Exchange 2010 Cross-Forest Migration Step by Step Guide – Part I
This Guide will explain the detailed steps required to do cross forest migration from source forest running Exchange 2003 to target forest running Exchange 2010.
Active Directory Migration Tool (ADMT) will be used to migrate user accounts as well as computer accounts. There are two scenarios when using ADMT to migrate user accounts with Exchange:
1. Run Prepare-MoveRequest.ps1 script first then ADMT: in this scenario the steps will be in the following order:
a. Prepare-MoveREquest.ps1: The script will be used to create Mail Enabled Users (MEU) in the target forest; the MEUs will be disabled and will contain the following attributes: legacyExchangeDN, mail, mailnickname, msExchmailboxGuid, proxyAddresses, X500, targetAddress, userAccountControl, userprincipalName.
b. ADMT to migrate user accounts: the main target is to get the old SID from the source domain (SID History), and to synchronize the password from the source domain to the new user account in the target domain, of course other AD attributes could be migrated like phone, address, title…
c. Move Mailbox: using new-move request from the source forest to the target forest.
d. ADMT to migrate the computer account: this will mainly disjoin the client machine from the source domain and join the new domain, also will add (or replace) the SID of the new user in the target forest on the same profile used by the old user account, other options available like local group, profiles…..
2. Run ADMT first then Prepare-MoveRequest.ps1: in this scenario the steps will be in the following orders:
a. ADMT to migrate the user accounts from the source forest to the target forest, users will be created or merged by ADMT not the script, SID history and password synchronization along with other AD attributes could be merged from the source forest to the target forest. By default ADMT is excluding all Exchange attributes.
b. Convert the user accounts created or merged by ADMT to Mail Enabled User (MEU) accounts with proxy address as the source forest user account.
c. Prepare-moverequest.ps1: the script will be used with –localobject and –overwritelocalobject switches, so the script will use the existing user accounted and will not create new account.
d. New-MoveRequest: to move the mailbox from the source forest to the target forest.
Choosing which scenario will be based on the customer environment, the selection of the scenario should consider:
- First Scenario: This is the easy and straight forward scenario, should be used if the target forest (domain) is newly created, no users from the source domain exist in the target domain.
- Second Scenario: As this is more complicated scenario, it should be used if ADMT must run first before prepare-moverequest, and this will be needed in case of there are already users from the source forest in the target forest.
This series of articles will focus on the second scenario. Before going on the detailed steps, let’s first explain the environment and the requirements.
The current environment includes the following:
- Source forest running Windows 2003, and Exchange 2003 (egypt.tailspin.com), email address of all user accounts @egypt.tailspin.com
- Target forest running Windows 2008 R2 and Exchange 2010 (tailspin.com), email address for all users @tailspin.com.
- There are already user accounts for the source forest in the target forest, created manually and used by many applications, and they must be used.
The following diagram shows the details of the current environment:
As the migration will take time, the co-existence period should be considered, so this guide will cover the following:
- Addressing the migration challenges.
- Configure Mail Flow between the two forests.
- Migration of user and computer accounts using ADMT.
- Exchange Mailbox migration using native tools.
- Enable sharing Free/Busy information between the two forests, so when the user is migrated to the target forest, he will still be able to check the free/busy information of other users in the source forest and vice versa.
The second part of this guide will address the migration challenges and setting up the mail flow between the two forests.
Exchange 2010 Cross-Forest Migration Step by Step Guide – Part I
Exchange 2010 Cross-Forest Migration Step by Step Guide – Part II
Exchange 2010 Cross-Forest Migration Step by Step Guide – Part III
Comments
Anonymous
August 05, 2011
Step b on method 1 Doesn't work for me On the logs it say the account aready exists, so it skips it, any ideas?Anonymous
September 02, 2011
You have to take the option "merge" in the ADMT.Anonymous
February 09, 2015
In Part I of this guide I’ve explained the process of cross-forest migration and the differences betweenAnonymous
February 09, 2015
In this part of Cross-Forest Migration Guide we will solve the second challenge but before that let’s