How to do a migration from one organization to another?
In this case it’s about Exchange 2003 organization (legacy) to Exchange 2010
They are totally separated by individual domains, network connection has been established between the domains and two-way trusts have been setup.
Company A à Company B
I’ve created up an account in the target domain called; admt.
The account is added to domain administrator for target.local and the built-in administrators group in the source domain.
To get the passwoed migration to work I needed to:
First on the DC in target domain I installed ADMT ver 3.0 and then run the following command from cmd
“admt key /opt:create /sd:source /kf:c:\key”
In the source domain I needed to create a local group named sourcedomain$$$
A little registry change needs to be done:
“HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa” Create a new DWORD value called TcpipClientSupport and configure it with a value of 1
Install the ADMT password migration DLL on the server from I386\ADMT\Pwdmig folder on the Windows Server 2003 CD-ROM or from C:\Windows\ADMT\PES
Then in the installation point on the pes file created previously on the target/destination DC
Reboot when the settings and installation are done.
When password migration is done, remove the DWORD and reboot the source DC.
On the target side I needed to do some things:
Enable auditing for success and failures for account management in your default domain controllers policy in the target domain
Also verify that the account that’s going to be used in the migration has the appropriate permissions and that the Password Export Server Service is started.
We’re ready to start the user migration from the source domain to the target domain using ADMT.
In my case I had a little problem migrating the accounts because they didn’t have any password so I had to set password for them
Here’s an example I used to set password for all users in a OU
“dsquery user “ou=source,dc=source,dc=local” -limit 0 | dsmod user -pwd P@ssw0rd >password.log”
Now it’s time for the mailbox to move from one organization to another, this could be a little problematic.
I’ve done the following steps to move the mailbox from Exchange 2003 to 2010.
Then move will be an offline move, this means that the client will be disconnected when the move starts.
There are a lot of suffixes for how to move the mailbox if need exists.
These suffixes of commands can be found here:
First step is: Typing in the password for the local forest/domain by starting EMS and typing in
$Local = Get-Credential
Second step is to type in the password for the source forest/domain
$Remote = Get-Credential
It’s time to prepare the move by identifying the user/mailbox
./Prepare-MoveRequest.Ps1 -Identity email@example.com -RemoteForestDomainController server01.source.local -RemoteForestCredential $Remote -LocalForestDomainController server02.target.local -LocalForestCredential $Local
This is done by using the official prepare-moverequest script, it can be found here:
When the prepare is set, the move request can be set
New-MoveRequest -Identity firstname.lastname@example.org -RemoteLegacy -TargetDatabase “DB” -RemoteGlobalCatalog server01.source.local -RemoteCredential $Remote -TargetDeliveryDomain “target.local”
The move have started, to check the progress run:
Get-MoveRequestStatistics -id username
When the move is done, the move-request needs to be removed by typing in:
Remove-MoveRequest –id username
The problems I have discovered were that for some reason the attribute “msExchMailboxGuid” didn’t migrate to the new account in the target domain.
This can be solved by either: copy and paste the information manual or by using IIFP.
In my case I did a manual copy and paste because this is a lab environment.
The last problem, I wasn’t able to create the MoveRequest because it couldn’t find the mailbox/user for some reason and this seems to be a bug and can be solved by on the target mailbox server adding the dns suffix of both the target and the source domain.
Hope this helps someone that will make this procedure!
Don’t hesitate to leave comments and feedback