次の方法で共有


How to: Quick Check-List help you fast the AD/Exchange migration using Quest migration tool

One my friend reached me today asking for some help on migration project. They are using Quest to help customer to AD/Exchange migration and stuck on the huge effort for system preparation. I think Quest should already have provided tool to help get permission ready rapidly, while from project execution aspect, a proved check-list may make you more comfortable, especially when customer would like to know what changes you make to their environment.

 

This is the quick check-list I personally consolidated in past projects, just try it.

**Only proved on migration from Exchange Server 2003 to 2010**

Domain Preparation

Source Domain Controller (xxx.com)

 

Domain Controller Host Name

 

AD Site

 

Domain Controller IP Address

 

IP Setting: DNS Servers

 

IP Setting: WINS Server

 

Domain Controller Operating system

 

Domain Controller Roles

 

Domain Functional Level

 

Forest Functional Level

 

DNS Setting: List all avaialable domain zones:

 

DNS Setting: Conditional Forwarders

 

DNS Setting: Conditional Forwarders Target

 

Zone Transfer (Only transfer to specified IP address)

 

Create Second Zone

 

Second Zone Resolve Success

 

DNS FQDN Name Ping Test (on Source SPOC DCs - xxx)

 

FQDN Name Ping Result

 

NetBIOS Name Resolution

 

NetBIOS Name Ping Result

 

Windows Server Support Tools Installed

 

Firewall turned-off for all client PCs1. turn "Security Center" through group policy2. disable Windows Firewall service through group policy

 

enable GC Replication and Index for service attributes:

 

adminDisplayName

 

extensionAttribute15

 

Target Domain Controller (xxx.com)

 

Domain Controller Host Name

 

AD Site

 

Domain Controller IP Address

 

IP Setting: DNS Servers

 

IP Setting: WINS Server

 

Domain Controller Operating system

 

Domain Controller Roles

 

Domain Functional Level

 

Forest Functional Level

 

DNS Setting: List all avaialable domain zones:

 

DNS Setting: Conditional Forwarders

 

DNS Setting: Conditional Forwarders Target

 

DNS FQDN Name Ping Test (on Target SPOC DCs - xxx)

 

FQDN Name Ping Result

 

NetBIOS Name Resolution

 

NetBIOS Name Ping Result

 

Windows Server Support Tools Installed

 

Firewall turned-off for all client PCs1. turn "Security Center" through group policy2. disable Windows Firewall service through group policy

 

enable GC Replication and Index for service attributes:

 

adminDisplayName

 

extensionAttribute15

  

  

Trust

Two-way Trust Done

  

Disable SID filteringNetdom trust johndemo.local /domain:rogertech.local /quarantine:No /usero:administrator /passwordo:Passw0rd

  

  

Account Preparation

Single Administrative Account

  

Source Domain Account Preparation

  

built-in Administrators group on source DC

  

Full Control on Domain partition via ADSIEdit

  

Read on Configuration partition via ADSIEdit

  

Administrators group on all exchange servers, and other involved application servers

  

Full Control permission on the OUs where the source synchronized objects are located.

  

Full Control permission on source Exchange2003 servers HKEY_CURRENT_USER\Software\Microsoft\Exchange\ExAdminValue name: ShowSecurityPageData Type: REG_DWORDValue data: 1

  

Full Control permission on the Microsoft Exchange System Objects OU

  

Modify public folder replica list, Modify public folder deleted item retention, and Modify public folder quotas permission on the ESM administrative groups

  

Group Policy to add <your single administrative account> to local administrators group in all clients1. Create one Domain Local security group names as QMMAdminGroup in Target domain2. Add <your single administrative account> into QMMAdminGroup3. Modify default domain policy (or create a new one) to add this QMMAdminGroup into Administrators group on all clients

  

Target Domain Account Preparation

  

built-in Administrators group on target DC

  

Full Control on Domain partition via ADSIEdit

  

Read on Configuration partition via ADSIEdit

  

Full Control on Exchange organization via ADSIEditCN=<ExchangeOrganizationName>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<...>,DC=<...>

  

Full Control permission on the OUs where the target synchronized objects are located.

