The following instructions are designed to assist you in migrating mail from Scalix.
Prerequisites
- You will need the credentials (username and password) of an admin account within Scalix.
- Your Scalix administrator account must be correctly configured in order to access all data within your system.
Source Platform Prerequisites
Configuring the Scalix admin
In order to read user lists from the system, a full system administrator account is required. To set a user as a full system administrator, log into the Scalix Administration Console, select a user, navigate to the ‘Advanced’ tab and ensure that the ‘Is full administrator’ box is selected. The user can be either a standard or advanced user.
Alongside being a full administrator, the user must also have mboxadmin rights. To set a user to have mboxadmin rights, from your Linux shell run the following command as root:
sudo /opt/scalix/bin/ommodu -o ADMIN -c +mboxadmin
Replace ADMIN with the name of your full system admin account.
The path to your Scalix administration binaries may differ, please refer to your Scalix installation or system administrator for details.
Destination Platform Prerequisites - Office 365
Setting up Application Impersonation
Alternative Application Impersonation Setup
First login to the Office 365 Exchange Admin Portal. Go to 'permissions' on the left hand side bar and click the + symbol in order to add a new role group. Enter 'CloudMigratorImpersonation' in both the Name and Description fields.
Next, click the + symbol under 'Roles', select ApplicationImpersonation, click 'add' and the click 'OK'.
Next, click the + symbol under 'Members', select your administrator user, click 'add' and then click 'OK'.
Click 'Save' and you will see the impersonation role listen in admin roles. Application impersonation is now set up.
Setting up Delegated Access
Delegated access gives a user account permission to access another. Delegated access must be set up if you are not using an Enterprise plan of Office 365
First login to the Office 365 Exchange Admin Portal. Go to 'recipients' then under 'mailboxes', double-click the user you wish to delegate access to then go to 'Mailbox Delegation' and click the '+' symbol under 'Full Access'
Next, select your administrator user, click 'add' and then click 'OK'
Click 'Save' and your administrator user now has the required access for the migration to occur, repeat this process for all users you wish to migrate.
Office 365 Groups Azure App Registration
Office 365 Groups Azure App Registration
The following steps are required to migrate from/to Office 365 Groups.
- Login to the Microsoft Azure portal for your chosen domain.
- Click 'Azure Active Directory'and then'App registrations'
- Click 'New registration'
- Enter a name for your application (This can be changed at any time).
- Supported Account Types should be left as the default 'Accounts in this organizational directory only (NAME OF COMPANY)'
- Redirect URI is not required.
- Click 'Register'
- On successfully registering your application you will be redirected to the below screen.
- NOTE : Open Notepad and Copy 'Application (client) ID'. This is the 'Client Id' required in the CloudM Migrate configuration.
- Click 'Certificates & secrets'
- 'New client secret'
- Select 'Never'
- Click 'Add'
- Client Secret will be generated and the client secrets table populated like below.
- NOTE : Copy the value generated and paste the value into notepad. This is the 'Client Secret' required in the CloudM Migrate configuration.
- Click 'API Permissions'
- Remove the default 'User.Read' by selecting the row and clicking 'Remove permission'
- Click 'Add a permission', under 'Microsoft APIs' select 'Microsoft Graph'
- Click 'Application Permission'
- Under 'Select Permissions' type the name of the permission you would like to add. Once all added, click 'Grant admin consent for '(Name of company)'
- Directory.Read.All
- Directory.ReadWrite.All
- Group.Read.All
- Sites.ReadWrite.All
- AuditLog.Read.All
- Directory.Read.All
- Group.Read.All
- Group.ReadWrite.All
- Sites.ReadWrite.All
Destination Platform Prerequisites - Google Workspace
CloudM Migrate Hosted makes migration as simple as possible. The only other prerequisite is the installation of the CloudM Migrate Hosted application. When accessing CloudM Migrate Hosted for the first time, you will be prompted to install the app, simply authorise and you are all set.
