CloudMigrator Quick Start Guide
Migrating from Exchange 2000/2003 SP1+ to GSuite
The following instructions are designed to assist you in migrating mail from Exchange 2000/2003 SP1+ to GSuite.
- Details of your Exchange 2000/2003 SP1+ Active Directory.
- Details of your Exchange 2000/2003 SP1+ Server.
- Created a dedicated user that will be used solely for migration with permission to access all items in every mailbox.
- Set up a Google project and a service account for your destination domain.
Setting up a dedicated user in Exchange 2003
To migrate from Exchange 2003, you must set up a dedicated user with access to all mailboxes on your server. An existing user or administrator can be used but it is recommended that a dedicated account is created solely for migration purposes. To accomplish this, permissions must be given at the mailbox store level.
Start by creating a new regular user.
Navigate to the mailbox store in the Exchange System Manager, right click the store and click 'Properties', click the 'Security' tab and add the new user to the list. In the new user's permissions, make sure that 'Recieve As' is set to 'allow'.
The user now has the basic access required to read all mailbox items. Repeat this for all mailbox stores that are to be migrated and require access
Setting up a service account and Google APIs
In order to access your users' email, files etc. you will need to create a google project and set up a service account. You will also need to enable the relevant APIs.
Firstly, go to your google cloud console, (login as an administrator if you are not already) and click 'Project' at the top and then 'Create Project'.
Enter a name for your project and click 'Create'.
When you have created your project, click on the options menu in the top left of the page, then 'API Manager', then 'Credentials'. Click on 'New credentials' and then 'Service account key'
Next, select 'New service account', name it anything and select 'Project' and then 'Owner' as the role from the dropdown list, finally select P12 as the key type and click 'Create'. Upon clicking 'Create', a P12 file will be downloaded; this is important for later so keep a note of where you downloaded it.
Dismiss the dialog box and on the right hand side of the page, click 'Manage service accounts' and click the three dots beside your service account, then select 'Edit'
You should now be met with the edit service account window, check 'Enable Google Apps Domain-wide Delegation' and click 'Configure consent screen'.
Next, give your product any name you wish and click 'Save' to be taken back to the previous window. Click 'Save' again.
Now make a note of the email address of the service account you just made as you will need this later to configure CloudMigrator. Click 'View Client ID' in the right most column of the service account table and make a note of that too.
Next, click on the options menu again, then 'API Manager', then 'Library'. This will take you to a page where you can search for and enable various google APIs, just use the search box and the enable button at the top of each APIs respective page to enable to following APIs.
- Admin SDK
- Drive API
- Gmail API
- Calendar API
- Contacts API
- Tasks API
- Groups Migration API
Nearly there! Once all the APIs are enabled, launch the Google Apps Admin Console for your source domain.
Go to 'Security', then to 'Show More', then to 'Advanced Settings' and then finally to 'Manage API client access'. Enter the Client ID you noted earlier into the 'Client Name' field and paste the following into the 'Scopes' field:
https://www.googleapis.com/auth/admin.directory.resource.calendar, https://apps-apis.google.com/a/feeds/emailsettings/2.0/, https://mail.google.com/, https://sites.google.com/feeds/, https://www.google.com/m8/feeds, https://www.googleapis.com/auth/admin.directory.group, https://www.googleapis.com/auth/admin.directory.user, https://www.googleapis.com/auth/apps.groups.migration, https://www.googleapis.com/auth/calendar, https://www.googleapis.com/auth/drive, https://www.googleapis.com/auth/drive.appdata, https://www.googleapis.com/auth/email.migration, https://www.googleapis.com/auth/tasks
Finally, click on 'Authorize' on the right on the 'Scopes' field and an entry for your Client ID and its associated now-accessible APIs will appear. Do this for both the source and destination domains.
If you have not already done so, create a new configuration item by clicking the plus button and then "create a new configuration to get started".
Select the Exchange 2000/2003 SP1+ configuration item.
You should also supply a license key here before you continue. If you do not supply a key you will be able to setup and configure CloudMigrator but will not be able to perform a migration.
To enter this key, hover over the orange gear in the actions column and navigate to "View license" (one icon to the left) and you will be prompted to apply a license. Alternatively, you can click the name of the unlicensed configuration.
Choose Exchange 2000/2003 SP1+ as the migration source and enter your Exchange 2000/2003 SP1+ settings into CloudMigrator and then click next.
- Active Directory Server Address - The hostname or IP address of the Active Directory Server, if in doubt then leave blank and the Exchange Server Address will be used instead.
- Exchange Server Address - The hostname or IP address of your Exchange server.
Click on Advanced Settings to input the remaining settings.
Exchange server details
- Admin Username – Enter the full email address of your Microsoft Exchange admin user.
