Set up the data migration service

4. Prepare your legacy environment

After you set up your Google Workspace domain and TLS certificate, make sure that your legacy system is set up correctly.

Set up your legacy system 

Open all   |   Close all

Exchange Online (Office 365)
  1. Sign in to your Google Admin console.

    Sign in using an account with super administrator privileges (does not end in @gmail.com).

  2. From the Admin console Home page, go to Data migration.
  3. Click Set Data Migration Up.
  4. Under Migration Source, select Microsoft Office 365.
  5. Select your data type and click Authorize.
  6. Enter or select your Exchange Online administrator email address, enter your password and click Sign in. Then, click Accept after reviewing the permissions.
  7. Click Start.
Exchange 2007 or later

Applies to Microsoft Exchange Server 2007, 2010, 2013, and 2016.

You need to

  • Open EWS ports on your legacy server.
  • Set up the role account. 

You need to grant your role account impersonation rights (not delegation permission). For detail on impersonation rights, refer to your Microsoft documentation.

Recommendations

  • Test your Exchange server connectivity with the Microsoft Remote Connectivity Analyzer.
  • If you're an Exchange user, verify the EWS setup and point a browser to the EWS URL. If the EWS setup is correct, your browser displays a sign-in page.
  • Ensure your server gets connections from Google IP address ranges.
  • Verify your UPN. You might need to modify the UPN if you see an authentication error.
IMAP server

Applies to Exchange 2003 or earlier, webmail providers, such as Yahoo!, and other IMAP servers.

You need to

  • Choose a role account—When migrating from an IMAP webmail server, the Google Admin console prompts you to enter the username and password of your legacy environment role account. This is an account on your mail server. The data migration service uses it to test connectivity to your mail server. See Role account.  
  • Google IP address ranges—Ensure your server connects to Google IP address ranges.

If required, see the additional setup steps for migrations from HCL Domino or Gmail.

Existing Google Workspace account

Applies to an existing Google Workspace account. If you selected the Gmail migration option, see Personal Gmail account instead.

You need to

  • Turn IMAP on for users. Learn more
  • Generate an app password for the data migration service, if you have 2-Step Verification or single sign-on (SSO) enabled. You'll use it later in the Google Admin console when you’re migrating mail. Learn more

Your users need to

  1. In their old Google Workspace account, sign in to Gmail.
  2. In the top corner, click Settings ""and thenSettings.
  3. Click Forwarding and POP/IMAP.
  4. Under Folder size limits, select Do not limit the number of messages in an IMAP folder (default)
  5. Click Save changes.
  6. Click Labels.
  7. Make sure that any label that needs to be migrated has the Show in IMAP box checked.
Personal Gmail account

Applies to personal Gmail accounts (ending with @gmail.com or @googlemail.com)

Note: You can use this option when migrating from an existing Google Workspace account, but you have to authorize each source user separately. Therefore, it isn't recommended.

Your users need to

  1. In their old Gmail account, sign in to Gmail.
  2. In the top corner, click Settings ""and thenSettings.
  3. Click Forwarding and POP/IMAP.
  4. Under Folder size limits, select Do not limit the number of messages in an IMAP folder (default)
  5. Click Save changes.
  6. Click Labels.
  7. Make sure that any label that needs to be migrated has the Show in IMAP box checked.

Gmail users must also allow the data migration service access to their account. You'll complete this step later when you Migrate email to Google Workspace.

HCL Domino

Applies to HCL Domino IMAP server (Domino version 8.5.2 and later)

Step 1: Prepare your mail files and users for IMAP access

  1. In the Person document for each user whose mail you want to migrate:
    1. Set the Format preference for incoming mail to Prefers MIME
    2. Ensure that all users you want to migrate have an Internet password set in their Person document.

      The data migration service and Domino IMAP service use these passwords for authentication.

  2. Enable HCL Notes views for IMAP and folder synchronization.
  3. Run the Domino Compact and Fixup tasks against your mail databases.

    This step ensures that the On Disk Structure is correct for each database. It also verifies the integrity of the mail prior to the conversion process.

  4. Run the mail conversion utility (the Convert task) to enable IMAP-specific features in each mail database.

    The conversion utility sets an option bit in the database indicating that the database is IMAP-enabled.

  5. Run the conversion utility a second time using the -h option.

    This step adds IMAP attributes to messages that are already in the mail database at the time of the initial conversion.

  6. When the conversion process has completed, verify the "Database is IMAP enabled" message appears in the database properties.

Step 2: Obtain and install a third-party TLS certificate

Set up TLS using a third-party certificate authority on your Domino server. Refer to your HCL documentation for instructions.

Step 3: Enable and start the Domino IMAP server

  1. Open the mail server's configuration document in the Domino directory:
    1. Click MIMEand thenConversion Options.
    2. Select Outbound.
  2. In the Message content field, select from Notes to HTML.
  3. To open your server document in the Domino directory, click Portsand thenInternet Portsand thenMail.
  4. On both the TCP/IP and TLS ports, enable the IMAP service.
  5. Ensure your firewall allows traffic to flow on ports 143 and 993.
  6. If the IMAP service doesn't automatically load when you start your Domino server, open your server console and enter: load imap.

Next step

Follow the steps in Migrate email to Google Workspace.

Recommendations

  • Run a test migration before migrating data. 
  • Ensure your server gets connections from Google IP address ranges.
  • For details on setting up your Domino server, consult your Domino documentation.

Google, Google Workspace, and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.
Was this helpful?
How can we improve it?

Need more help?

Sign in for additional support options to quickly solve your issue