using Move2Mailbox when forests have same name...

hi all,

im following this article

http://msexchangehelp.wordpress.com/2010/03/23/gui-script-for-exchange-2003-to-exchange-2010-cross-forest-move-mailbox/

i have a problem

my source forest is named domain.local and my target forest is named domain.net

so when i put in the credentials the source and target come up for domain.net (the 2010 machine)

i typed in the source credentials manually but i cant type in source mailboxes

anyone have any ideas of what i can do?

THanks
LVL 1
awilderbeastAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
Chris DentConnect With a Mentor PowerShell DeveloperCommented:

Ahh that helps, looks like we've got a space again and it's failing to pass both the server and the credentials. That in turn causes the error with the main script.

Perhaps try it all on one line:

e:\move\Prepare-MoveRequest.ps1 -Identity test@domain.local -RemoteForestDomainController server01.domain.local -RemoteForestCredential $UserCredentials

Chris

0
 
Chris DentPowerShell DeveloperCommented:

Try entering credentials in the User Principal Name format? user@domain.local and user@domain.net.

HTH

Chris
0
 
awilderbeastAuthor Commented:
yeah thats what i did do, no luck :|

i also tried this

New-MoveRequest -Identity 'test@domain.local -RemoteLegacy -TargetDatabase Mailbox Database 123456789 -RemoteGlobalCatalog 'server1.domain.local' -RemoteCredential $Cred -TargetDeliveryDomain 'ex.domain.net'

found it from gooling, that didnt do anything at all :|

cheers
0
Free tool for managing users' photos in Office 365

Easily upload multiple users’ photos to Office 365. Manage them with an intuitive GUI and use handy built-in cropping and resizing options. Link photos with users based on Azure AD attributes. Free tool!

 
Chris DentPowerShell DeveloperCommented:

The NetBIOS name is the same in each case? Did you manage to create a trust between the two domains? Much of Move2Exchange seems to rely on a trust existing.

Chris
0
 
awilderbeastAuthor Commented:
yeah the netbios is the same they are both "domain" one is domain.local the other domain.net

no havent created a trust, should i?

all i did was add domain.local to domain.net dns
0
 
Chris DentPowerShell DeveloperCommented:

It's not explicitly listed as a requirement. It looks like it is if you use Move2Exchange, but not necessarily with New-MoveRequest.

What did New-MoveRequest return? It should have returned something.

Chris
0
 
awilderbeastAuthor Commented:
it returned >>

thats it didnt do anything other than that
0
 
Chris DentPowerShell DeveloperCommented:

Oh :)

The command isn't complete then, either you need to hit return once more, or you need to fix the code up a bit. I noticed a few errors in it, but I assumed it was copy / paste based.

This if the fixed-up version:


New-MoveRequest -Identity "test@domain.local" -RemoteLegacy `
  -TargetDatabase "Mailbox Database 123456789" `
  -RemoteGlobalCatalog "server1.domain.local" `
  -RemoteCredential $Cred -TargetDeliveryDomain "ex.domain.net"


You need $Cred first, I guess you've dealt with that? If not, run this first:


$Cred = Get-Credential


That'll be a username and password for the source domain.

The ` characters I've added above allow the command to continue over more than one line, leave them in, or remove them and put it all back on one line.

Chris
0
 
awilderbeastAuthor Commented:
i got

The operation couldn't be performed because object 'test@domain.local' couldn't be found on 'DC1.domain.net'.
    + CategoryInfo          : NotSpecified: (0:Int32) [New-MoveRequest], ManagementObjectNotFoundException
    + FullyQualifiedErrorId : 4E5084E3,Microsoft.Exchange.Management.RecipientTasks.NewMoveRequest

am i doing something the wrong way round here?

im moving from domain.local to domain.net

cheers
0
 
Chris DentPowerShell DeveloperCommented:

Hmm yes, that's the mailbox in the target domain, looks like it moves content only.

