Some organizations have heavy restrictions on providing a service account that is within the “Organization Management” role. This article describes a alternative set of permissions to meet the requirements of a MailboxShuttle deployment.
MailboxShuttle requires elevated rights in order to synchronize Active Directory (AD) and on premises Exchange environment(s). When the “Organization Management” role is prohibited due to internal security requirements, a custom “Role Group” can be created within Exchange. The role group must have the following roles.

  • Migration
  • Move Mailboxes
  • View-Only Configuration
  • View-Only Recipients
  • Mailbox Import Export

For information on how to manage Role Groups for your version of Exchange please visit Microsoft Technet.
Note: If advanced functionality such as pre-scripts and/or post-scripts are required, the permissions will need to be modified accordingly.
Applies to Exchange 2010, 2013

Print Friendly, PDF & Email