Learn Exchange the Guru way !!!


Cross Forest E2K3 to 2010 Mailbox Migration with linked Mailboxes

I couldn’t find a proper document on performing a cross forest mailbox migration, so here we go…

This document has following assumptions:

  1. Source and Target forest have one way trust
  2. All CAS, HT and MBX servers are installed
  3. All certificated are installed
  4. Send and Receive connectors are configured
  5. Accepted domain and email address policy is configured.
  6. Disclaimer and any other exchange compliance or security rule configured.
  7. Antivirus and antispam are installed and configured.
  8. All the required ports are open between Exchange 2003 server to Exchange 2010 server
  9. Post migration users and mailboxes will be in a separate resource and exchange forest environment.

Steps to perform the Move mailbox:

  1. Extract all the emails of the user to PST so that any corrupt should not stop any migration or any big mailbox does not take hours to migrate. This is an optional step.
  2. Extract the AD attributes of the users like samaccountname, mailnickname, mail, proxyaddresses, homemdb, Publicdelegates, PublicdelegatesBL, Altrecipients, mail, mdbusedefaults by using csvde cmd or any AD extraction tool.
  3. Inform the user about the following either by email or in a session or call
    1. Mailbox migration time so that user can expect some downtime
    2. Explain the changes and new features in exchange 2010.
    3. Explain the issues and the solution during the coexistence.
  4. Prepare a new move request

    • Login on the target domain with the user which have permissions in both the exchange org/forest
    • Open the powershell and run the following commands to save the source domain credential. Keep the Powershell open until we finish this document.

                                             $Rcred = Get-Credential

    • Run the following commands to save the Local domain credential. We can skip this if the logged in user have enough permissions

                                             $Lcred = Get-Credential

    • Go to the v14scripts directory in powershell & Run the following command to create a new move request

Prepare-MoveRequest.ps1 -Identity “useremailid” -RemoteForestDomainController “Source Domain Controller FQDN”
-RemoteForestCredential $Rcred -LocalForestDomainController “Target Domain Controller Fqdn” -LocalForestCredential $Lcred -LinkedMailUser -TargetMailUserOU “DN of new user OU”


        Use the following additional Commands for bulk users

  1. Create a csv file with the email ids of the users as per screenshot.
  2. Run the following cmd from powershell after going to v14scripts directory

    • $Users = get-content “pathname.csv of csv file”.
    • Run the following cmd

Foreach ($User in $Users) {.Prepare-MoveRequest.ps1 –identity $User -RemoteForestDomainController “Source Domain Controller FQDN” -RemoteForestCredential $Rcred -LocalForestDomainController “Target Domain Controller Fqdn” -LocalForestCredential $Lcred -LinkedMailUser -TargetMailUserOU “DN of new user OU”}

5. Move the user mailbox

  • Run the following command from the same powershell for single user

New-MoveRequest -Identity “useremailid” -RemoteLegacy -TargetDatabase “E2K10 Mailbox Database Name” -RemoteGlobalCatalog “Source Domain Controller/GC FQDN” -RemoteCredential $Rcred -TargetDeliveryDomain “TargetDomainName” -baditemlimit 30


  • Run the following command from the same powershell for bulk users

Get-content “pathname.csv of csv file” | New-MoveRequest -RemoteLegacy -TargetDatabase “E2K10 Mailbox Database Name” -RemoteGlobalCatalog “Source Domain Controller/GC FQDN” -RemoteCredential $Rcred -TargetDeliveryDomain “TargetDomainName” -baditemlimit 30

6. Additional command for changing the mailbox icon to a linked mailbox icon. This can be ignored

  • Disable the user by using the same powershellDisable-Mailbox -Identity User1
  • Reconnect the mailbox with the following command

Connect-Mailbox -Identity User1 -Database “Mailbox Database” –LinkedDomainController “Source Domain Controller/GC FQDN” -LinkedMasterAccount “email id of user login (source) domain” -LinkedCredential $Rcred

7. We should be done with the mailbox migration by this time. Now we need to give enough time to get the domain controller replication.

8. Once domain controllers are replicated check the user connectivity. Verify outlook and OWA working. Ensure Outlook is connecting to the correct mailbox server. If required reconfigure outlook.

End of mailbox migration.