That's where this step comes in:

http://technet.microsoft.com/en-us/library/ee861103.aspx

The script they use there creates a copy of the user in the new domain (from the source). Then you can use that newly created user with New-MoveRequest to have the data pushed across.

Chris
0
 
awilderbeastAuthor Commented:
ok i created the user and mailbox on the newdomain

then run

$Cred = Get-Credential

New-MoveRequest -Identity "test@domain.net" -RemoteLegacy `
  -TargetDatabase "Mailbox Database 123456" `
  -RemoteGlobalCatalog "server01.domain.local" `
  -RemoteCredential $Cred -TargetDeliveryDomain "CH-EX.domain.net"

and this came out

You must use the RemoteTargetDatabase parameter for remote push move requests.
    + CategoryInfo          : InvalidArgument: (test@domain.net:MailboxOrMailUserIdParameter) [New-
   ientTaskException
    + FullyQualifiedErrorId : 132DCDD4,Microsoft.Exchange.Management.RecipientTasks.NewMoveRequest



after that didnt work i did

$UserCredentials = Get-Credential
e:\move\Prepare-MoveRequest.ps1 -Identity test@domain.local`
  -RemoteForestDomainController server01.domain.local`
  -RemoteForestCredential $UserCredentials

i ran this - like in the article and got this

Source Domain controller unavailable or authentication failed.
At E:\move\Prepare-MoveRequest.ps1:756 char:14
+         throw <<<<  "Source Domain controller unavailable or authentication failed."
    + CategoryInfo          : OperationStopped: (Source Domain c...ication failed.:String) [],
    + FullyQualifiedErrorId : Source Domain controller unavailable or authentication failed.


i ran both of these on the exchange 2010 server using exchange powershell
and i put the credentials of the 2003 server in for both scripts

any clues?
0
 
awilderbeastAuthor Commented:
oh i also cant create a trust between the old forest and the new forest using either machine to create it

i added dns records for both forests too, wont let me

on domain.net i tried create new trust > domain.local > windows trust > cannot continue

"the new trust wizard cannot contine the specified domain cannot be contacted

Either the domain does not exist, or network or other problems are preventing connection"

i can ping domain.local from dc1.domain.net now dns records are in there and still that doesnt work either
0
 
Chris DentPowerShell DeveloperCommented:

> oh i also cant create a trust between the old forest and the new forest using either
> machine to create it

Didn't think that would work, NetBIOS names need to be unique.

We shouldn't need it though.

Looking at syntax again.

Chris
0
 
awilderbeastAuthor Commented:
the syntax for which script?
0
 
Chris DentPowerShell DeveloperCommented:

Both :)

I'm surprised this doesn't work:

$UserCredentials = Get-Credential
e:\move\Prepare-MoveRequest.ps1 -Identity test@domain.local`
  -RemoteForestDomainController server01.domain.local`
  -RemoteForestCredential $UserCredentials

I guess you are able to resolve server01.domain.local to an IP address from the system running that script?

It's quite annoying, I can't see anything wrong with your syntax.

Chris
0
 
awilderbeastAuthor Commented:
yeah can reslove no probs, can reslove both ways, i created a primary dns zone in each forest so no probs there

when i implement the script above it ask me for credentials twice for some bizare reason

what does this error mean?

You must use the RemoteTargetDatabase parameter for remote push move requests.
    + CategoryInfo          : InvalidArgument: (test@domain.net:MailboxOrMailUserIdParameter) [New-
   ientTaskException
    + FullyQualifiedErrorId : 132DCDD4,Microsoft.Exchange.Management.RecipientTasks.NewMoveRequest

do i need to edit the code?
0
 
Chris DentPowerShell DeveloperCommented:

> i created a primary dns zone in each forest so no probs there

Primary? Not secondary? If it is Primary, which records did you create in the zone?

> do i need to edit the code?

It thinks you're requesting a push from the new domain back to the old. It's mistaken.

