Recently, I needed a somewhat automated way import PST files (gathered from an on premise Exchange 2010 SP3 environment) to mailboxes in Office 365. Though importing through PowerShell was somewhat appealing, it also was not appealing. Instructing the users or the help desk group to manually import each PST via Outlook drew a similar reaction. I had heard of Exchange PST Capture but had never used it. However, it seemed like it would be a much more elegant way of performing bulk PST imports. Prepping a machine for PST Capture was a chore but once all was set up it worked smoothly.
The biggest challenges with this project were:
- Getting the machine ready for the PST Capture Console;
- Dialing in permissions to import PSTs (both on premise and in Office 365); and
- Locating the Office 365 server.
PST Capture Console…
Requirements for the PST Capture console weren’t necessarily difficult but they were not anticipated for sure. We used a Windows 7 with SP1 VM that had a single CPU and 4GB of RAM. If importing PSTs to an on premise Exchange server, the console requires the Exchange environment to be 2010 or 2013. And if importing to the cloud, a subscription to Office 365 Exchange Online is required.
In general, the PST Capture console machine requires:
- Windows 7 or 8; or Windows 2008 R2 or newer (NOTE: Must be 64-bit)
- 4 GB of memory
- .NET Framework 4.5;
- PowerShell 3.0 (which is found in Windows Management Framework 3.0); and
- NOTE: Make sure you select the correct WMF 3.0 version for the OS on the PST Capture console
- The 64-bit version of Outlook 2010.
- NOTE: The 64-bit version of Outlook 2010 is only required on the machine running PST Capture and not any other workstations
- NOTE: I have tested with both the SP1 and SP2 versions of Office 2010 for this scenario
I created a “PST Admin” account on premise (with a mailbox) to handle the migration for both internal and cloud-based PST migrations. For importing of PST files into an on premise Exchange environment, the PST admin account needs only to have AD domain user rights by default (domain admins, enterprise admins and schema admins membership is not required). The account must be assigned as a member of the ‘Organization Management’ and ‘Public Folder Management’ groups (performed through ADUC) along with having the ability to import PST files into any mailbox. We will need to assign a new role to allow PST import/export access of all on premise mailboxes. To perform this new role assignment, I issued the following command via the Exchange Management Shell (EMS)…
New-ManagementRoleAssignment -Role "Mailbox Import Export" -User "PSTAdmin"
Additionally, I provided access for the PST admin to all mailboxes in the mailbox database by issuing this command…
Get-MailboxDatabase -Identity “Mailbox DB 1” | Add-ADPermission -User "PSTAdmin" -AccessRights GenericAll
Permissions on the PST Capture Console Machine…
With the basic permissions set for importing to an on premise mailbox, I needed to perform a couple of tasks on the PST Capture console machine itself. First, I assigned the PST Admin account local admin rights to the machine and second created an Outlook profile to access the mailboxes. If the second is not performed an error will be generated when attempting to import a PST that the destination mailbox is not accessible.
Permissions for Importing PST Files into Office 365…
To import PSTs into mailboxes in Office 365, similar permissions need to be set up for accessibility. In my scenario I used the existing Office 365 tenant admin. Within the Exchange Admin Center of Office 365, I created a new admin role named “Migration Management” and assigned the roles of “ApplicationImpersonation” and “Mailbox Import Export” for my O365 admin.
These permissions can also be set by connecting to the O365 tenant utilizing the Windows Azure Active Directory Module for Windows PowerShell (WAAD). Azure AD PowerShell can be installed on any administrative workstation or server but for this scenario I installed in on the PST Capture console workstation. Open Azure AD PowerShell as administrator and run the following commands to connect to the O365 tenant…
This command will help us to run the necessary PowerShell scripts without restriction…
This command caches our O365 credentials for the duration our session is open. You will be prompted to enter your O365 credentials. It will be important to note that these credentials should be an assigned global administrator in the O365 tenant.
$CRED = Get-Credential
This command caches the command to bring the remote session to our desktop session…
$SESSION = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $CRED -Authentication Basic -AllowRedirection
This command uses the information from the cached commands above to bring the remote session to the desktop…
Now that we are connected to our O365 tenant via a remote PowerShell session, let’s make the necessary assignments to import a PST into mailboxes in O365. Run this command to allow the O365 account that will be used to import PST files with impersonate an application for access to the mailboxes…
New-ManagementRoleAssignment -Role "ApplicationImpersonation" -User Admin
Run this command to allow the O365 account that will be used to import PST files with to allow access to import and export data to and from the O365 mailboxes…
New-ManagementRoleAssignment -Role "Mailbox Import Export" -User Admin
Now, we should be good to proceed with the installation of PST Capture.
Install PST Capture…
To import PSTs we need to install PST Capture on the machine that has been defined above. First, logon to the PST Capture console as the PST Admin. Next, download PST Capture and its associated agents. Then, run PSTCapture.msi (11.2 MB) to install. Select the default options with the exception of the service account; enter the credentials of the PST admin. At this point, I recommend a restart of the machine.
Install PST Capture Agent…
For each source machine that may potentially have a PST file, we can install the agent manually; or we can install via group policy (or any other method you choose). Be aware that there are two versions of the agent:
- PSTCaptureAgent.msi (632 KB) is the 64-bit OS version
- PSTCaptureAgent_x86.msi (616 KB) is the 32-bit OS version
Install the agent on any machine that you suspect will have PST files it. You will need to enter the name of the “PST Central Service host computer” (aka PST Capture console) and the port used by default is 6674. I recommend using the FQDN of the PST Capture console and ensuring that the inbound and outbound ports are open for the PST Capture console and the machines with the PST Capture agents installed.
NOTE: If you decide to use a port other than 6674 after the agents have been installed, each agent will need to be removed and the “Microsoft Exchange PST Capture Service” service on the PST Capture console must be restarted.
Finally, we can begin the import process. To import PSTs into a mailbox in Office 365 we needed to know (or find out) a couple of details:
- One is the username and password of the Office 365 account we will be using to import PSTs (Hint: It was configured earlier in this article); and
- The other is the name of the Office 365 server.
In previous versions of Office 365, the name of the server was very specific and somewhat troublesome to identify. However, for the current version of Office 365 (Wave 15; released Feb 2013), the server name that we will use is outlook.office365.com.
Once we have this information, open PST Capture (while signed on as PST Admin) to modify the Online Connection settings. From the toolbar, click Tools > Settings. The first option is Online Connection Settings. Enter the O365 username and password. Make certain that “Grant delegate access to this mailbox” checked. Next, enter the O365 server name. Do not include “https://” or anything after .com (e.g. /owa). Check the box to confirm it is an Office 365 server. Finally, click “Check”. This “Check” will validate connectivity to Exchange Online.
Now, create a new PST search to locate PST files on the machines with agents, then click Search All Now.
NOTE: If the target machine does not show that an agent has been detected, or if the computer icon is represented with a red screen, double check that the agent is installed and that the ports are open between it and the PST Capture console.
When the search has completed, select a PST that will be imported into O365 and click New Import List > Cloud Import List.
In the import list, select the link “Set Mailbox” (in the Destination Mailbox column). If all is configured properly, a list of target mailboxes in Exchange Online should appear. Select a destination mailbox, click OK.
Finally, click Import All Now to start the import of PST files into the target O365 mailboxes.
One big caveat that I discovered is that each machine you would like to scan for PSTs must have .NET Framework 4.5 installed and the PST Capture agent. If you have all PST files consolidated into a single repository you will only have one machine to worry about. However, if you have thousands of machines that may potentially have PSTs on them, System Center or group policy will most likely be the best method to install the prerequisite applications.