Partager via


Prepare Mailboxes for Cross-Forest Moves Using the PrepareMoveRequest.ps1 script in the Shell

[Cette rubrique est en cours de rédaction.]

Dernière rubrique modifiée : 2010-01-28

In Exchange 2010, moving a mailbox has been separated into two distinct parts:

  • Preparing the Active Directory object
  • Data migration

This sample Windows Powershell script supports the first part by synchronizing mailbox users from an Exchange 2003, Exchange 2007 and Exchange 2010 source forest to Exchange 2010 target forests as mail enabled users. This is accomplished by synchronizing Active Directory attributes in the online help and by calling the Update-Recipient cmdlet to turn the target objects into mail enabled users.

You can download the sample Windows Powershell script from the Prepare for Onli n e Mailbox Move download page. For more information about using and writing scripts, see Scripts dans Exchange Management Shell.

Prerequisites

To run this sample script, you need the following:

  • a source forest running Exchange 2003, Exchange 2007 or Exchange 2010, where the mailbox currently resides
  • a target forest with Exchange 2010 installed, where the mailbox will be moved to

Using the PrepareMoveRequest.psi script

The script should be run from Exchange Management Shell on an Exchange 2010 server role in the target Exchange 2010 forest. The script copies the mailbox attributes from the source forest.

The following command runs the prepareMoveRequest.ps1 script:

prepareMoveRequest.ps1 -Identity JohnSmith@Fabrikan.com -RemoteDomainController DC001.Fabrikam.com -RemoteForestCredential DouglassB@Fabrikam.com -ForestTrust $true

The following table lists the parameter set for the script.

Parameter Required Description

Identity

Required

The Identity parameter specifies the identify of the mailbox in the source forest. Identity can be any of the following:

  • Cn
  • Alias
  • ProxyAddress
  • objectGuid
  • displayname

RemoteDomainController

Required

The RemoteDomainController parameter specifies the domain controller of the source forest where the mailbox resides.

RemoteForestCredential

Required

The Crenditial parameter specifies the administrator with permissions to copy data from the Active Directory of the source forest.

LocalForestDomainController

Optional

The DomainController parameter specifies the domain controller of the target forest where the mail enabled user will be created.

LocalForestCredential

Optional

The LocalForestCrendiatial parameter specifies the administrator with permissions to write data to the Active Directory of the target forest.

TargetOU

Optional

The TargetOU parameter specifies where the target mail enabled user will be created.

LinkedMailUser

Optional

The LinkedMailUser parameter accepts a $true or $false value. This parameter is set to $false by default. If set to $true, this setting creates a linked target mail enabled user with the source mailbox user.

MailboxDeliveryDomain

Optional

The MailboxDeliveryDomain parameter specifies an authoritative domain of the target forest so that the script can pick the correct source mailbox user’s proxyAddresses as the target mail enabled user’s targetAddress.

By default, the primary SMTP address of the source mailbox user is set as the targetAddress of the target mail enabled user.

UseLocalObject

Optional

If the script detects an object in the local forest that conflicts with the to be created mail enabled user, you can use the UseLocalObject parameter to convert the existing local object to the required target mail enable user.

Ee861103.note(fr-fr,EXCHG.140).gifRemarque :
Make sure that you use two separate credentials for the local forest, and the remote forest when calling this script.

Examples

EXAMPLE 1

This example provisions a single mail enabled user.

prepareMoveRequest.ps1 -Identity RobertJames@Contoso.com -RemoteDomainController DC001.Fabrikam.com -RemoteForestCredential DouglassB@Fabrikam.com -ForestTrust $true -LinkedMailUser $true

EXAMPLE 2

The script supports pipelining if you supply the list of identities as shown below:

"IanB@Contoso.com", "JoeSm@Contoso.com" | prepareMoveRequest.ps1 -Identity RobertJames@Contoso.com -RemoteDomainController DC001.Fabrikam.com -RemoteForestCredential DouglassB@Fabrikam.com -ForestTrust $true

EXAMPLE 3

You can generate a CSV file containing a list of mailbox identities from the source forest, which allows you to pipe the content of this file into the script to bulk create the target mail enabled users.

For example, the content of the CSV file can be:

Identity:

Ian@contoso.com

John@contoso.com

Rachel@contoso.com

This example calls a CSV file to bulk create the target mail enabled users.

Import-Csv Test.csv | prepareMoveRequest.ps1 -Identity RobertJames@Contoso.com -RemoteDomainController DC001.Fabrikam.com -RemoteForestCredential DouglassB@Fabrikam.com -ForestTrust $true

Duplicate Target Mail Enabled Object

When the script attempts to create a target mail enabled user from the source mailbox user, and it detects a duplicate local mail enabled object, it uses the following logic:

  • If source mailbox user’s masterAccountSid equals any target object’s objectSid or masterAccountSid
    • If the target object is not mail enabled, return error since the script doesn’t support converting a non mail enabled object to a mail enabled user.
    • If the target object is mail enabled, the target object is a duplicate.
  • Or if an address in the source mailbox user’s proxyAddresses (smtp/x500 only) equals an address in a target object’s proxyAddresses (smtp/x500 only), then the target object is a duplicate.

The script will prompt the user about the duplicate objects.

If the target mail enabled object is a mail enabled user or contact, which is most likely create by a cross-forest (Identity Lifecycle Management 2007 Service Pack 1 based) GALSync deployment, then the user can rerun the script with ‘-UseLocalObject’ parameter to use the target mail enabled object for mailbox migration.

Mail Enabled User

If the target object is a mail enabled user, the script copies the following attributes from the source mailbox user to the target mail enabled user:

  • msExchMailboxGUID
  • msExchArchiveGUID
  • msExchArchiveName

If LinkedMailUser parameter is set, the script copies the source objectSid/masterAccountSid.

Mail Enabled Contact

If the target object is a mail enabled contact, the script will delete the existing contact and copy all of its attributes to a new mail enabled user. The script will also copy the following attributes from the source mailbox user:

  • msExchMailboxGUID
  • msExchArchiveGUID
  • msExchArchiveName
  • sAMAccountName
  • userAccountControl (set to 514 //equivalent to 0x202, ACCOUNTDISABLE | NORMAL_ACCOUNT)
  • userPrincipalName

If LinkedMailUser parameter is set, the script copies the source objectSid/masterAccountSid.

Sync Back LegacyExchangeDN

When the Update-Recipient cmdlet is called to convert the target object into a mail enabled user, a new LegacyExchangeDN is generated for the target mail enabled user. The script will copy the LegacyExchangeDN of the target mail enabled user as a “x500” address to the proxyAddresses of the source mailbox user.

This ensures proper resolution of recipients when messages are sent between the source and target forests.