This is the only syntax reference I have:

http://technet.microsoft.com/en-us/library/dd351123.aspx

Note that it has three blocks of code at the top, the syntax for three different ways of running New-MoveRequest. We're trying to use the last of those, which means we must specify these (as you have done):

Identity
RemoteGlobalCatalog
RemoteLegacy
TargetDeliveryDomain

Can you run this and confirm that the command under Syntax matches up with the article I'm looking at?

Get-Help New-MoveRequest

Chris
0
 
awilderbeastAuthor Commented:
i just created a host record to reslove domain.net/local to the right ip addresses

i just tried to create a secondary it worked, but when i tried to transfer from master i got "refused"



[PS] C:\Windows\system32>Get-Help New-MoveRequest

NAME
    New-MoveRequest

SYNOPSIS
    Use the New-MoveRequest cmdlet to begin the process of an asynchronous mailbox move. You can also check mailbox rea
    diness to be moved by using the WhatIf parameter.


SYNTAX
    New-MoveRequest -Identity <MailboxOrMailUserIdParameter> [-BadItemLimit <Int32>] [-BatchName <String>] [-Confirm [<
    SwitchParameter>]] [-DomainController <Fqdn>] [-IgnoreRuleLimitErrors <SwitchParameter>] [-MRSServer <Fqdn>] [-Prot
    ect <SwitchParameter>] [-Suspend <SwitchParameter>] [-SuspendComment <String>] [-SuspendWhenReadyToComplete <Switch
    Parameter>] [-TargetDatabase <DatabaseIdParameter>] [-WhatIf [<SwitchParameter>]] [<CommonParameters>]

    New-MoveRequest -Identity <MailboxOrMailUserIdParameter> -Remote <SwitchParameter> -RemoteHostName <Fqdn> -TargetDe
    liveryDomain <Fqdn> [-BadItemLimit <Int32>] [-BatchName <String>] [-Confirm [<SwitchParameter>]] [-DomainController
     <Fqdn>] [-IgnoreRuleLimitErrors <SwitchParameter>] [-MRSServer <Fqdn>] [-Protect <SwitchParameter>] [-RemoteCreden
    tial <PSCredential>] [-RemoteGlobalCatalog <Fqdn>] [-RemoteOrganizationName <String>] [-RemoteTargetDatabase <Strin
    g>] [-Suspend <SwitchParameter>] [-SuspendComment <String>] [-SuspendWhenReadyToComplete <SwitchParameter>] [-Targe
    tDatabase <DatabaseIdParameter>] [-WhatIf [<SwitchParameter>]] [<CommonParameters>]

    New-MoveRequest -Identity <MailboxOrMailUserIdParameter> -RemoteGlobalCatalog <Fqdn> -RemoteLegacy <SwitchParameter
    > -TargetDeliveryDomain <Fqdn> [-BadItemLimit <Int32>] [-BatchName <String>] [-Confirm [<SwitchParameter>]] [-Domai
    nController <Fqdn>] [-IgnoreRuleLimitErrors <SwitchParameter>] [-MRSServer <Fqdn>] [-Protect <SwitchParameter>] [-R
    emoteCredential <PSCredential>] [-RemoteTargetDatabase <String>] [-Suspend <SwitchParameter>] [-SuspendComment <Str
    ing>] [-SuspendWhenReadyToComplete <SwitchParameter>] [-TargetDatabase <DatabaseIdParameter>] [-WhatIf [<SwitchPara
    meter>]] [<CommonParameters>]


DESCRIPTION
    You need to be assigned permissions before you can run this cmdlet. Although all parameters for this cmdlet are lis
    ted in this topic, you may not have access to some parameters if they're not included in the permissions assigned t
    o you. To see what permissions you need, see the "Mailbox move" entry in the Mailbox Permissions topic.


