cross forest migration guide – exchange 2010 to exchange 2010
TRANSCRIPT
-
7/23/2019 Cross Forest Migration Guide Exchange 2010 to Exchange 2010
1/16
Cross Forest Migration Guide Exchange 2010 to Exchange 2010
This Migration Guide will help you to migrate mailboxes across forest
Its always people go confused when source and target forests are Exchange 2010, I have tried to explain as detailed a possible and covered
one methodWhere Running .\PrepareMoveRequest.ps1 first and then using ADMT to migrate the Sid History of the users
Please share your feedback in comments, So that I can update the guide frequently
So lets go ahead
Step 1:
Have Trust in place across forests, in my Situation I created two way Transitive Trust where I wont get into any permission constraints
Good to know: We can limit permissions by going for different type of trusts
See -
How to Create Two way Transitive Trust Windows Server 2008 R2
Step 2:
You need Active Directory Migration Tool to Get your User accounts migrated without any hassle, You can install it in either of the forests but ,Have installed in the target forest , where I will be doing most of my work
See -
How to install ADMT 3.2 in Windows Server 2008 R2
http://careexchange.in/how-to-create-two-way-transitive-trust-windows-server-2008-r2/http://careexchange.in/how-to-create-two-way-transitive-trust-windows-server-2008-r2/http://careexchange.in/how-to-create-two-way-transitive-trust-windows-server-2008-r2/http://careexchange.in/how-to-install-admt-3-2-in-windows-server-2008-r2/http://careexchange.in/how-to-install-admt-3-2-in-windows-server-2008-r2/http://careexchange.in/how-to-create-two-way-transitive-trust-windows-server-2008-r2/ -
7/23/2019 Cross Forest Migration Guide Exchange 2010 to Exchange 2010
2/16
Step 3:
If you are planning to migrate the User account with SID Which is recommended where users will still have access to their old forest wherethey will be recognized like
Access file shares and permission groups etc. So I would always recommend to get your SID along with the Users
If you are planning to Migrate Users with Password that doesnt happen by default, you have to Configure Password Export Server in thesource domain
See -
How to Migrate Users Across forest (Cross Forest) using ADMT 3.2 with Sid and Passwords
Step 4:
Enable MRS Proxy on the Source Client Access Server which is going to facilitate the Remote move from the Source Forest,
I have described Enabling MRS proxy where version is Exchange 2010 Sp1 or later because enabling MRS Proxy in RTM version differs
See-
How to Enable MRS Proxy and Increase timeout In Exchange 2010
Step 5:
Ignore if you are not using a Self Signed Cert.
http://careexchange.in/how-to-migrate-users-across-forest-cross-forest-using-admt-3-2-with-sid-and-passwords/http://careexchange.in/how-to-migrate-users-across-forest-cross-forest-using-admt-3-2-with-sid-and-passwords/http://careexchange.in/how-to-enable-mrs-proxy-and-increase-timeout-in-exchange-2010/http://careexchange.in/how-to-enable-mrs-proxy-and-increase-timeout-in-exchange-2010/http://careexchange.in/how-to-migrate-users-across-forest-cross-forest-using-admt-3-2-with-sid-and-passwords/ -
7/23/2019 Cross Forest Migration Guide Exchange 2010 to Exchange 2010
3/16
If you are using a Self Signed Certificate Where Exchange servers wont authenticate between each other
Because they wont trust each of them
You got to Export the Cert from Source Exchange Server and import it on Target Exchange Server
Vice versaSee -
How to Export a Self signed Server Certificate and Import it on a another Server in Windows server 2008 R2
Step 6:
Check List
* Now Trusts are in place
* ADMT is installed on the Target DC
* MRS Proxy is enabled on the Source Forest Client Access Server
* Admin User of the Target forest is a member of administrators group in the Source forest Add vice Versa
* If you are using Self Signed Cert They have been exported from the target and imported in source (vice versa)
* If you are planning to migrate passwords as well - Password Export Service is Configured and PES service is started in the Source Domain
Before starting, there are many methods to Move mailboxes across forest .I will go for the Recommended one.
Let us call this method as Running .\PrepareMoveRequest.ps1 first and then using ADMT to migrate the Sid History
We will move one mailbox to get a Clear idea, and then we can go for Bulk Migration of mailboxes.
