May 12 2020
09:22 PM
- last edited on
Feb 01 2023
11:49 AM
by
TechCommunityAP
May 12 2020
09:22 PM
- last edited on
Feb 01 2023
11:49 AM
by
TechCommunityAP
Hi everyone,
We have an account (Office 365 Migration User) which is used by Exchange and Exchange Online to do mailbox migrations. However this account seems to have every admin permission in existence--which seems to be a bit much for what it does.
Can you please advise and determine exactly what level of permissions this account should have? Do I have any clarifications may need for each group members? To reduce as much as possible this user's rights to.
Get-ADPrincipalGroupMembership -Identity O365MigUser | select Name
Name
----
Domain Users
Exchange Servers
Exchange Organization Administrators
Exchange Public Folder Administrators
Exchange Recipient Administrators
Exchange View-Only Administrators
Exchange Trusted Subsystem
Exchange All Hosted Organizations
Exchange Windows Permissions
Migration Admin
Domain Admins
Enterprise Admins
Exchange Domain Servers
Exchange Admins
Exchange Install Domain Servers
Exchange Services
Exchange Enterprise Servers
CSUserAdministrator
May 16 2020 02:20 AM
@HungNguyen142112 Here is the article that lists the permissions required for least privileges: https://docs.microsoft.com/en-us/Exchange/permissions/feature-permissions/recipient-permissions?redi...
May 20 2020 11:19 PM
thank you - @Joe Stocker
But can you please advise more details about that, we saw many reference link inside this article and would not find my answer herein, unfortunately.
May 21 2020 11:27 AM
@HungNguyen142112 see attached detailed instructions for creating least privilege migration accounts
May 31 2020 07:54 PM
That's great.
I am reading through your guide. Hopefully can help me out.
Thanks a lot.
Jun 10 2020 02:35 PM