MSExchangeGuru.com

I couldn’t find a proper document on performing a cross forest mailbox migration, so here we go…

This document has following assumptions:

1. Source and Target forest have one way trust
   
2. All CAS, HT and MBX servers are installed
   
3. All certificated are installed
   
4. Send and Receive connectors are configured
   
5. Accepted domain and email address policy is configured.
   
6. Disclaimer and any other exchange compliance or security rule configured.
   
7. Antivirus and antispam are installed and configured.
   
8. All the required ports are open between Exchange 2003 server to Exchange 2010 server
   
9. Post migration users and mailboxes will be in a separate resource and exchange forest environment.
   

Steps to perform the Move mailbox:

1. Extract all the emails of the user to PST so that any corrupt should not stop any migration or any big mailbox does not take hours to migrate. This is an optional step.
   
2. Extract the AD attributes of the users like samaccountname, mailnickname, mail, proxyaddresses, homemdb, Publicdelegates, PublicdelegatesBL, Altrecipients, mail, mdbusedefaults by using csvde cmd or any AD extraction tool.
   
3. Inform the user about the following either by email or in a session or call
   
   1. Mailbox migration time so that user can expect some downtime
      
   2. Explain the changes and new features in exchange 2010.
      
   3. Explain the issues and the solution during the coexistence.
      
4. Prepare a new move request

   • Login on the target domain with the user which have permissions in both the exchange org/forest
     
   • Open the powershell and run the following commands to save the source domain credential. Keep the Powershell open until we finish this document.

                                            $Rcred = Get-Credential

   

   • Run the following commands to save the Local domain credential. We can skip this if the logged in user have enough permissions
     

                                            $Lcred = Get-Credential
   

   • Go to the v14\scripts directory in powershell & Run the following command to create a new move request
     

Prepare-MoveRequest.ps1 -Identity “useremailid” -RemoteForestDomainController “Source Domain Controller FQDN”
-RemoteForestCredential $Rcred -LocalForestDomainController “Target Domain Controller Fqdn” -LocalForestCredential $Lcred -LinkedMailUser -TargetMailUserOU “DN of new user OU”

Or

        Use the following additional Commands for bulk users

1. Create a csv file with the email ids of the users as per screenshot.
   
2. Run the following cmd from powershell after going to v14\scripts directory

   • $Users = get-content “path\name.csv of csv file”.
     
   • Run the following cmd
     

Foreach ($User in $Users) {.\Prepare-MoveRequest.ps1 –identity $User -RemoteForestDomainController “Source Domain Controller FQDN” -RemoteForestCredential $Rcred -LocalForestDomainController “Target Domain Controller Fqdn” -LocalForestCredential $Lcred -LinkedMailUser -TargetMailUserOU “DN of new user OU”}

5. Move the user mailbox

• Run the following command from the same powershell for single user
  

New-MoveRequest -Identity “useremailid” -RemoteLegacy -TargetDatabase “E2K10 Mailbox Database Name” -RemoteGlobalCatalog “Source Domain Controller/GC FQDN” -RemoteCredential $Rcred -TargetDeliveryDomain “TargetDomainName” -baditemlimit 30

Or

• Run the following command from the same powershell for bulk users
  

Get-content “path\name.csv of csv file” | New-MoveRequest -RemoteLegacy -TargetDatabase “E2K10 Mailbox Database Name” -RemoteGlobalCatalog “Source Domain Controller/GC FQDN” -RemoteCredential $Rcred -TargetDeliveryDomain “TargetDomainName” -baditemlimit 30

6. Additional command for changing the mailbox icon to a linked mailbox icon. This can be ignored

• Disable the user by using the same powershellDisable-Mailbox -Identity User1
• Reconnect the mailbox with the following command
  

Connect-Mailbox -Identity User1 -Database “Mailbox Database” –LinkedDomainController “Source Domain Controller/GC FQDN” -LinkedMasterAccount “email id of user login (source) domain” -LinkedCredential $Rcred

7. We should be done with the mailbox migration by this time. Now we need to give enough time to get the domain controller replication.

8. Once domain controllers are replicated check the user connectivity. Verify outlook and OWA working. Ensure Outlook is connecting to the correct mailbox server. If required reconfigure outlook.

End of mailbox migration.

