Prepare Mailboxes for Cross-Forest Moves Using the PrepareMoveRequest.ps1 script in the Shell
[Cette rubrique est en cours de rédaction.]
Dernière rubrique modifiée : 2010-01-28
In Exchange 2010, moving a mailbox has been separated into two distinct parts:
- Preparing the Active Directory object
- Data migration
This sample Windows Powershell script supports the first part by synchronizing mailbox users from an Exchange 2003, Exchange 2007 and Exchange 2010 source forest to Exchange 2010 target forests as mail enabled users. This is accomplished by synchronizing Active Directory attributes in the online help and by calling the Update-Recipient cmdlet to turn the target objects into mail enabled users.
You can download the sample Windows Powershell script from the Prepare for Onli n e Mailbox Move download page. For more information about using and writing scripts, see Scripts dans Exchange Management Shell.
Prerequisites
To run this sample script, you need the following:
- a source forest running Exchange 2003, Exchange 2007 or Exchange 2010, where the mailbox currently resides
- a target forest with Exchange 2010 installed, where the mailbox will be moved to
Using the PrepareMoveRequest.psi script
The script should be run from Exchange Management Shell on an Exchange 2010 server role in the target Exchange 2010 forest. The script copies the mailbox attributes from the source forest.
The following command runs the prepareMoveRequest.ps1 script:
prepareMoveRequest.ps1 -Identity JohnSmith@Fabrikan.com -RemoteDomainController DC001.Fabrikam.com -RemoteForestCredential DouglassB@Fabrikam.com -ForestTrust $true
The following table lists the parameter set for the script.
Parameter | Required | Description |
---|---|---|
Identity |
Required |
The Identity parameter specifies the identify of the mailbox in the source forest. Identity can be any of the following:
|
RemoteDomainController |
Required |
The RemoteDomainController parameter specifies the domain controller of the source forest where the mailbox resides. |
RemoteForestCredential |
Required |
The Crenditial parameter specifies the administrator with permissions to copy data from the Active Directory of the source forest. |
LocalForestDomainController |
Optional |
The DomainController parameter specifies the domain controller of the target forest where the mail enabled user will be created. |
LocalForestCredential |
Optional |
The LocalForestCrendiatial parameter specifies the administrator with permissions to write data to the Active Directory of the target forest. |
TargetOU |
Optional |
The TargetOU parameter specifies where the target mail enabled user will be created. |
LinkedMailUser |
Optional |
The LinkedMailUser parameter accepts a $true or $false value. This parameter is set to $false by default. If set to $true, this setting creates a linked target mail enabled user with the source mailbox user. |
MailboxDeliveryDomain |
Optional |
The MailboxDeliveryDomain parameter specifies an authoritative domain of the target forest so that the script can pick the correct source mailbox user’s proxyAddresses as the target mail enabled user’s targetAddress. By default, the primary SMTP address of the source mailbox user is set as the targetAddress of the target mail enabled user. |
UseLocalObject |
Optional |
If the script detects an object in the local forest that conflicts with the to be created mail enabled user, you can use the UseLocalObject parameter to convert the existing local object to the required target mail enable user. |
Remarque : |
---|
Make sure that you use two separate credentials for the local forest, and the remote forest when calling this script. |
Examples
EXAMPLE 1
This example provisions a single mail enabled user.
prepareMoveRequest.ps1 -Identity RobertJames@Contoso.com -RemoteDomainController DC001.Fabrikam.com -RemoteForestCredential DouglassB@Fabrikam.com -ForestTrust $true -LinkedMailUser $true
EXAMPLE 2
The script supports pipelining if you supply the list of identities as shown below:
"IanB@Contoso.com", "JoeSm@Contoso.com" | prepareMoveRequest.ps1 -Identity RobertJames@Contoso.com -RemoteDomainController DC001.Fabrikam.com -RemoteForestCredential DouglassB@Fabrikam.com -ForestTrust $true
EXAMPLE 3
You can generate a CSV file containing a list of mailbox identities from the source forest, which allows you to pipe the content of this file into the script to bulk create the target mail enabled users.
For example, the content of the CSV file can be:
Identity:
Ian@contoso.com
John@contoso.com
Rachel@contoso.com
This example calls a CSV file to bulk create the target mail enabled users.
Import-Csv Test.csv | prepareMoveRequest.ps1 -Identity RobertJames@Contoso.com -RemoteDomainController DC001.Fabrikam.com -RemoteForestCredential DouglassB@Fabrikam.com -ForestTrust $true
Duplicate Target Mail Enabled Object
When the script attempts to create a target mail enabled user from the source mailbox user, and it detects a duplicate local mail enabled object, it uses the following logic:
- If source mailbox user’s masterAccountSid equals any target object’s objectSid or masterAccountSid
- If the target object is not mail enabled, return error since the script doesn’t support converting a non mail enabled object to a mail enabled user.
- If the target object is mail enabled, the target object is a duplicate.
- Or if an address in the source mailbox user’s proxyAddresses (smtp/x500 only) equals an address in a target object’s proxyAddresses (smtp/x500 only), then the target object is a duplicate.
The script will prompt the user about the duplicate objects.
If the target mail enabled object is a mail enabled user or contact, which is most likely create by a cross-forest (Identity Lifecycle Management 2007 Service Pack 1 based) GALSync deployment, then the user can rerun the script with ‘-UseLocalObject’ parameter to use the target mail enabled object for mailbox migration.
Mail Enabled User
If the target object is a mail enabled user, the script copies the following attributes from the source mailbox user to the target mail enabled user:
- msExchMailboxGUID
- msExchArchiveGUID
- msExchArchiveName
If LinkedMailUser parameter is set, the script copies the source objectSid/masterAccountSid.
Mail Enabled Contact
If the target object is a mail enabled contact, the script will delete the existing contact and copy all of its attributes to a new mail enabled user. The script will also copy the following attributes from the source mailbox user:
- msExchMailboxGUID
- msExchArchiveGUID
- msExchArchiveName
- sAMAccountName
- userAccountControl (set to 514 //equivalent to 0x202, ACCOUNTDISABLE | NORMAL_ACCOUNT)
- userPrincipalName
If LinkedMailUser parameter is set, the script copies the source objectSid/masterAccountSid.
Sync Back LegacyExchangeDN
When the Update-Recipient cmdlet is called to convert the target object into a mail enabled user, a new LegacyExchangeDN is generated for the target mail enabled user. The script will copy the LegacyExchangeDN of the target mail enabled user as a “x500” address to the proxyAddresses of the source mailbox user.
This ensures proper resolution of recipients when messages are sent between the source and target forests.