- Admin Password – Enter the password of the admin user.
- Base URL - The base URL of the Exchange system before any username is added. For example, if the full URL to your Exchange system is https://company.com/exchange, then you should enter "exchange" in here. If in doubt, leave as default.
- Connection Protocol - Select whether to use a secure or unsecure connection. Note that, if using a secure connection then the appropriate SSL certificates must have been setup on the Exchange server. If SSL web access is not enabled to Exchange, then you must specify ‘Default’ for this option.
- Authentication Method - Recommended to leave as Ntlm, unless you know the specific authentication method used.
- Test Username - The username of the account you should have made earlier as a pre-requisite.
Active Directory Details (Pre SP1)
This combination of Active Directory Details are needed when migrating from an Exchange system that has not been updated to Service Pack 1 or above.
- Configuration DN - The DN of the configuration context within the domain.
- Organisation Name - The organisation name of your Exchange organisation.
Active Directory Details (SP1+)
Use this combination of details if you are running an Exchange system updated to Service Pack 1 or above.
- Base DN - The base DN that any searches of the directory will proceed from. You should set this so that all of the users you wish to include for migration are included.
- Search Filter - the LDAP filter that will be used to search for users.
CloudMigrator will now perform a small connection test to verify that the details you have entered are correct. If this fails you may have entered something incorrectly. If you are failing to resolve the issue please contact CloudMigrator Assist via the chat icon.
Select GSuite as your destination platform.
Select where you would like your data to be migrated. If you have purchased GSuite for Business or Google Vault you may want to migrate data directly into Google Vault.
To enable Google Vault for your domain, please see the following article: http://support.google.com/vault/bin/answer.py?hl=en&answer=2584132
Enter information for your GSuite admin account.
CloudMigrator will perform a connection test against your GSuite domain to verify that everything has been entered correctly.
If your GSuite system is brand new or for any reason the users being migrated have not been created in GSuite, CloudMigrator can create your users for you. Simply go to advanced settings, to the user settings section and enable Create Users.
It's now time to add which users you'd like to migrate.
Unfortunately when migrating mail from Exchange 2000/2003 SP1+ you will not be able to use the Get Users button from the actions menu. You can manually import users via a CSV file using the Import Users option or simply add them individually via the plus icon .
At this point you can choose what to migrate for each user, when migrating from Exchange 2000/2003 SP1+ you can migrate mail , contacts , calendars and tasks .
Enter your user's full email address within the Export Name field. If you have already created your GSuite users then you will just need to enter their username. If you would like CloudMigrator to automatically create your GSuite users make sure you also enter your user's given and family names as well as a strong password.
To migrate appointments from calendar resources only the ‘Resource Name’ is needed, ‘Resource Description’ is optional, and ‘Password’ is not required.
When a resource is migrated using CloudMigrator then the ‘Import Name’ becomes the resource ID within GSuite. If resources have been pre-created in GSuite then the resource ID should be extracted from GSuite and specified for the ‘Import Name’. Resource IDs can be found in the GSuite control panel by clicking on a resource name. The ID required is specified in the control panel as ‘Resource identifier’.
CloudMigrator lets you decide how much mail you'd like to migrate to your shiny new GSuite system.
If you are changing your email address as part of the migration you can verify that the domain names are correct here. You can also specify specific address replacements in the respective section of the advanced settings.
For more information on domain and address replacements, see this page.
Before you start your migration, you must supply a license key. If you have not supplied this key in step 2, you can do it now by clicking the bold link in the red bar at the top of the page. If you do not see the red bar then you are already licensed and don't need to worry!
We know that you may want to start your migration in the middle of the night, or over the weekend, but we don't expect you to stay up in order to do so. With CloudMigrator you can decide to schedule exactly when you'd like the migration to occur.
Start the migration.
During the migration process CloudMigrator will report back in real time exactly who is being migrated and the items being processed. All you now need to do is sit back, relax and wait for your migration to complete.
Check the progress of your migration.
Once complete you can download a full report for your migration.
For more information about this page, please visit the summary page.
While the default options are recommended for the majority of users, CloudMigrator gives users the ability to customise their migration experience. The following are the advanced options available to those migrating from Exchange 2000/2003 SP1+.
Exchange Server Details
- Admin Username - The username of the admininstrator user that will be used to extract user information from the Active Directory in order to migrate all users.
- Admin Password - The password of the specified adminstrator account.
- Base URL - The base URL of the Exchange system before any username is added. For example, if the full URL to your Exchange system is https://192.168.176.1/exchange, then you should enter ‘exchange’ in here.
