Cross domain mailbox migration Exchange 2010
I inherited a network which uses an internal domain of "domain1.com" and they do not own the name thus we cannot properly secure with SSL certain things such as OWA. We are in s situation where moving from Exchange 2007 to Exchange 2010 is a required migration. I determined that when doing so it would be beneficial to make a new domain such as "domain2.local" so that we can properly secure the needed elements.
My question is: What is the best route to migrating users/mailboxes to this new domain and Exchange 2010?
My initial thought was to create a new forest to avoid active directory pollution but I don't think we can really migrate users even via a domain trust. The caveat of this process is that we will not be able to move every user at once, so I would need the ability to move users over one at a time when time is available. I believe the only way to do this is at least have the new domain in the same forest, but I don't know if even this is possible. I have a new bare metal and two virtual machines to use for this new domain. Any insight on this situation is greatly appreciated.
My question is: What is the best route to migrating users/mailboxes to this new domain and Exchange 2010?
My initial thought was to create a new forest to avoid active directory pollution but I don't think we can really migrate users even via a domain trust. The caveat of this process is that we will not be able to move every user at once, so I would need the ability to move users over one at a time when time is available. I believe the only way to do this is at least have the new domain in the same forest, but I don't know if even this is possible. I have a new bare metal and two virtual machines to use for this new domain. Any insight on this situation is greatly appreciated.
ASKER
JJ,
that actually doesn't solve the SSL issue considering the inside domain name is a .com that isn't owned by the client. Therefore when obtaining a certificate from a CA they will not secure the internal domain which causes errors using Outlook.
The issue at hand however is not the SSL but rather the ability to migrate users one at a time from one domain to another and one Exchange server to another. Certainly I could install the new Exchange server in the same domain and continue to have the SSL issues but we will be integrating a Cisco phone system and using Unified Communications so I will need to be able to secure many elements of the network.
Also, the current domain controller is a 2003 Server and the domain functional level is Windows Server 2003. I want the new domain to be at 2008 level and will not have any legacy machines part of the new domain.
that actually doesn't solve the SSL issue considering the inside domain name is a .com that isn't owned by the client. Therefore when obtaining a certificate from a CA they will not secure the internal domain which causes errors using Outlook.
The issue at hand however is not the SSL but rather the ability to migrate users one at a time from one domain to another and one Exchange server to another. Certainly I could install the new Exchange server in the same domain and continue to have the SSL issues but we will be integrating a Cisco phone system and using Unified Communications so I will need to be able to secure many elements of the network.
Also, the current domain controller is a 2003 Server and the domain functional level is Windows Server 2003. I want the new domain to be at 2008 level and will not have any legacy machines part of the new domain.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
JJ,
Thanks for the link, that will help a lot but after a quick browse it doesn't seem to be "easily done" as you mentioned. However as long as it can be done I am a happy camper! Thanks!
Thanks for the link, that will help a lot but after a quick browse it doesn't seem to be "easily done" as you mentioned. However as long as it can be done I am a happy camper! Thanks!
If you want to change your internal DNS, you will need to create a new forest since the issue is with your top level domain. That said, you could just use a different domain name externally, which would solve the SSL issue.
JJ