To migrate Internet mail, you must have Exchange Recipient Admin rights and Exchange Impersonation rights on the computer that is running Microsoft Exchange Server 2007 that has the Client Access server role installed. The Microsoft Transporter Suite for Internet Mail uses Exchange Web Services in Exchange 2007 to migrate information. Exchange Web Services requires Exchange Impersonation rights to open mailboxes during the mail migration process.
Setting Exchange Impersonation
To set Exchange Impersonation rights, use the Add-ADPermission Exchange Management Shell cmdlet. This task can be used to set Exchange Impersonation rights on a single Client Access server or on all Client Access servers in your topology. For more information, see Add-ADPermission.
Setting Exchange Impersonation Rights on a Single Client Access Server
If you do not want to set Exchange Impersonation on all Client Access servers, you can set Exchange Impersonation on a single Client Access server. If you set Exchange Impersonation on a single Client Access server, you must use this server for the migration.
Use the following command to set Exchange Impersonation rights on a single Client Access server:
Add-ADPermission -Identity {Your Client Access
server name} -User {Your Identity, such as Domain\Administrator}
-extendedRight ms-Exch-EPI-Impersonation
Setting Exchange Impersonation Rights on All Client Access Servers
You can set Exchange Impersonation rights on all Client Access servers. This is useful if you do not want to use a specific Client Access server for the migration.
Use the following command to set Exchange Impersonation rights on all Client Access servers:
Add-ADPermission -Identity
(get-exchangeserver).DistinguishedName -User (Get-User -Identity
User1 | select-object).identity -extendedRight
ms-Exch-EPI-Impersonation
Identifying a Client Access Server for Migration
Because Exchange Impersonation rights on a Client Access server are required for migration, it is important to know which Client Access server the Microsoft Transporter Suite for Internet Mail will use. The migration tool will use Exchange Autodiscover to find the nearest Client Access server. However, if you set Exchange Impersonation on a single Client Access server only, you may specify that Client Access server by using the Specify Client Access Server option when you migrate mailboxes by using the Transporter Management Console.
Using Full Access
You can use the Exchange Management Shell cmdlets for the Microsoft Transporter Suite for Internet Mail to migrate mailboxes by using an account that has been granted Full Access permissions to the target mailboxes without setting Exchange Impersonation. You can do this by using the -UseDelegate parameter in the Move-IMAPMailboxToExchange and Move-POPMailboxToExchange cmdlets. This is useful when you are migrating mailboxes that are linked to accounts in an external forest, or if you cannot set Exchange Impersonation. For more information, see How to Allow Mailbox Access.
For more information, see Move-IMAPMailboxToExchange Cmdlet and Move-POPMailboxToExchange Cmdlet.