Glossary

Prepare-MoveRequest.ps1	This is the script comes with the exchange 2010 for the preparation of the move mailbox
Identity	The Identity parameter uniquely identifies a mailbox in the source forest. Identity can be any of the following:
	Common name (CN)
	Alias
	proxyAddress property
RemoteForestCredential	The RemoteForestCredential parameter specifies the administrator who has permissions to copy data from the source forest Active Directory.
RemoteForestDomainController	The RemoteForestDomainController parameter specifies a domain controller in the source forest where the mailbox resides.
LinkedMailUser	The LinkedMailUser switch specifies whether to create a linked MailUser in the local forest for the mailbox user in the remote forest.
	If the switch is provided, the script creates a target MailUser object linked to the source mailbox. If the switch is omitted, the script creates a regular target MailUser object.
LocalForestCredential	The LocalForestCredential parameter specifies the administrator with permissions to write data to the target forest Active Directory.
LocalForestDomainController	The LocalForestDomainController parameter specifies a domain controller in the target forest where the mail-enabled user will be created.
MailboxDeliveryDomain	The MailboxDeliveryDomain parameter specifies an authoritative domain of the source forest so that the script can select the correct source mailbox user’s proxyAddress property as the target mail-enabled user’s targetAddressproperty.
	By default, the primary SMTP address of the source mailbox user is set as the targetAddressproperty of the target mail-enabled user.
TargetMailUserOU	The TargetMailuserOU parameter specifies the organizational unit (OU) under which the target mail-enabled user will be created.
RemoteCredential	The RemoteCredential parameter specifies an administrator who has permission to perform the mailbox move, for example, Administrator@humongousinsurance.com.
	This parameter requires the creation and passing of a credential object. This credential object is created by using the Get-Credential cmdlet.
RemoteGlobalCatalog	The RemoteGlobalCatalog parameter specifies the fully qualified domain name (FQDN) of the global catalog server for the remote forest.
RemoteLegacy	The RemoteLegacy switch specifies that this mailbox move is from a remote forest that doesn’t have Exchange 2010 installed. You don’t have to specify a value with this parameter.
BadItemLimit	The BadItemLimit parameter specifies the number of bad items to skip if the request encounters corruption in the mailbox. Use 0 to not skip bad items. The valid input range for this parameter is from 0 through 2147483647. The default value is 0. We recommend that you keep the default value 0 and only change the BadItemLimit parameter value if the request fails.
TargetDatabase	The TargetDatabase parameter specifies the identity of the database that you’re moving the mailbox to. If you don’t specify the TargetDatabase parameter, the command uses the automatic mailbox distribution logic to determine the database to move to.
TargetDeliveryDomain	The TargetDeliveryDomain parameter specifies the FQDN of the external e-mail address created in the source forest for the mail-enabled user when the move request is complete. This parameter is allowed only when performing remote moves with the Remote or RemoteLegacyparameter.
New-MoveRequest	This is a command to move the mailbox.
LinkedCredential	The LinkedCredential parameter specifies credentials to use to access the domain controller specified by the LinkedDomainController parameter. This parameter is optional, even if you’re enabling a linked mailbox.
LinkedDomainController	The LinkedDomainController parameter specifies the domain controller in the forest where the user account resides, if this mailbox is a linked mailbox. The domain controller in the forest where the user account resides is used to get security information for the account specified by the LinkedMasterAccount parameter.
	This parameter is required only if you’re connecting a linked mailbox.
LinkedMasterAccount	The LinkedMasterAccount parameter specifies the master account in the forest where the user account resides, if this mailbox is a linked mailbox. The master account is the account to which the mailbox links. The master account grants access to the mailbox. You can use one of the following values:
	GUID
	Distinguished name (DN)
	Domain\Account
	User principal name (UPN)
	LegacyExchangeDN
	SmtpAddress
	Alias
	This parameter is required only if you’re connecting a linked mailbox.
Connect-Mailbox	cmdlet to connect a disconnected mailbox to an Active Directory user object
Get-Content	This will fetch the contents from the file path and name mentioned.
Foreach	Statement repeats a group of embedded statements for each element in an array or an object collection

 

Prabhat Nigam

Team @MSExchangeGuru

Posted August 29th, 2011 under Exchange 2003, Exchange 2010. RSS 2.0 feed. Leave a response, or trackback.