Prepare-MoveRequest.ps1 This is the script comes with the exchange 2010 for the preparation of the move mailbox
Identity The Identity parameter uniquely identifies a mailbox in the source forest. Identity can be any of the following:
Common name (CN)
proxyAddress property
RemoteForestCredential The RemoteForestCredential parameter specifies the administrator who has permissions to copy data from the source forest Active Directory.
RemoteForestDomainController The RemoteForestDomainController parameter specifies a domain controller in the source forest where the mailbox resides.
LinkedMailUser The LinkedMailUser switch specifies whether to create a linked MailUser in the local forest for the mailbox user in the remote forest.
If the switch is provided, the script creates a target MailUser object linked to the source mailbox. If the switch is omitted, the script creates a regular target MailUser object.
LocalForestCredential The LocalForestCredential parameter specifies the administrator with permissions to write data to the target forest Active Directory.
LocalForestDomainController The LocalForestDomainController parameter specifies a domain controller in the target forest where the mail-enabled user will be created.
MailboxDeliveryDomain The MailboxDeliveryDomain parameter specifies an authoritative domain of the source forest so that the script can select the correct source mailbox user’s
proxyAddress property as the target mail-enabled user’s targetAddressproperty.
By default, the primary SMTP address of the source mailbox user is set as the targetAddressproperty of the target mail-enabled user.
TargetMailUserOU The TargetMailuserOU parameter specifies the organizational unit (OU) under which the target mail-enabled user will be created.
RemoteCredential The RemoteCredential parameter specifies an administrator who has permission to perform the mailbox move, for example,
This parameter requires the creation and passing of a credential object. This credential object is created by using the Get-Credential cmdlet.
RemoteGlobalCatalog The RemoteGlobalCatalog parameter specifies the fully qualified domain name (FQDN) of the global catalog server for the remote forest.
RemoteLegacy The RemoteLegacy switch specifies that this mailbox move is from a remote forest that doesn’t have Exchange 2010 installed. You don’t have to specify a value with this parameter.
BadItemLimit The BadItemLimit parameter specifies the number of bad items to skip if the request encounters corruption in the mailbox. Use 0 to not skip bad items.
The valid input range for this parameter is from 0 through 2147483647. The default value is 0.
We recommend that you keep the default value 0 and only change the BadItemLimit parameter value if the request fails.
TargetDatabase The TargetDatabase parameter specifies the identity of the database that you’re moving the mailbox to.
If you don’t specify the TargetDatabase parameter, the command uses the automatic mailbox distribution logic to determine the database to move to.
TargetDeliveryDomain The TargetDeliveryDomain parameter specifies the FQDN of the external e-mail address created in the source forest for the mail-enabled user when the move request is complete.
This parameter is allowed only when performing remote moves with the Remote or RemoteLegacyparameter.
New-MoveRequest This is a command to move the mailbox.
LinkedCredential The LinkedCredential parameter specifies credentials to use to access the domain controller specified by the LinkedDomainController parameter.
This parameter is optional, even if you’re enabling a linked mailbox.
LinkedDomainController The LinkedDomainController parameter specifies the domain controller in the forest where the user account resides, if this mailbox is a linked mailbox.
The domain controller in the forest where the user account resides is used to get security information for the account specified by the LinkedMasterAccount parameter.
This parameter is required only if you’re connecting a linked mailbox.
LinkedMasterAccount The LinkedMasterAccount parameter specifies the master account in the forest where the user account resides, if this mailbox is a linked mailbox.
The master account is the account to which the mailbox links. The master account grants access to the mailbox. You can use one of the following values:
Distinguished name (DN)
User principal name (UPN)
This parameter is required only if you’re connecting a linked mailbox.
Connect-Mailbox cmdlet to connect a disconnected mailbox to an Active Directory user object
Get-Content This will fetch the contents from the file path and name mentioned.
Foreach Statement repeats a group of embedded statements for each element in an array or an object collection


Prabhat Nigam

Team @MSExchangeGuru

27 Responses to “Cross Forest E2K3 to 2010 Mailbox Migration with linked Mailboxes”

  1. Scot Says:

    Hi Team,

    Could you please tell me as to where i can see the screenshot for this document located in step 4 of Cross Forest E2K3 to 2010 Mailbox Migration with linked Mailboxes?
    I really need to know how the CSV file will look.
    “Create a csv file with the email ids of the users as per screenshot”.


  2. Peter Says:

    Can’t see the screenshot either.

  3. Prabhat Says:

    here is it.

  4. wizkiddAssKicker Says:

    This article is kinda stupid in a way. why do this stupid guy is running preparemoverequest.ps1 with -linkedmailuser ? when the user accounts are still present in source forest and logging into the e2k3 forest and ADMT hasnt been run, why would you run the script with “-linkedmailuser” parameter. The explanation as you have mentioned above (copy and paste from technet) says “The LinkedMailUser switch specifies whether to create a linked MailUser in the local forest for the mailbox user in the remote forest. If the switch is provided, the script creates a target MailUser object linked to the source mailbox. If the switch is omitted, the script creates a regular target MailUser object”.
    Simpler approach, Use preparemoverequest without -linkedmailuser parameter, and let it create a simple mail enabled user in the e2k10 forest. move the mailbox and in case you need linked mailboxes (if your are not moving users with admt at this time), follow the same procedure mentioned above to convert it to linked mailbox.
    Makes senes ? why increase complexity. Follow the simplest process.