I always recommend moving few mailboxes. Test it as much as you can. Then go for bulk migration
http://careexchange.in/how-to-export-a-self-signed-server-certificate-and-import-it-on-a-another-server-in-windows-server-2008-r2/http://careexchange.in/how-to-export-a-self-signed-server-certificate-and-import-it-on-a-another-server-in-windows-server-2008-r2/ -
7/23/2019 Cross Forest Migration Guide Exchange 2010 to Exchange 2010
4/16
Step 7:
Created a Test Mailbox - Mailbox1
-
7/23/2019 Cross Forest Migration Guide Exchange 2010 to Exchange 2010
5/16
http://c/Users/v-9saman/AppData/Local/Temp/WindowsLiveWriter-429641856/supfilesFBD65/image7.png -
7/23/2019 Cross Forest Migration Guide Exchange 2010 to Exchange 2010
6/16
Step 8:
First Store the Access Credentials in the Shell
Please dont confuse yourself Here. Am Running this on the Target Forest $localCredentials Means the TargetForestCredentials
SourceForest careExchange.in
TargetForest TargetExchange.in
Please dont forget to Type the DomainName \UserName
$localCredentials = Get-Credential
-
7/23/2019 Cross Forest Migration Guide Exchange 2010 to Exchange 2010
7/16
$RemoteCredentials = Get-Credential
Means my Source Forest
http://c/Users/v-9saman/AppData/Local/Temp/WindowsLiveWriter-429641856/supfilesFBD65/image28.png -
7/23/2019 Cross Forest Migration Guide Exchange 2010 to Exchange 2010
8/16
Note: After Storing your Credentials Do not Close Shell You got to run the Future Command in the Same Power Shell Session
Step 9:
Now Preparing a Move Request
Browse your Exchange Management Shell into Scripts Folder in your Target Forest , Which will be in Exchange installation Location
.\Prepare-MoveRequest.Ps1 -Identity "EmailAddress" -RemoteForestDomainController "FQDN of Source DC" -RemoteForestCredential$RemoteCredentials -LocalForestDomainController "FQDN of Target Forest DC" -LocalForestCredential $LocalCredentials -TargetMailUserOU"Distinguished name of OU in TargetForest" UseLocalObject -Verbose
http://c/Users/v-9saman/AppData/Local/Temp/WindowsLiveWriter-429641856/supfilesFBD65/image32.png -
7/23/2019 Cross Forest Migration Guide Exchange 2010 to Exchange 2010
9/16
Using Verbose in the end of the Command
You can clearly see what are the Attributes its getting touched
Mail,Displayname,Proxyaddress etc..
Now you can See a Disabled account which has been Created on the Specified OU
http://c/Users/v-9saman/AppData/Local/Temp/WindowsLiveWriter-429641856/supfilesFBD65/image3.png -
7/23/2019 Cross Forest Migration Guide Exchange 2010 to Exchange 2010
10/16
Step 10:
Now use ADMT to migrate the SID and Enable the Target Account which is Mailbox1 in my Scenario
See-
How to Migrate Users Across forest (Cross Forest) using ADMT 3.2 with Sid and Passwords
Now you can find the SID history of the account , Where you can confirm that you did things correctly
http://careexchange.in/how-to-migrate-users-across-forest-cross-forest-using-admt-3-2-with-sid-and-passwords/http://careexchange.in/how-to-migrate-users-across-forest-cross-forest-using-admt-3-2-with-sid-and-passwords/http://c/Users/v-9saman/AppData/Local/Temp/WindowsLiveWriter-429641856/supfilesFBD65/image11.pnghttp://careexchange.in/how-to-migrate-users-across-forest-cross-forest-using-admt-3-2-with-sid-and-passwords/ -
7/23/2019 Cross Forest Migration Guide Exchange 2010 to Exchange 2010
11/16
Now your AD account will get enabled
http://c/Users/v-9saman/AppData/Local/Temp/WindowsLiveWriter-429641856/supfilesFBD65/image20.png -
7/23/2019 Cross Forest Migration Guide Exchange 2010 to Exchange 2010
12/16
Step 11: Now youre Account with SID and password has been moved, But s till your Content of the mailbox hasnt moved yet. Which is moved my aremote as below
Now moving the mailbox using a Remote move request
New-MoveRequest Identity [email protected] Remote Remotehostn ame sourceExchange.CareExchange.in -RemoteCredential$RemoteCredentials TargetDeliverydomain targetexchange.in
