Bevor I start writing this Article, I want to mace clear, I don’t get paid for this Post from the Quest company. The oppinion and expirience about the Quest On Demand E-Mail Migrator are mine.


A few days ago I had to go for a workshop to one of our customers. This customers infrastructure is a part of a huge shared IT organization and the workshop I have been was about the project that this company gets theyr own Organization with theyr own Active Directory and Exchange environment.

From my point of view the scenario was easy. The Active Directory will be migrated by using the ADMT Toolkit from Microsoft. So all users will be migrated including theyr SID-History and on the new Organization Site, there is an Office 365 Tenant with Exchange online ready. The authentification we are using in the new organization is Pass through and for the migrated Users we have enabled the Mailboxes in Exchange online.



However, let us have a look Sepp by stepp how this project can become an easy success story:

The first thing we need to do is to migrate the User Accounts from the old Forrest to the new one:

As we can see in this picture we have the old (green) Forrest and a new (purple) one. The Quest and Office 365 site is not so important at this moment now.

In the second Stepp, after we have migrated all Users to the new Forrest, which is not connectet anymore to the old environment, we need to create Mailboxes in on the Office 365 Tenant in Exchange online:

Now I had to think about, how to migrate the Content of the old (on-premise) mailboxes to the new (Exchange online) Mailboxes. There are many ways how this can be done. However, I have decided to use the Quest On Demand Migrator for E-Mail. This Tool uses the EWS interface, to migrate the mail content.

An easy way to show how that look’s like, we can see on the following picture:

as we can see, the Quest On Demand Migrator is a Cloud service. Here we need to configure Permissions from the Source Destination and the Target Destination.



Bevore we can start with the configuration of the Quest migrator, we have to prepare the Source and Target Sites, that the Migrator will be able to get the information for the Migration.

The first Stepp is, to create on the Source Site an Application Impersonation. This can be done easily by using PowerShell. For that we have tree scope options:

  • User OU only
  • Ressource OU only
  • User and Resource OU

It always depence how the source Domain is configured. In my example the PowerShell commands was looking like this:

User OU

New-Managementscope –Name "MSB365-Scope-Users" -RecipientRestrictionFilter { (Distinguishedname -like "*,OU=Standard_W7,OU=Employees,OU=abstergo,OU=CUSTOMERS,OU=msb,DC=go,DC=msb365,DC=ch") }

Resource OU

New-Managementscope –Name "MSB365-Scope-Resources" -RecipientRestrictionFilter { (Distinguishedname -like "*,OU=Resources,OU=Employees,OU=abstergo,OU=CUSTOMERS,OU=msb,DC=go,DC=msb365,DC=ch") }

User and Resource OU

New-Managementscope –Name "MSB365-Scope-UsersandResources" -RecipientRestrictionFilter { (Distinguishedname -like "*,OU=OU=Standard_W7,OU=Employees,OU=abstergo,OU=CUSTOMERS,OU=msb,DC=go,DC=msb365,DC=ch") -or (Distinguishedname -like "*,OU=Resources,OU=Employees,OU=abstergo,OU=CUSTOMERS,OU=msb,DC=go,DC=msb365,DC=ch") }


The next Stepp we need to do is to prepare the Office 365 Tenant. However, on the Tenant Site we also need an Application Impersonation for the same reason. To be able to do that, we also can use Powershell for that. So we start the Windows PowerShell Window and edit the Execution Policy. This has to be set to “Unrestricted”. This we can do with the following command:

Set-ExecutionPolicy Unrestricted

As you can see in the Picture below, we will get asked if we really want to do that.

The next Stepp is, that we have to connect to the Office 365 Tenant by using PowerShell. Here we use the following command to take our credentials in a Variable:

$LiveCred = Get-Credential

Now we can prepare the Session by using this Command:

$Session = New-PSSession –ConfigurationName Microsoft.Exchange –ConnectionUri -Credential $LiveCred –Authentication Basic –AllowRedirection

and Import it by using this command:

Import-PSSession $Session

So far, so good. Now we are connected to the Office 365 Tenant, or better to say to our Exchange online. Before wa are able to create the Application Impersonation in Exchange online, we nees to enable the Organization customization. This we can do by using the following command:


After running this command, we will need to wait a moment till thiss wil be done successfuly. After that, we finaly are able, to create a new management role assignment. However, to do that we need to know which Role we need for that and for which User we want to do that. The Role is the Application Impersonation and the user is the privilegated Migration user. So the PowerShell command can look like this:

New-ManagementRoleAssignment –Role ‘ApplicationImersonation’ –User [email protected]

If this was successful, the precuels for the Migration are done.


