Exchange 2010 Cross Forest Migration: The case of the missing User Account Attributes
Recently I encountered a situation where the client created a new active directory forest was created and all user objects were “migrated” to the new forest. The legacy forest was left intact as Exchange 2003 was not migrated. All applications and other services were migrated to the new forest while Exchange was the only service remaining in the legacy forest. The users accessed their mailboxes via an account in the legacy forest.
I was engaged by the client to design, deploy and migrate to Exchange 2010 SP1 in the new forest. Once this was all setup and configured, migrating the mailbox should be a walk in the park with the power of the Exchange Management Shell. However, in my initial review of the new and old forests, I should have checked the following with the client:
- How were the user accounts migrated? i.e. was a tool used to migrate the accounts? If so, which tool?
- If a tool was indeed employed, which user account attributes were migrated in the migration process?
These questions are very important especially if SIDHistory was not migrated as an attribute on the user account.
Why you might ask is this important. Prior to migrating any mailboxes to an Exchange 2010 organization, the user account should possess the following attributes:
- msExchMailboxGUID
- msExchArchiveGUID
- msExchArchiveName
Microsoft has made this easy. I know there are bloggers out there who couldn’t get this working. After some serious research, soul-searching and more than a few cups of coffee, I produced a process that worked. This process is long-winded but I will point out that some alternatives could be faster.
In order to use the Prepare-NewMoveRequest.ps1 script to populate the above attributes from the legacy forest, the target user account in the new forest needed the following user attributes to be populated BEFORE running the Prepare-NewMoveRequest.ps1 script:
- Proxyaddresses
- Mailnickname
(Courtesy of James Techman @ Exchange Tips: http://msexchangetips.blogspot.com/2011/01/cannot-create-mail-enabled-user-because.html)
Populating these three attributes can be achieved by using either of the following tools:
- ADMT Santhosh Sivaranjan’s blog post on User Account Migration and Merging – Part 1 does an excellent job of walking through this process. If the correct attributes are migrated using ADMT, the Prepare-NewMoveRequest.ps1 will not be required before moving mailboxes cross forest to Exchange 2010.
- VBScript. There is an awesome VB script written by Michel de Rooij who lost patience with the Prepare-NewMoveRequest.ps1. His post: Cross-Forest Mailbox Move (2) provides an excellent VB script to get you moving really fast.
- AdModify.Net – this is the lazy and long route. Since the environment I was in was a relatively small, i.e. 600 users, I decided that this is the method I would use to modify these attribute. I liked this option since it allowed me to use a GUI or cmd version of the tool. A detailed process and description of the tool can be found in this article Using ADModify – A real world example
The one thing that took me down this road is that the tool is very easy to use, there weren’t many users and most importantly, all the attributes MATCHED. In other words, if the user name was FIRST NAME: Instant, LAST NAME Coffee, and then the attributes on this account would be as follows:
proxyAddress: icoffee@morecoffeeany1.com
mail: icoffee@morecoffeeany1.com
mailNickname: icoffee
This was pretty much guaranteed. With these attributes copied across from the source forest, I had no problem running the Prepare-NewMoveRequest.ps1 script at all. This tool was a no brainer.
NOTE: The best guidance I got which actually made the Prepare-NewMoveRequest.ps1 script work was to follow Yoganandhan Ganesan’s method of specifying the distinguished name of the legacy forest user and the OU DN of the target user when using –UseLocalObject switch. Check out the blog post: http://yogates.blogspot.com/2011/03/exchange-2010-moving-mailboxes-back-to.html
In summary, before attempting a cross-forest move of mailboxes, understand the user attributes required for moving mailboxes and understand how the tools work. This is not a big deal but could trip you up if you don’t know this minor detail. For more information on Prepare-NewMoveRequest.ps1, see: Prepare Mailboxes for Cross-Forest Moves Using the Prepare-MoveRequest.ps1 script in the Shell.
PS: LDIFDE could also be used to capture the above attributes but I didn’t feel that this was the right direction. If this tool floats your boat, then review this post by Bharat Suneja http://exchangepedia.com/2006/03/how-to-find-an-email-address-in-active-directory.html
No comments yet.
Leave a Reply
-
Recent
- Exchange 2010 Cross Forest Migration: The case of the missing User Account Attributes
- Exchange 2010 Cross-Forest (Cross-org) Client Migration Planning
- Vonage – Firewall
- Exchange 2010 SP1 (Beta)
- Exchange 2010 RTM: ActiveSync and the Personal Archive
- Exchange 2010 DAG Implementation
- Upgrade Exchange 2003 Default Address Policy & Address Lists to Exchange 2010
- External HA failover in multiple Internet facing Exchange 2010 sites
- Configuring IE Enhanced Security Configuration on Windows 2008 R2
- Building NLB Exchange 2010 RTM CAS / HT Servers (Hyper-V) – Part 3
- Building NLB Exchange 2010 RTM CAS / HT Servers (Hyper-V) – Part 2
- Building NLB Exchange 2010 RTM CAS / HT Servers (Hyper-V) – Part 1
-
Links
- Belgium Exchange Pro's
- D Golman's Blog – Exchange Escalation Engineer
- Joe Richard's AD Site
- Eric Walter's Exchange Blog
- Harold Wong's Blog
- Exchange Server Team (You Had Me At EHLO)
- Steve Thompson – ConfigManager MVP
- My LinkedIn Profile
- Chris and Robin's Technology Blog
- Jeff Guilet's Expta Blog
- Hugh Marlor's AllUnified Blog
- Elan Shudnow's Blog
Visitor Locations