mailto:%E2%80%[email protected]%E2%80%99mailto:%E2%80%[email protected]%E2%80%99mailto:%E2%80%[email protected]%E2%80%99http://c/Users/v-9saman/AppData/Local/Temp/WindowsLiveWriter-429641856/supfilesFBD65/image8.pnghttp://c/Users/v-9saman/AppData/Local/Temp/WindowsLiveWriter-429641856/supfilesFBD65/image4.pnghttp://c/Users/v-9saman/AppData/Local/Temp/WindowsLiveWriter-429641856/supfilesFBD65/image8.pnghttp://c/Users/v-9saman/AppData/Local/Temp/WindowsLiveWriter-429641856/supfilesFBD65/image4.pngmailto:%E2%80%[email protected]%E2%80%99 -
7/23/2019 Cross Forest Migration Guide Exchange 2010 to Exchange 2010
13/16
Now you can see a Remote move has been completed
Now you wont be able logon on the new forest directly as you required to change passwor d as first logon
To avoid that situation
See-
How to Disable User must change password at next logon after cross forest move using ADMT 3.2 Open Adsiedit Set pwdlastset to 1
http://careexchange.in/how-to-disable-user-must-change-password-at-next-logon-after-cross-forest-move-using-admt-3-2/http://careexchange.in/how-to-disable-user-must-change-password-at-next-logon-after-cross-forest-move-using-admt-3-2/http://careexchange.in/how-to-disable-user-must-change-password-at-next-logon-after-cross-forest-move-using-admt-3-2/http://c/Users/v-9saman/AppData/Local/Temp/WindowsLiveWriter-429641856/supfilesFBD65/image12.pnghttp://careexchange.in/how-to-disable-user-must-change-password-at-next-logon-after-cross-forest-move-using-admt-3-2/ -
7/23/2019 Cross Forest Migration Guide Exchange 2010 to Exchange 2010
14/16
http://c/Users/v-9saman/AppData/Local/Temp/WindowsLiveWriter-429641856/supfilesFBD65/image16.png -
7/23/2019 Cross Forest Migration Guide Exchange 2010 to Exchange 2010
15/16
Or just login to a client machine and change the password at first logon
Great!! You able to login in Target Forest Success fully!!
http://c/Users/v-9saman/AppData/Local/Temp/WindowsLiveWriter-429641856/supfilesFBD65/image24.png -
7/23/2019 Cross Forest Migration Guide Exchange 2010 to Exchange 2010
16/16
Step 12:
To Move the Users in Bulk
See-Cross forest Move Mailbox in Bulk Exchange2010 to Exchange 2010
Step 13:
If you doesnt want to share free/busy information as of now. Skip it
If you want to share Free/busy information across forests. If source domain is always going to exist even after migration. I would recommendcreating Federation Trust which is free of service from Microsoft to share free busy information.
If you dont want to go for Federation and still you can share free busy using below methodSee -
How to Configure Cross forest Availability Service (Free/Busy,Autodiscover) Exchange 2010 to Exchange 2010
Happy Cross forest Migration!!
Hope I covered everything and made it as much simpler as I can!!
For any queried please drop an email to [email protected]
Thank you!!
Regards
Satheshwaran Manoharan
http://careexchange.in/cross-forest-move-mailbox-in-bulk-exchange2010-to-exchange-2010/http://careexchange.in/cross-forest-move-mailbox-in-bulk-exchange2010-to-exchange-2010/http://careexchange.in/cross-forest-move-mailbox-in-bulk-exchange2010-to-exchange-2010/http://careexchange.in/how-to-configure-cross-forest-availability-service-freebusyautodiscover-exchange-2010-to-exchange-2010/http://careexchange.in/how-to-configure-cross-forest-availability-service-freebusyautodiscover-exchange-2010-to-exchange-2010/http://careexchange.in/how-to-configure-cross-forest-availability-service-freebusyautodiscover-exchange-2010-to-exchange-2010/mailto:[email protected]:[email protected]:[email protected]:[email protected]://careexchange.in/how-to-configure-cross-forest-availability-service-freebusyautodiscover-exchange-2010-to-exchange-2010/http://careexchange.in/cross-forest-move-mailbox-in-bulk-exchange2010-to-exchange-2010/