RELATED LINKS
    Online Version http://technet.microsoft.com/EN-US/library/c28ca2ce-963f-4676-81c3-cef3c290ee7b(EXCHG.140).aspx

REMARKS
    To see the examples, type: "get-help New-MoveRequest -examples".
    For more information, type: "get-help New-MoveRequest -detailed".
    For technical information, type: "get-help New-MoveRequest -full".

Open in new window

0
 
Chris DentPowerShell DeveloperCommented:

> i just tried to create a secondary it worked, but when i tried to transfer from
> master i got "refused"

You'll need to permit that (by IP Address) on the Primary version of the zone. DNS Console then properties for the zone, then the Zone Transfer tab. Set it to allow transfers to the list, and add the IP of the other server.

Chris
0
 
awilderbeastAuthor Commented:
yeah did that, still refused :|

got "the server with this ip address is not authorative for the required zone"
0
 
Chris DentPowerShell DeveloperCommented:

heh you must be really enjoying this...

So under allow zone transfers you've got the IP address of the new Secondary server? And if you re-create the Secondary zone you feed it the IP address of the Primary server?

But it still says the server is not authoritative for the zone?

Chris
0
 
awilderbeastAuthor Commented:
its great! lol
nothings simple though is it! haha

on DC1.domain.net i have created a secondary zone for domain.local and vice vera on server01.domain.local

on dc1 (2008 r2) i have zone transfers set to allow to the following servers and have server01.domain.loal's ip address in there and the FQDN has resloved to SERVER01 (which is correct)
but it says its not authorative to do so so

server01.domain.local is a sbs 2003 box and doesnt come back with any fancy messages like 2008 so that just a big red X with zone not loaded by dns server on it

im stumped :|


0
 
Chris DentPowerShell DeveloperCommented:

Lets go with Conditional Forwarders... they're less work :)

Nuke the two Secondary zones you created (one on each side). On each server open the DNS console, select the server and open it's Properties and select the forwarders tab.

The interface differs a bit between the different versions now. It shouldn't be too bad though.

You need to enter the remote domain name, then the remote server IP address beneath that.

Run ipconfig /flushdns on each server then try looking up names again.

Chris
0
 
awilderbeastAuthor Commented:
conditional forwarders worked, so now we have dns, back to the mailboxes! lol

shall i try any of the scripts again?
0
 
Chris DentPowerShell DeveloperCommented:

Phew, at least we got one step forward :)

And yes, lets give it a shot, try the Prepare-MoveRequest script?

Do you have a firewall between these two domains? You'll need quite a number of ports open to help it along.

Chris
0
 
awilderbeastAuthor Commented:
yeah sbs is using ISA 2004

same error, source DC is unavailable or authentication failed

port issue?

cheers
0
 
Chris DentPowerShell DeveloperCommented:

Could well be.

For the Global Catalog you'll need TCP Port 3268 open. I guess you have UDP/TCP Port 53 open for DNS? And possibly TCP Port 389 for LDAP?

Or is it just wide open? :)

You can test with Telnet since we're expecting a TCP connection:

telnet server01.domain.local 3268

If it works you'll get a blank screen, if not you'll get an error message.

Chris
0
 
awilderbeastAuthor Commented:
whats the command to see open ports again? or will it not matter will have to see through isa?

telnet worked on 3268

53 is open as dns works :)

so 389 that needed?

how do i check 389?

0
 
awilderbeastAuthor Commented:
just thought, ive added the new servers ip range to isa as internal networks, so isa shouldnt be blocking any ports should it?
0
 
Chris DentPowerShell DeveloperCommented:

That I don't know, I don't know very much about ISA I'm afraid, I haven't had to use it for the last 5 years. I can see if I can find someone to help on that aspect if it'll be beneficial?