Source Platform - Scalix
Choose Scalix as the migration source and enter your Scalix settings into CloudM Migrate and then click next.
- Server Address - The hostname or IP address of the Scalix server.
- Server Names - All server names (not IP addresses) that are to be migrated from. Separate each name with a comma.
- Admin Username - The username of an administrator account with full rights on your Scalix server.
- Admin Password - The password of the specified administrator account.
- Test Username - Specify the full email address of a user within the system, this must be a real user and must be the primary email address; not an alias.
CloudM Migrate will now perform a small connection test to verify that the details you have entered are correct. If this fails you may have entered something incorrectly. If you are failing to resolve the issue please contact CloudM Migrate Support.
Destination Platform - Google Workspace
Select Google Workspace as your destination platform.
Select where you would like your data to be migrated. If you have purchased Microsoft 365 for Business or Google Vault, you may want to migrate data directly into Google Vault.
To enable Google Vault for your domain, please see the following article: Get started: Vault administrators
Enter information for your Google Workspace admin account.
- Domain Name - The domain name you will be migrating from. This should be the Internet domain name, not the local domain name.
- Admin Username - An administrator account for the domain specified, this will usually be an email address for a Super Admin.
- Service Account Email Address - Before attempting to configure CloudM Migrate, you should have created a Google Cloud platform project and created a service account for it. Input the service account's email address in this field.
- Private Key - The file path to the P12 key that was generated and downloaded when creating the OAuth service account.
If you cannot find the private key, go back to Google Cloud Platform service accounts, select your project (if not already selected), use the option button on the right of the service account and click Create Key. Select P12 and download the key file.
Once you have configured the settings, select Next. CloudM Migrate will perform a connection test against your domain to verify that everything has been entered correctly.
Destination Platform - Office 365
Select Office 365 as your destination platform.
Enter information for your O365 admin account.
- Admin Username - The email address of an administrator within your Office 365 environment.
- Admin Password - The password for the administrator account specified earlier.
- Domain Name - The domain name of your Office 365 environment, this might be the part after the @ in your administrator email address. If migrating from several different domains, several migrations will be needed.
- Test Username - A non-admin user who is already present in the system.
CloudM Migrate will perform a connection test against your O365 domain to verify that everything has been entered correctly.
If you are on a Small Business or Kiosk plan and need to use delegated access to migrate from Office 365 then you need to make an advanced settings change. Click Advanced Settings and under the Account Details section select Credential Method and change it to Delegated Access.
CloudM Migrate includes a number of platform configuration and provisioning options for Office 365 migration that enable advanced automation scenarios. These options can be executed during the migration process and will run as part of the migration of users' data. See here for detailed information.
There are special considerations when you need to preserve the user's domain in the target tenancy. This is because you cannot have the same domain in two Office 365 tenancies at the same time. The recommended approach to achieve this is detailed below:
- All users to be migrated in the source tenancy will have a primary SMTP email address ending in their current domain e.g. 'user@company.com'. Check that each of these also has at least one alias. This will be needed later to avoid having to delete users in order to stop mail going to their original mailboxes
- Provision users mailboxes in the target tenancy with their primary SMTP email addresses based on the '.onmicrosoft.com' domain.
- Configure CloudM Migrate with the target domain based on the new tenancy's '.onmicrosoft.com' domain. This will be used for both the bulk migration pass and the delta pass.
- On completion of the delta pass, all the users should have their current primary SMTP address switched to their alias. This will in-effect stop mail from being received and be the start of the mail 'down-time'.
- Remove the 'company.com' domain from all users in the source tenancy. It is essential that no objects remain assigned to this domain otherwise you will not be able to remove the domain from the tenancy.
- Remove the 'company.com' domain from the source tenancy.
- Add the 'company.com' domain to the target tenancy
- Assign the 'company.com' domain to all the users in the target tenancy and make this the primary SMTP email address
- This ends the 'mail down-time' as mail will now successfully flow to the users again in the new tenancy.