Set up the data migration service

4. Prepare your legacy environment

Once you set up your G Suite domain and TLS certificate, make sure that your legacy system is set up correctly.

Set up your legacy system 

Microsoft Office 365 or Exchange 2007 or later

Applies to Microsoft® Office 365®, Exchange 2016, 2013, 2010, and 2007.

You need to

  • Open EWS ports on your legacy server.
  • Set up the role account. If you are using Office 365, see below for more about the role account.

You also need to grant your role account impersonation rights (not delegation permission) to your role account. The role account for Office 365 must have impersonation rights for all the email accounts you want to migrate. We recommend you use the administrator account, which comes with impersonation rights. For detail on impersonation rights, refer to your Microsoft documentation.

Recommendations

  • Test your Exchange server connectivity with the Microsoft Remote Connectivity Analyzer.
  • If you're an Exchange user, verify the EWS setup and point a browser to the EWS URL. If the EWS setup is correct, your browser displays a sign-in page.
  • Ensure your server gets connections from Google IP address ranges.
  • Verify your UPN. You might need to modify the UPN if you see an authentication error.
IMAP server

Applies to Exchange 2003 or earlier, webmail providers, such as Yahoo!®, and other IMAP servers.

You need to

  • Choose a role account—When migrating from an IMAP webmail server, the Google Admin console prompts you to enter the username and password of your legacy environment role account. This is an account on your mail server. The data migration service uses it to test connectivity to your mail server. See Role account.  
  • Google IP address ranges—Ensure your server connects to Google IP address ranges.

If required, see the additional setup steps for migrations from IBM Domino or Gmail.

Existing G Suite account

Applies to an existing G Suite account

You need to

  • Enforce access to less secure apps for all users in your source G Suite account. We recommend that you disable less secure apps once the migration is complete. You should not enable access to less secure apps on your target G Suite account. Learn more
  • Turn IMAP on for users. Learn more
  • Generate an app password for the data migration service, if you have 2-Step Verification or single sign-on (SSO) enabled. You'll use it later in the Google Admin console when you’re migrating mail. Learn more

Your users need to

  1. In their old G Suite account, sign in to Gmail.
  2. In the top corner, click Settings Settings and then select Settings.
  3. Click Forwarding and POP/IMAP.
  4. Under Folder size limits, select Do not limit the number of messages in an IMAP folder (default)
  5. Click Save changes.
  6. Click Labels.
  7. Make sure that any label that needs to be migrated has the Show in IMAP box checked.
Personal Gmail account

Applies to personal Gmail accounts (ending with @gmail.com or @googlemail.com).

Your users need to

  1. In their old Gmail account, sign in to Gmail.
  2. In the top corner, click Settings Settings and then Settings.
  3. Click Forwarding and POP/IMAP.
  4. Under Folder size limits, select Do not limit the number of messages in an IMAP folder (default)
  5. Click Save changes.
  6. Click Labels.
  7. Make sure that any label that needs to be migrated has the Show in IMAP box checked.

Gmail users must also allow the data migration service access to their account. You'll complete this step later when you Migrate from Gmail to G Suite

IBM Domino

Applies to IBM® Domino® IMAP server (IBM Domino version 8.5.2 and later)

Step 1: Prepare your mail files and users for IMAP access

  1. In the Person document for each user whose mail you want to migrate:
    1. Set the Format preference for incoming mail to Prefers MIME
    2. Ensure that all users you want to migrate have an Internet password set in their Person document.

      The data migration service and Domino IMAP service use these passwords for authentication.

  2. Enable IBM Notes views for IMAP and folder synchronization.
  3. Run the Domino Compact and Fixup tasks against your mail databases.

    This step ensures that the On Disk Structure is correct for each database. It also verifies the integrity of the mail prior to the conversion process.

  4. Run the mail conversion utility (the Convert task) to enable IMAP-specific features in each mail database.

    The conversion utility sets an option bit in the database indicating that the database is IMAP-enabled.

  5. Run the conversion utility a second time using the -h option.

    This step adds IMAP attributes to messages that are already in the mail database at the time of the initial conversion.

  6. When the conversion process has completed, verify the "Database is IMAP enabled" message appears in the database properties.

Step 2: Obtain and install a third-party TLS certificate

Set up TLS using a third-party certificate authority on your Domino server. Refer to this IBM Technote.

Step 3: Enable and start the Domino IMAP server

  1. Open the mail server's configuration document in the Domino directory:
    1. Click MIME and then Conversion Options.
    2. Select Outbound.
  2. In the Message content field, select from Notes to HTML.
  3. To open your server document in the Domino directory, click Ports and then Internet Ports and then Mail.
  4. On both the TCP/IP and TLS ports, enable the IMAP service.
  5. Ensure your firewall allows traffic to flow on ports 143 and 993.
  6. If the IMAP service doesn't automatically load when you start your Domino server, open your server console and enter the load imap command.

Recommendations

  • Run a test migration before migrating data. 
  • Ensure your server gets connections from Google IP address ranges.
  • For details on setting up your IBM Domino server, consult your IBM Domino documentation.
Was this helpful?
How can we improve it?