- Connection Protocol - Choose whether to send data over a secure, encrypted connection or an unsecured connection. Note that if using a secure connection then the appropriate SSL certificates must have been setup on the Exchange server. If SSL web access is not enabled to Exchange, then you must specify ‘Default’ for this option.
- Authentication Method - Choose which authentication method to use when authorizing with the exchange server, this will depend on your server configuration but for 2000/2003 the most common options are NTLM and basic authentication.
- Test Username - Specify a username to use when testing connections. For Exchange 2003 this should be the primary SMTP address of a test user. For Exchange 2000 this should be a URL to a users mailbox
- Persist HTTP Connections - Select to re-use HTTP connections when communicating with the Exchange server, rather than establishing new ones.
Active Directory Details
The configuration DN and Organisation name are only required if migrating from Exchange 2000/2003 Pre SP1.
- Base DN - The base DN that will be used for searching for users within the Active Directory. A typical base DN looks like: dc=example,dc=com
- Search Filter - The LDAP filter that will be used to search for users.
- Configuration DN - The DN of the configuration context within the domain.
- Organisation Name - The organisation name of the Exchange organisation.
- Prefix Personal Folders - Prefix migrated items with a 'Personal Folders' label/category when exporting from Exchange if the folder lies outside of the main inbox.
- Ignore Folder Resolve Errors - Ignore '404 not found' errors when resolving Exchange folders. This error is sometimes seen when the Exchange store has become corrupted and can cause a migration to fail. Only turn this on if 404 not found errors have been discovered for a user when resolving the Exchange folders.
- Modify DN-Based Exchange Contacts - This should only be used when migrating from Exchange 2000, and only following instruction from support.
- Category Labels - Apply labels/categories for any category a mail item is migrated from.
- Trace WebDAV Requests - Include all WebDAV requests and responses in the trace file when the trace level is set to 'Trace', essentially this option logs more details about what is happening in the exchange migration.
While the default options are recommended for the majority of users, CloudMigrator gives users the ability to customise their migration experience. The following are the advanced options available to those migrating to GSuite.
- Migration Base URL 1.0 - The base URL for email migration using v1 of the email migration API. This should only be changed for specialized migration scenarios and for normal migrations should not be altered.
- Migration Base URL 2.0 - The base URL for email migration using v2 of the email migration API. This should only be changed for specialized migration scenarios and for normal migrations should not be altered.
- Timeout - The time in milliseconds that the tool has to complete sending a transaction to Google before an error occurs. This should be set high enough so that large amounts of data can be sent (further description is available in ‘Migration Strategies’). If a transaction fails using the provided timeout, it will be re-attempted using a larger timeout. While errors occur this will continue with increasing lengths of timeout, up to the retry count. It is better to set this to a very high value to ensure requests get through.
- Maximum Batch Size - This is the maximum size, in bytes, of a single transaction with the Google servers. Note: The absolute maximum size of any transaction that Google Apps allows is 32MB. Because of the way that messages are created and encoded (XML OR JSON, which is then Base 64 encoded) it is not usually possible to know the exact size of a message until it is created. Messages can be sent in batches, which also make it more difficult to establish the exact size of each transaction. Large batches also increase memory usage significantly and it is recommended that the maximum value of 5MB is used. This setting also has an impact on how long a single message will take to transmit to Google Apps and can therefore affect the requirements for the Timeout setting.
- Maximum Batch Count - The number of items that will be sent in a batch when transferring contacts and calendar items.
- Retry Count - The number of times a transaction with the Google servers will be retried if it fails. Note: A transaction could fail for one of a few reasons. If the transport layer fails, that is a transaction could not get through to the Google servers or the transaction times out, then the transaction will be attempted again until the retry count is met – with an increasing timeout value each time. Another possible reason for failure is that the client is sending too many requests per second. In this case, an exponential backoff system is employed where the tool waits for a period before retying any failed transactions (or parts of transactions).
- Modify Request - Leave at the default unless instructed by support.
- Custom Parameters - Adds custom headers to Google API requests, for debugging only.
- Force Appointment Acceptance - Set this to true to force all appointment recipients' attendance as confirmed.
- Appointment Privacy - Set the visibility of all appointments. Original will use the privacy setting from the source system, while the other settings will override the original setting and set the specified visibility.
- Maximum Attendees - Set the maximum number of attendees for any migrated appointments.
- Default Calendar Timezone - Set the default calendar timezone to use for recurring appointments which have no timezone set in the source system and where the target Google calendar is in UTC.
- Send Individual Events - Send appointment events as individual items rather than as a batch. Performance is slower than in batches, but may help with some rare issues with rate limiting.
- Color Categorized Appointments - If the appointment had a category in the source system, apply a colour to all appointments of that category.
Document Options (File and Attachements)
- Convert Text - Where possible, convert text and word documents to the Google Documents format.