  5. Wizkid Says:

    This article guiding you to use the same authentication forest but different mailbox forest.
    Linked mailbox are being used in cloud and resource forest scenarios.
    This is not a simple cross forest migration article. I would recommend you to read technet about the linked mailboxes and its requirements


  6. swarn singh chawla Says:


    pls sent the document for Microsoft server SBS 2003 to Microsoft Server SBS 2011 Migration details

    Swarn Singh Chawla

  7. Prabhat Nigam Says:

    Hi Swarn,

    Kindly try this and share the issues.

  8. Lenard Says:

    Having read this I believed it was really informative. I appreciate you spending some time and energy to put
    this article together. I once again find myself personally spending a significant amount
    of time both reading and commenting. But so what,
    it was still worthwhile!

  9. outlook sign in Says:

    Awesome issues here. I’m very happy to look your post. Thanks a lot and I am looking ahead to touch you. Will you kindly drop me a mail?

  10. Cleta bautista Says:

    Appreciating the commitment you put into your website and in depth information you offer.

    It’s nice to come across a blog every once in a while that isn’t the same old rehashed information.
    Fantastic read! I’ve bookmarked your site and I’m including your RSS feeds to my Google account.

  11. Exchange 2013: Cross Forest/ORG Migration from Exchange 2010/2007 « Says:

    […] Cross Forest E2K3 to 2010 Mailbox Migration with linked Mailboxes – […]

  12. JVASCO Says:


    After Prepare-MoveRequest, a weird x500 address is appended to ex2003 user like /cn=recipients/cn=myuserfd886837

    How to avoid this problem?


  13. Prabhat Nigam Says:

    If it is done by prepare-moverequest then it is not a problem, it is a preparation to move the mailbox. Are you facing any issue with it?

  14. JVASCO Says:

    Thanks Prabhat.
    At Ex2010 the x500 ends with cn=myuser, but at Ex2003 the x500 ends with cn=myuserfd886837

    Is this a normal behavior?

    Does the x500 at Ex2003 should ends with cn=myuserfd886837 when the user name is myuser?


  15. Prabhat Nigam Says:

    yes this is normal. Check your users legacyexchangedn value. it might be same.

  16. JVASCO Says:

    Thanks Prabhat.

    The Ex2010 target forest is user empty forest (there are no users/mailboxes). The Ex2010 mailboxes will be linked mailboxes. Then there are no legacyexchangedn value.


  17. Prabhat Nigam Says:

    check the current value in source.

  18. JVASCO Says:

    Thanks Prabhat,

    At source forest the legacyExchangeDN value ends with cn=myuser. Is It needed user accounts exist at Ex2010 target forest prior mailbox migration?


  19. Prabhat Nigam Says:

    Prepare move request should create it.

  20. JVASCO Says:

    Thanks Prabhat.

    There are no problems with migration process. There are no problems when at Ex2003 the x500 ends with cn=myuserfd886837

    Thanks for your valuable help.

  21. vivek joshi Says:

    we have followed this post but we have faced the error “source domain controller unavailable or authentication failed” we don’t understand which part we are missing so please reply your feedback really help full for us

  22. Prabhat Nigam Says:

    Looks like login failure. Probably wrong password.

  23. vivek.joshi Says:

    We have successfully created the session. Both target and source credential are accessible but Prepare-MoveRequest.ps1 command not working

  24. Prabhat Nigam Says:

    Check the permission to you login ID

  25. vivek.joshi Says:

    thanks its working but we are facing another problem as follow

    C:\Users\vivek.joshi\Desktop\Scripts\Prepare-MoveRequest.Ps1 : Error while creating MEU. Error:Error creating mailuser CN=,CN=Users,DC=softobiz,DC=net in local
    forest or setting its mandatory attributes. Error: Exception calling “Exists” with “1” argument(s): “A referral was returned from the server.

    At line:14 char:1
    + C:\Users\vivek.joshi\Desktop\Scripts\Prepare-MoveRequest.Ps1 -Identity $mail -Re …
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
    + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Prepare-MoveRequest.Ps1

    0 mailbox(s) ready to move.

    please give some advice

  26. Prabhat Nigam Says:

    Now it looks like permissions in the destination

  27. vivek.joshi Says:

    We have a full permission for both source and destination. we are using administrator account. we don’t know where we are missing we don’t find the mailbox for move

Leave a Reply

migrate exchange to office 365