Chris
0
 
awilderbeastAuthor Commented:
im not that great on it either, but i think it doesnt block ports internally unless specified, im unsre of that though

found this nifty command

portqry -n server01.domain.local -p udp -e 389

======== End of LDAP query response ========

UDP port 389 is LISTENING

so all the ports where already open, so there must be some other reason its not authenticating or not finding the dc

it asks me for credientials twice though when running that script, which is wierd?
0
 
Chris DentPowerShell DeveloperCommented:

The prepare script? I haven't got a copy of the script so I couldn't really say what it's up to in there, it is possible it prompts for credentials.

I tell you what, lets try and find the account ourselves. If you could run this in the PowerShell prompt / Exchange management shell please? It'll need a bit of modification, hopefully it's clear what needs changing.

Chris
$LdapFilter "(mail=someemailaddress@domain.local)"

$RemoteDomain = New-Object DirectoryServices.DirectoryEntry(`
  "GC://server01.domain.local/DC=domain,DC=local", `
  "Domain\SomeUsername", `
  "SomePassword")

$Searcher = New-Object DirectoryServices.DirectorySearcher($RemoteDomain, $LdapFilter)

$Searcher.FindAll()

Open in new window

0
 
awilderbeastAuthor Commented:
heres the prepare script

$UserCredentials = Get-Credential
e:\move\Prepare-MoveRequest.ps1 -Identity test@domain.local`
  -RemoteForestDomainController server01.domain.local`
  -RemoteForestCredential $UserCredentials


ran that code, on the 2010 server yes? and it was connecting to the 2003 sbs server, thats what it was supposed to do?
the account was any random account, i used test account i created, no admin account needed?


Exception calling "FindAll" with "0" argument(s): "A referral was returned from the server.
"
At line:1 char:18
+ $Searcher.FindAll <<<< ()
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : DotNetMethodException

Cheers
0
 
Chris DentPowerShell DeveloperCommented:
> Exception calling "FindAll" with "0" argument(s): "A referral was returned from the server.

That's interesting, that's a kind of "this doesn't exist here" message. It'll refer back to this part:

$RemoteDomain = New-Object DirectoryServices.DirectoryEntry(`
  "GC://server01.domain.local/DC=domain,DC=local", `
  "Domain\SomeUsername", `
  "SomePassword")

We're trying to create a connection to the Global Catalog running on server01, and we're connecting to the naming context DC=domain,DC=local (which would correlate to a domain called domain.local).

> ran that code, on the 2010 server yes? and it was connecting to the 2003 sbs server,
> thats what it was supposed to do? the account was any random account, i used test account
> i created, no admin account needed?

As far as I can see, yes. There's no indication that it needs to be anything else.

Chris
0
 
awilderbeastAuthor Commented:
ok that was my bad, on the dc=domain i forgot to change it to mydomain

ive done that now but still error

[PS] C:\Windows\system32>
[PS] C:\Windows\system32>$RemoteDomain = New-Object DirectoryServices.DirectoryEntry(`
>>   "GC://server01.domain.local/DC=domain,DC=local", `
>>   "DOMAIN\test", `
>>   "Password01")
>>
[PS] C:\Windows\system32>$Searcher = New-Object DirectoryServices.DirectorySearcher($RemoteDomain, $LdapFilter)
[PS] C:\Windows\system32>
[PS] C:\Windows\system32>$Searcher.FindAll()
An error occurred while enumerating through a collection: The  search filter is invalid..
At line:1 char:18
+ $Searcher.FindAll <<<< ()
    + CategoryInfo          : InvalidOperation: (System.Director...sultsEnumerator:ResultsEnumerator) [], RuntimeExcep
   tion
    + FullyQualifiedErrorId : BadEnumeration
0
 
Chris DentPowerShell DeveloperCommented:

I appear to have missed an equals character out:

$LdapFilter = "(mail=someemailaddress@domain.local)"

That should work a little better :)

