4

Proposed project ahead, and a whole lot of documentation and options out there, so I was looking for opinions or advice.

I'm creating a brand new domain and installing Exchange 2010 in the environment. Server 2008 will be the DC. Is there a way to migrate existing mailboxes or entire mailstore to new domain, and then mapping those mailboxes to new user objects in the new domain (that will correlate to the old user objects....a manual process I'll be doing). Is this a smarter course of action, or should I use ExMerge to export/import the mail to empty mailboxes I create for the new user objects?

We don't want any of the ghosts of the old domain to come over, so creating from "scratch" is the intent. Obviously documenting, and then recreating, user objects, group membership, and permissions will be key. Just looking for some thoughts on how other users out there would attack this undertaking. There are arguments for maintaining the old setup for comparisons sake, and joining making the new DC part of the old domain, then doing a DOMAIN RENAME is intriguing, I hate being Wizard dependent and running into interrupted migrations and compatibility issues, leaving me dead in the water.

Silky
  • 142
  • 6
  • 1
    you will have a nightmare doing a domain rename from scratch and having everything "just work" like it did before (it will, but there will be a **lot** of fiddling). Are you absolutely sure this is what you want and can't get around it? – Ben Pilbrow Nov 17 '10 at 12:13
  • 1
    No no, I definitely DO NOT want to do a domain rename. I've done it once before when the Domain was setup with a non-preferred name, but no one was actively using it yet. The steps to take were quite daunting, and I was able to skip many steps due to the new domains simplicity. If any step failed, it would be a nightmare (as you aptly put it) to get it right again. I was mainly looking to see if one would Exmerge out the emails, and start fresh with new user objects and new emails, or if it would be better to migrate users and emails between domains. – Silky Nov 17 '10 at 14:23

2 Answers2

11

I can speak to how we handle our cross-forest mailbox migrations from our 2003 environment into our new 2010 environment. This process works reasonably well, except for a known issue that cross-forest mailboxes sometimes need a few hours to be recognized by Exchange 2010 (Or, you can restart the Information Store to get them up immediately)

Here's the process we use. There are alternate ways to make it happen, but this works for us in a production environment and we do this almost daily.

Prerequisites

  • You must have a domain trust between the old domain and new domain.
  • You need a user with administrative privileges on the old domain, or someone capable of managing the mailbox being moved.

Process

  1. Prepare the target forest with either microsoft's powershell script (could not locate a link for you) or use the method we use, the PrepareForestMove.vbs script by Michel de Rooij (http://eightwone.com/2010/02/11/cross-forest-mailbox-move-2/)
  2. Once the output confirms that the mailbox features are moved (Should look like below output.log), fire up powershell.
  3. Define your old forest admin/mailbox manager credential into a variable, ($foo = Get-Credential)
  4. Execute the following: New-MoveRequest -RemoteLegacy -Identity "foo@contoso.com" -RemoteGlobalCatalog "GC.contoso.com" -TargetDeliveryDomain "New.Forest.Domain.Com" -RemoteCredential $foo -verbose

Where

  • foo@contoso.com is an e-mail address assigned to the mailbox currently in the old system old.
  • GC.contoso.com is a global catalog in the old domain. It must be a global catalog! double check this, as it is not immediately apparent by the error if the server is not a GC.
  • new.forest.domain.com is the new delivery domain of the new forest. What this does is setup a forwarder in the old forest's exchange network that reroutes e-mail from the old mailbox to the new one at the new domain.

Additional info

output.log for PrepareForestMove looks similar to this:
[14:36] Start
[14:36] Reading names from users.txt
[14:36] doe.100: Syncing Exchange Attributes from doe.100
[14:36] Setting mail to John.Doe@contoso.com #8
[14:36] Setting mailNickname to doe.100 #8
[14:36] Setting msExchMailboxGuid to (B25A79608ABA6F4FA36E6C0AF3CB69BE) #8209
[14:36] Setting targetaddress to John.Doe@contoso.com #8
[14:36] Setting proxyAddresses to multi-value [smtp:John.Doe@old.contoso.com, smtp:doe.100@local, smtp:doe.100@contoso.com, SMTP:John.Doe@contoso.com, X400:c=us;a= ;p=contoso;o=Exchange;s=Doe;g=John;] #8204
[14:36] Adding X500:/o=contoso/ou=First Administrative Group/cn=Recipients/cn=doe.100 to proxyAddresses
[14:36] John.Doe@contoso.com
[14:36] Adding smtp:John.Doe@nlsa.contoso.com to proxyAddresses
[14:36] Setting msExchRecipientDisplayType to -2147483642 #3
[14:36] Setting msExchRecipientTypeDetails to 128 #2
[14:36] Setting legacyExchangeDN to /o=CTS/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=John Doe #8
[14:36] Finished

I would include the "expected" output of the New-MoveRequest verbose, but I don't have a mailbox to move at the moment to show. Suffice it to say, if you see lots of yellow spam without any red entries, things should be rocking and rolling just fine.

You can also check the status of the moverequest as it's processing by using Get-MoveRequestStatistics -Identity username

Oh, an additional item: If when you attempt to use the new mailbox you get an "Unable to open message store", this is the "known issue" I referred to above. If you have a Database Access Group setup, we've found that failing over the DAG to a secondary server usually clears this up without an info store reset, though in some cases you need to cycle all of the info stores! Microsoft hopefully will fix this in SP2 (apparently wasn't important enough for SP1)

Good luck, and I hope this helps!

Peter Grace
  • 3,456
  • 1
  • 27
  • 43
  • Peter, this is an EXCELLENT source of information, and thank you so much for posting. I'm sure you've helped out many, many people in the same boat as me who were lucky enough to find this. Two questions I have that aren't inherently clear in all my readings....is there a way to COPY the mailbox over instead of MOVE? There may be reasons for this not to be the case I'm unaware of, I just always like having copies with something on such a grand scale. Also, how to you associate the moved mailbox with the brand new user in the new Domain? – Silky Dec 06 '10 at 14:31
  • Silky, my apologies for not seeing this sooner! Glad to hear this helped. As far as I'm aware, there's not a way to copy-only, but you can do a -SuspendWhenReadyToComplete in the call to do all the synchronization short of doing the final migration I think. It might not work in 2003->2010 migrations, so be careful. Regarding association, that is handled with the vb script from Michel de Rooij. That script reads the internal exchange values from AD and duplicates the mailbox ID's on the destination, so the user gets the proper mailbox associations. – Peter Grace Aug 18 '11 at 17:59
1

You actually have both options that you talked about in your last comment. You can create a new DC/forest/domain, create user accounts, and then ExMerge / Export-Mailbox over for each newly-created user. You can also create a new forest, establish a trust, and then do cross-forest migrations.

Whenever possible I would vote to re-create the Active Directory domain and forest. You can move users and groups without too much issue using existing utilities (ldifde). Think about your OU design, as it makes using Group Policy (which is any Windows sysadmin's greatest ally) much easier.

My vote: Create a separate forest, import users and groups, design OU structure, and then export/import mailboxes from the old Exchange server, attaching them to the new users.

Jeff McJunkin
  • 1,372
  • 1
  • 8
  • 16