New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ImapSync to Exchange 2016 (authuser2) #136

Open
gbennett68 opened this Issue May 23, 2018 · 5 comments

Comments

Projects
None yet
3 participants
@gbennett68

gbennett68 commented May 23, 2018

Having issues authenticating to Exchange 2016 with authuser2. Here is my syntax:

.\imapsync.exe --host1 oldmail@local.com --user1 test@external.com --password1 ****** ^
--host2 newmail@local.com --authuser2 admin@local.com --user2 test@local.com --password2 ****** ^
--automap --exchange2 --delete2 --expunge2 --delete2folders --disarmreadreceipts

No matter what, I get:
Host2 failure: Error login on [newmail@local.com] with user [test@local.com] auth [PLAIN]: 2 NO AUTHENTICATE failed.

Here is what I have done/tried:

  • Added admin full rights on test mailbox
  • IMAP4 is enabled on newmail
  • Set IMAP4 logon method to basic (plain text)
  • Tried all sorts of syntax variations from FAQ.Exchange.txt
  • Made sure passwords are okay (FAQ.Passwords_on_Windows.txt)

Everything works great if I sync with the test users password (not using authuser2).

@gbennett68

This comment has been minimized.

gbennett68 commented May 23, 2018

NOTE:
Installed on CentOS 7, with same result.

@gilleslamiral

This comment has been minimized.

Member

gilleslamiral commented May 23, 2018

No one reported me that authenticate on 2016 with --authuser2 works. Try the other syntax.

https://imapsync.lamiral.info/FAQ.d/FAQ.Exchange.txt

  imapsync ... --user2 "domain\admin2\user2" --password2 adminpassword2 ...
or 
  imapsync ... --user2 "admin2@domain\user2" --password2 adminpassword2 ...

where "domain" is set be the user's UPN in Active Directory
or the NETBIOS or DNS name of the domain.

The exact format might vary depending on local configuration and you
should experiment with the different formats.

Maybe the Office365 item can help:

Q. How to migrate from or to Office 365 with an admin/authuser account?

Note from Yago Torres Fernandez:
(a working command using admin/authuser on host2 Office 365)

  imapsync ... --authuser2 user_admin@domain.com --user2 user_to_be_migrated@domain.com  ^
               --password2 XXXX --ssl2  ^

but previous in Office365 you must do something like that, using powershell:

  Add-MailboxPermission -identity user_to_be_migrated@domain.com -user user_admin@domain.com -accessrights fullaccess -inheritancetype all

PLAIN authentication is the only way to go with --authuser1 for now.
So don't use --authmech1 SOMETHING with --authuser1 admin_user,
it will not work.
Same behavior with the --authuser2 option.

Note from Martin Paulucci:
I had to remove the domain part for the user
but not for the admin.  Example:

  imapsync ... --authuser2 user_admin@domain.com --user2 user_to_be_migrated

See also:
http://www.linux-france.org/prj/imapsync_list/msg02203.html

@gbennett68

This comment has been minimized.

gbennett68 commented May 23, 2018

Hi Gilles,
Thanks for getting back to me.
Unfortunately, none of those combinations seem to work.

@MolallaComm

This comment has been minimized.

MolallaComm commented Jun 13, 2018

I can confirm that this does work with exchange 2016 - the key is to not use the built-in Administrator account which Microsoft seems to have blocked access to in imap. I'm doing a zimbra->exch2016 migration and this works:

root@ubuntu:~# imapsync --host1 zimbra -port1 993 --user1 account@domain.com --authuser1 admin --password1 'adminpw' --ssl1 -host2 exch2016 -port2 993 --user2 account@domain.com --authuser2 accountwfullaccess@domain.com --password2 'accountwfullaccesspw' --ssl2

The admin account you use needs to have full access to the account(s) you want to sync which you can setup in the gui or via powershell and again - don't use administrator@domain.com - as that will never work because IMAP LOGIN is disabled for that account apparently under all circumstances.

@gbennett68

This comment has been minimized.

gbennett68 commented Jun 13, 2018

Hi MolallaComm,
Yes, that appears to have worked; thanks for the tip.
I have been delaying cut-over because I have been relying on senior users to sync their own email. This will really help a lot.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment