Featured Post

How the Sumatra Double-Booking cmdlet works

Free license through 2017 if you qualify and contact us . First: you can always get help at the PowerShell prompt with: get-help Get-suDo...

Wednesday, December 10, 2008

Migrating Oracle Calendar Permissions to Exchange Part 2 DIY

So you want to migrate from OCS to Exchange and you can handle your own data migration (i.e., you don't want live meetings or recreated recurrence patterns) but you still want to migrate permissions.

We'll tell you how you can accomplish that using free off-the-shelf tools from Oracle and Microsoft.

The process proceeds in two phases:

  1. EXTRACT the permissions data from Oracle

  2. INSERT the permissions into Exchange

You may need to modify your user names between the first and second step, but if you're handling your own data migration this should not be too difficult. You're also going to have to write your own script to convert the output from the Extract phase to the input for the Insert phase. Since we get these requests from universities and they have lots of undergraduate computer talent that programs in between beer blasts we don't think this will be too difficult.

Extracting permissions data from Oracle Calendar Server

This is done using the OCS tool UNIACCESSRIGHTS. See the Oracle Calendar Reference Manual for your full set of options.

Let's take the example of John Lennon giving permissions to Jerry Garcia.

Running UNIACCESSRIGHTS to get the Designate data for Lennon is simple:

uniaccessrights -ls -grantor "S=Lennon/G=Johnny" -grantee "S=*" -n 1 -p PASSWORD

This results in the following output (which you can redirect to a text file), split here for clarity:

Grantee: S=Garcia/G=Jerry/UID=Jerry.Garcia/ID=256/NODE-ID=1

Designate Right: CONFIDENTIALEVENT=REPLY

/CONFIDENTIALTASK=NONE

/NORMALEVENT=MODIFY

/NORMALTASK=NONE

/PERSONALEVENT=VIEWTIME

/PERSONALTASK=MODIFY

/PUBLICEVENT=MODIFY

/PUBLICTASK=MODIFY

The connections between the OCS User Interface and the output are pretty clear.


You have now successfully extracted the data. Part 1 is complete.


Inserting permissions data into Exchange



This is done using PFDAVAdmin, whose formal name is the Exchange Public Folder DAV-based Administration Tool. You should check out our earlier postings on PFDAVAdmin. First let's say that on Exchange in Active Directory we already have a John Lennon who has created the same Calendar permissions for his co-worker Jerry Garcia. What would those look like in Exchange saved with PFDAVAdmin?



So glad you asked. Running our friend PFDAVAdmin and looking at John Lennon,


we first EXPORT his permissions to see what our end goal is:

Pick the easiest format to read,



We get a LOT of data for folders. I invite you to look at your own output.

However, we can comfortably reduce it to the data we need for Calendars and Tasks:

SETACL Mailboxes\john.lennon\Freebusy Data SUMATRA\jerry.garcia Editor NO

SETACL Mailboxes\john.lennon\TopofInformationStore\Calendar SUMATRA\jerry.garcia Editor NO

SETACL Mailboxes\john.lennon\TopofInformationStore\Tasks SUMATRA\jerry.garcia Reviewer NO


Your step is to turn your UNIACCESSRIGHTS export into a file of this format that you can IMPORT into PFDAVADMIN to set the ACLs for Exchange. This is not very hard.

Of course it's in our test domain so everything is "SUMATRA," and "TopofInformationStore" should be "Top of Information Store" (but it breaks oddly in Blogger). You might also want to set the INBOX and OUTBOX permissions if you want them to respond to meeting requests for you.

NOTE: Be careful making any modifications to this file – it is very important that it be tab-delimited.

But you get the idea and there is enough information here for you to fly on your own now should you so choose.

Note the key things about this:
  • With your own scripting the cost to you is zero for additional tools
  • It puts the permissions part of the migration entirely within your hands

No comments: