add-WindowsFeature -name RSAT-AD-AdminCenter,RSAT-ADDS,RSAT-ADDS-Tools,RSAT-AD-PowerShell,RSAT-ADLDS,RSAT-AD-Tools |
If you only need the Active Directory Management Tools, you are finished at this point.
Install Visual Studio C++ 2012 Redistributable (source https://download.microsoft.com/download/1/6/B/16B06F60-3B20-4FF2-B699-5E9B7962F9AE/VSU_4/vcredist_x64.exe )
If .Net 4.8 is not yet installed, please install it (Source: https://go.microsoft.com/fwlink/?linkid=2088631 )
Mount the Exchange ISO file and then install the management tools
LAUFWERKSBUCHSTABE_EXCHANGE_ISO:\setup.exe /role:managementtools /IAcceptExchangeServerLicenseTerms |
(from Exchange 2019 CU 11 (or possibly already CU 10):
LAUFWERKSBUCHSTABE_EXCHANGE_ISO:\setup.exe /role:managementtools /IAcceptExchangeServerLicenseTerms_DiagnosticDataOFF |
Please check and if not availablecopy the Microsoft.Exchange.ManagedLexRuntime.MPPGRuntime.dll from the Exchange server to the current computer (target and source folder C:\Program Files\Microsoft\Exchange Server\V15\Bin ) Otherwise the following error will occur during execution:
Requirement for the user: At least the Exchange role Recipient management must be assigned.
Additional requirement: Ports TCP 80,443 (5985/5986)
Check current setting
Get-Item wsman:\localhost\client\trustedhosts |
If there is an "*" there, this is already OK
Otherwise,
Set-Item wsman:\localhost\client\trustedhosts -Value "Zielserver-IP" |
Set basic auth on the client
winrm set winrm/config/client/auth @{Basic="true"} |
Set AllowUnencrypted on the client
winrm set winrm/config/client '@{AllowUnencrypted="true"}' |
Enable-PSRemoting -Force Set-PowerShellVirtualDirectory -Identity "PowerShell (Default Web Site)" -BasicAuthentication $true iisreset |
To do this, execute the following command in the Exchange Management PowerShell:
New-ManagementRoleAssignment -name:impersonationAssignmentName -Role:ApplicationImpersonation -User:adminstanoc@ad.kunde.de |
adminstanoc@ad.kunde.de with the corresponding AD user who is to perform the migration
Get-Mailbox | Set-Mailbox -MaxSendSize 150MB -MaxReceiveSize 150MB Get-MailboxPlan | Set-MailboxPlan -MaxSendSize 150MB -MaxReceiveSize 150MB New-ThrottlingPolicy Migrationpolicy Set-ThrottlingPolicy Migrationpolicy -RCAMaxConcurrency Unlimited -EWSMaxConcurrency Unlimited -EWSMaxSubscriptions Unlimited -CPAMaxConcurrency Unlimited -EwsCutoffBalance Unlimited -EwsMaxBurst Unlimited -EwsRechargeRate Unlimited Get-Mailbox | Set-Mailbox -ThrottlingPolicy Migrationpolicy |
Then execute the stanocPowerHelper.ps1 once with the parameter -prepareCredentials to store the credentials for accessing Exchange PowerShell:
.\stanocPowerHelper.ps1 -preprareCredentials |
These are then stored in AES encrypted form and used for the connection to Exchange from the Domino server.
PnP PowerShell must be installed in PowerShell 7.2+: To do this, start an administrative PowerShell 7.2+ (pwsh.exe)
Install-Module PnP.PowerShell -Scope AllUsers |
For SharePoint, the app must be registered in the same way as Exchange Online and also authenticated using a certificate.
If a different registered app is to be used for Shift than for SWAP, the credentials for this case must be saved separately and the path must be specified absolutely (without \ at the end!) in the Shift target configuration.
.\stanocPowerHelper.ps1 -prepareCredentials -CredentialPath "C:\Program Files\HCL\Domino\stanoc\stanocPowerHelperShift" |
The following API authorizations must also be set (application with administrator approval)
SharePoint → Sites.FullControl.All
SharePoint → TermStore.ReadWrite.All
SharePoint → User.ReadWrite.All
For testing
.\stanocPowerHelper.ps1 -ConnectPNP -PnpSiteURL "https://.."" -CredentialPath "C:\Program Files\HCL\Domino\stanoc\stanocPowerHelperShift" |
can be used.
The application ID and a secret are also required for use via API (not PowerShell).
If an "is not digitally signed" error occurs during execution, please execute this command:
Set-ExecutionPolicy -Scope LocalMachine -ExecutionPolicy bypass |