- Convert Spreadsheets - Where possible, convert spreadsheets to the Google Documents format.
- Convert Presentations - Where possible, convert presentations to the Google Documents format.
- Convert Drawings - Where possible, convert drawings (*.wmf) to the Google Documents format.
- Convert OCR - Where possible, convert images using OCR.
- Google Email Migration API Version - Specify the version of the Google Email migration API to use, or whether to use IMAP.
- Archive Inbox EMail - Do not place migrated email from the inbox into the inbox within Google Apps. Instead the email will have a label of 'Migrated Email' applied.
- Apply Inbox Label to Sub-Folders - When a message from the source system was in a folder in the inbox, create the message with both 'Inbox' and 'Folder Name' labels. Set to False to just create the folder label.
- Modify Sent Address - For sent messages, if the sender does not match the email address of the destination account, modify it to match. This is to allow for sent items to display correctly in the Google Apps interface. Default is true.
- Email Transfer Delay - Specify the number of milliseconds to wait between sending messages.
- Maximum Batch Count - Specify the maximum number of messages in a single batch. Specify 0 to let the tool automatically allocate batches. Only applicable for immediate migrations.
- Collection Naming Scheme - When attachments or files are migrated to Google Drive, choose the collection label scheme that will be applied to the migrated documents.
- Folder Name and Collection Label - migrate documents into a collection based on the folder name the attachment or document originated from, and also apply the collection label specified in 'Collection Name'.
- Folder Name - Migrate documents into a collection based on the folder name the attachment or document originated from.
- Collection Label - Migrate documents into a collection specified by 'Collection Name'.
- None - Do not apply a collection label.
- Collection Label - Specify the name of the collection label that will be used when 'Collection Label Scheme' specifies that a collection label should be applied to migrated documents.
- Preserve Modified Date - Attempt to preserve the modified date during a migration.
- Maximum Results Per Request - The limit on the number of results returned when listing files using the Google Drive API.
Team Drive Options
- Team Drive Default Organizers - Optionally, specify a list of existing user email addresses that will be assigned as organizers to Team Drives being migrated to. These organizer accounts will then be used to improve the performance of the migration. In the default case the G Suite admin user account will be used to perform the migration to Team Drives, but specifying multiple users here improves throughput by utlizing multiple organizer accounts simultaneously.
- Team Drive File Permissions - When adding permissions to files within Team Drives choose where these permissions will be applied. Choose from 'File' (the default), 'Root' (where all permissions will be applied on the Team Drive itself and thus inherited down the whole tree) or 'None' (no permissions will be applied)
- Team Drive Folder Permissions - Team Drive folders cannot directly have permissions. Choose whether to apply permissions that apply to folders from the source at the root of the Team Drive, or not at all.
- Team Drive Same Domain Migration Operation - When migrating from a Google Drive folder into a Team Drive choose whether to copy the files, or to move them. Note in the case of a move, the skeleton folder structure of the source folder will remain.
- Check Users/Resources/Groups Exist - Set this to false if you do not want to check if users, groups or resources exist in Google Apps (useful for testing exporting without creating accounts in Google Apps).
- Create Users/Resources/Groups - If users, groups or resources (supported source systems only) are not present within the Google domain, create them. If users have not been pre-created within the Google system then this can be set to true to have the migration tool create the users. If the users have not been pre-created and this is set to false then the migration process will fail. Note: Setting this to true requires that the Admin SDK is enabled for the Google domain and also that all details are provided for each user, including name, given name, family name and password. Failing to provide any of these details will cause the creation process to fail for that user. It is generally recommended that users are pre-created in the Google domain before processing with the tool. For resources and groups, only the Resource/Group Name (and Import/Export Names) are required.
- Change Password On Login - Force users to change their password on next login.
- Migrate to 'My Contacts' - Migrate personal contacts to the 'My Contacts' group rather than only to 'All Contacts'.
- Send Individual Contacts - This should generally be left to true, while slower than batch importing its much more reliable.
- Explode Message Labels - By default, if an email message is contained within a folder structure the label applied to that message will be the same as the folder structure (e.g. 'Personal Folders/My Folder/My Other Folder'). Setting this option to true will create a label for each of the folders (e.g. for the case described, labels of 'Personal Folders', 'My Folder' and 'My Other Folder' will be applied).
- Create Sub Labels - Create all sub-labels for labels within a message. For example, if a message has the label 'toplevel/midlevel', create both 'toplevel' and 'toplevel/midlevel' labels. This is specifically designed for use with nested labels.
- Multi-Server Drive Migration - Use distributed locking to allow for Drive migrations to be performed from multiple servers. This can be disabled if using only one server for migration.