Configuring Quest On Demand Migrator

The first thing we have to configure on the Quest migrator is the Source Connection. in my case I have set the credentials, which are shown in the picture below:

As we can see, we need to enter the EWS path and the privilegated Admin account, whe have made the Impersonation for. After entering all credentials, we hit the “Test Connection…” button, and if all is fine, we can continue with the next Stepp.


If the Source is configured successfuly, we continue with the Target. However, here we user “Microsoft Office 365” as System and enter the Tenant Administrator credentials. As example we can see the picture below:

Here it is the same like by the Source configuration. We need to thest the connection by hitting the “Test Connection…” button and if this test also will be successful, we can continue with the next stepps.


Adding Mailboxes

There are multiple ways, to choose which Mailboxes should be migrated. One way is to enter each Mailbox in the field here:


Or we can also use a TSV File with all Mailboxes for the Migration. However, this fils sould look like this example:


However, the best and easyest way to get the information we have prepared in the begining of this Article by creating the Application Impersonation. This helps us to get all Mailboxes in the right OU to migrate it to Exchange online. In this way we also don’t need a source Password of the User Mailboxes.


Setting Migration configuration

The next Stepp we have to follow is to decide, what and where wa want to migrate. As we can see on the Top under “3 Options” there are five Tabs called “Source” “Target” “Outlook Profile” “Notification” and “Advanced”.

We start with the first Tab “Source”:

Here we can select all Items, we want to be migrated and which not.

The windows lokks like this:

If we select the option “Migrate from personal archives” the Source Mailbox will not be migrated. If this option is set, the Quest migrator will only migrate the personal archive from the Source Mailbox to the Target.

The next option is “Email”, here we can make the settings for the normal Mailbox migration. As we can see, there is no more detailed description needed. We simply set the options, we want to migrate…


After we have set the options, we want to migrate, we can scrol abit down and here we find the options “Migrate Permissions” and “Forwarding”

If we have a closer look to “Migrate Permissions” we see the following two options:

  • Delegates
  • Folder Permissions

This options are for the maching between the source and target users and groups. The Forwardings are optional and it explanes by it self what they are for.

If we continue now to the next Tab “Target” we see only one option we are able to set:

If we chose this option, the whole content from the source Mailbox will be migrated to the personal archive in the Target mailbox instud of the Target inbox.


In the next Tab “Outlook Profile” we can configure if we want to migrate the Outlook profile to. for more information about this option, I recommend you the Quest Documentation.

The next Tab is about “Notification”.

The Quest Migrator gives us the opportunity to inform our users when theyr Mailbox is successfuly migrated. We can send a Message to the Source and/or Target Mailbox. As well we can decide what the user see, from whom the neotification is comming. The options we can set are:

  • Sender Display Name
  • Sender E-Mail Address
  • Subject
  • Message Text
  • Destination (Source Mailbox / Target Mailbox)

This is very helpful to automatisate steps and user information. So they know, exactly when their Mailbox is ready. In the picture below we can see, how this option looks like:

The last Tab in the “Option” category is named “Advanced”.

This option is very usefull, we are able to set the maximum number of concurrent migrations and as well the maximum size of the Messages which has to be migrated.

This makes then sence when the internet connection is not fast or we are migrating a Company which has high size E-Mails (e.g. a Graphic company).



After we have made all settings for the migration, we go to the third Main Chapter “Migrate” ant the first thing we see, is a overview about all Mailboxes which has to be migrated:


Now we can start the migration and the Status of the Mailboxes will be changed from “Created” to “Queued” and than to “in Progress”:

We are allways able to see the current status about the Errors, Processed Items, Est. Items and Procentage of the Job by Mailbox. As well we can see the realtime Logfile of the whole migration progress:


In the end when a Mailbox is migrated successfuly the status will change to “Completed” and the User will receive the earlier configured notification:



As I have written in the very begining in this article, I did not get paid for this article. However, as I have used this Quest product for the first ime I had realised how easy to use it is. In an other article on my Blog I have described other migration paths with on-board tools. However, for a “Click and dirty” migration this one is one of the fastest ways. Depending about the amoutn of the Mailboxes which has to be migrated, the price per Mailbox to migrate is by around 8 € – 12 €. If we count the time it needs to build the whole Migration environment, which takes approx. 2-3 hours, this is a good price. Another positive point is, that there is no installation in the source or target organization needed.

I for my site will be using this tool more oftern in the future.


Photo by Anastasia Dulgier on Unsplash