  

Full Control permission on the Microsoft Exchange System Objects OU

  

Full Control permission on each mailbox database and associated public folder databaseGet-Mailbox | Add-MailboxPermission -User <your single administrative account> -AccessRights FullAccessGet-MailboxDatabase | Add-ADPermission -User <your single administrative account> -AccessRights GenericAll -ExtendedRights Receive-As,Send-AsGet-PublicFolderDatabase | Add-ADPermission -User <your single administrative account> -AccessRights GenericAll -ExtendedRights Receive-As,Send-As

  

Organization Management group membership for target Exchange Server 2010

  

Public Folder Management group membership for target Exchange Server 2010

  

Recipient Management group membership for target Exchange Server 2010

  

Administrators group on all exchange servers, and other involved application servers

  

ApplicationImpersonation role on target Exchange Server 2010New-ManagementRoleAssignment –Name QMMAppImpersonation -Role ApplicationImpersonation –User <your single administrative account>

  

ms-Exch-EPI-May-Impersonate extended rightGet-ExchangeServer | where {$_.IsClientAccessServer -eq $TRUE} | ForEach-Object {Add-ADPermission -Identity $_.distinguishedname -User ((Get-User -Identity qmmadmin) | select-object).identity -extendedRight ms-Exch-EPI-Impersonation} Get-MailboxDatabase | ForEach-Object {Add-ADPermission -Identity $_.DistinguishedName -User <your single administrative account> -ExtendedRights ms-Exch-EPI-May-Impersonate} Get-PublicFolderDatabase | ForEach-Object {Add-ADPermission -Identity $_.DistinguishedName -User <your single administrative account> -ExtendedRights ms-Exch-EPI-May-Impersonate}

  

Group Policy to add <your single administrative account> to local administrators group in all clients1. Create one Domain Local security group names as QMMAdminGroup in Target domain2. Add <your single administrative account> into QMMAdminGroup3. Modify default domain policy (or create a new one) to add this QMMAdminGroup into Administrators group on all clients

  

 

  

QMM Console (xxx)

  

Grant "Log on as a service" right to <your single administrative account> via local security policy

  

Verify <your single administrative account> belongs to Administrators group membership

  

  

Exchange Server Preparation

Source Exchange Server - 2003

  

Exchange Server Name

  

Exchange Server IP Address

  

IP Setting: DNS Servers

  

IP Settings: WINS Server

  

Existing Accepted Domains

  

Email Redirection Target Domain SMTP namespaces

  

mail route SMTP name space

  

Smart Host Address

  

Mailbox Access and Email Flow Verification

  

Default Source Domain -> Default Target Domain

  

Default Source omain -> Email Redirection Target SMTP name space

  

Offline Address Book Downloading Availability

  

Create a temp Storage Group for synced mailbox-enabled objects

  

Exchange Server

  

Storage Group name

  

Enable "circular logging" for this storage group

  

Mailbox Store name

  

Full Backup Done

  

Create "Aelita EMW Recycle Bin" Public Folder

  

Creating Administrator Mailboxes for Public Folder, Free/Busy and Calendar Synchronization

  

Specifying displayName Value for source EX2K3 mailbox database via ADSIEdit1. Locate CN=First Storage Group,CN=InformationStore,CN=EX2K3,CN=Servers,CN=First Administrative Group,CN=Administrative Groups,CN=Mail,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<…>,DC=<…>2. copy adminDisplayName value to displayName field.

  

Firewall turned-off

  

Target Exchange Server - 2010

  

Exchange Server Name

  

Exchange Server IP Address

  

IP Setting: DNS Servers

  

IP Settings: WINS Server

  

Accepted Domains

  

Existing Accepted Domains (Related)

  

Email Redirection Target Domain SMTP namespaces

  

Email Address Policies

  

Remote Domains

  

Add email redirection Source Domain SMTP namespace

  

Send Connector

  

mail route SMTP name space

  

Smart Host Address

  

Create Target Mailbox Database for migration

  

Database Name

  

Mount Availability

  

Limit Configuration Matching with policy

  

Public Folder Database Association

  

Offline Address Book Association

  

Default Receive Connector permission group -> Anonymous

  

Mailbox Access and Email Flow Verification

  

Default Target Domain -> Default Source Domain

  

Default Target Domain -> Email Redirection Source SMTP name space

  

Offline Address Book Downloading

  

Full Backup Done

  

Create "Aelita EMW Recycle Bin" Public Folder

  

Creating Administrator Mailboxes for Public Folder, Free/Busy and Calendar Synchronization

  

Creating Custom Throttling PoliciesNew-ThrottlingPolicy QMMExAccountThrottlingPolicySet-ThrottlingPolicy QMMExAccountThrottlingPolicy -RCAMaxConcurrency $null -RCAPercentTimeInAD $null -RCAPercentTimeInCAS $null -RCAPercentTimeInMailboxRPC $nullSet-ThrottlingPolicyAssociation -Identity <your single administrative account> -ThrottlingPolicy QMMExAccountThrottlingPolicy

  

Installing the Microsoft Exchange Server MAPI Client and Collaboration Data Objects 1.2.1, and Restart Server

  

Disable RPC Encryption on Target Exchange 2010 ServersSet-RpcClientAccess –Server EX2010.rogertech.local –EncryptionRequired $false

  

firewall turned-off

  

  

QMM Console Preparation

Firewall turned-off

  

Installing the Microsoft Exchange Server MAPI Client and Collaboration Data Objects 1.2.1, and Restart Server

  

Double check <your single administrative account> is in local Administrators group