Chris
0
 
awilderbeastAuthor Commented:
ok it doesnt come back with an error now, but it doesnt do anything

i keep pressing enter and nothing

[PS] C:\Windows\system32>
[PS] C:\Windows\system32>$Searcher.FindAll()
[PS] C:\Windows\system32>
[PS] C:\Windows\system32>
[PS] C:\Windows\system32>
[PS] C:\Windows\system32>
[PS] C:\Windows\system32>
0
 
Chris DentPowerShell DeveloperCommented:

That means it ran but completely failed to find anything. Perhaps we should try proxyAddresses in the filter, we're only looking at the Primary Email address right now:

$LdapFilter = "(proxyAddresses=*someemailaddress@domain.local)"

We need the * I've added here, proxyAddresses are listed like this:

smtp:someemailaddress@domain.local
SMTP:primary@domain.com
etc

The rest of the code stays the same. However, the fact that it ran without error does suggest that you can connect and can search.

Do you have a copy of that Prepare script? Are you able to post it (attachment or in a code block)?

Chris
0
 
awilderbeastAuthor Commented:
do i put

$LdapFilter = "(proxyAddresses=test@domain.local)"

or

$LdapFilter = "(proxyAddresses=smtp:test@domain.local)"

not quite sure what you mean there

prepare script below
$UserCredentials = Get-Credential
e:\move\Prepare-MoveRequest.ps1 -Identity test@domain.local`
  -RemoteForestDomainController server01.domain.local`
  -RemoteForestCredential $UserCredentials

Open in new window

0
 
Chris DentPowerShell DeveloperCommented:

Neither :) This one:

$LdapFilter = "(proxyAddresses=*test@domain.local)"

I meant the contents of this file e:\move\Prepare-MoveRequest.ps1, it's a PowerShell script, it should open up in Notepad quite happily. To get an idea why it might be failing we need to know what it's trying to do (considering our own test appears to be working).

Chris
0
 
awilderbeastAuthor Commented:
came back with results this time :)


Path                                                        Properties
----                                                        ----------
GC://server01.domain.local/CN=test,OU=SBSUsers,OU=Users,... {st, adspath, objectguid, textencodedoraddress, displayn...


sorry yeah code below
param([parameter(Position=0, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true, mandatory=$true)][string]$Identity, 
      [parameter(Position=1, mandatory=$true)][string]$RemoteForestDomainController, 
      [parameter(Position=2, mandatory=$true)][Management.Automation.PSCredential]$RemoteForestCredential, 
      [string]$LocalForestDomainController,
      [Management.Automation.PSCredential]$LocalForestCredential,
      [string]$TargetMailUserOU='Users',
      [string]$MailboxDeliveryDomain,
      [switch]$LinkedMailUser,
      [switch]$UseLocalObject)

begin
{
    # ---------------------------------------------------------------------------------------------------
    function findADObject($searchRoot, $filter)
    # ---------------------------------------------------------------------------------------------------
    {
        $searcher = new-object System.DirectoryServices.DirectorySearcher($searchRoot)
        $searcher.filter = $filter
        $user = $searcher.findall()

        if ($user -eq $null -or $user.count -eq 0)
        {
            return $null
        }
        elseif ($user.count -gt 1)
        {
            foreach ($usr in $user)
            {
                Write-Warning ("Object Found:" + $usr.GetDirectoryEntry().distinguishedName)
            }
            throw "Multiple objects found in AD."
        }
        else
        {
            return $user[0].GetDirectoryEntry()
        }
    }

    # ---------------------------------------------------------------------------------------------------
    function checkUserExist ($OU, $filter)
    # ---------------------------------------------------------------------------------------------------
    {
        $searcher = new-object System.DirectoryServices.DirectorySearcher($OU)
        $searcher.filter = $filter
        $user = $searcher.findone() 
        if ($user -eq $null -or $user.count -eq 0)
        {
            return $false
        }
        else
        {
            return $true
        }
    }

    # ---------------------------------------------------------------------------------------------------
    function copyIfExist ($target, [array]$attriblist, $propertybag)
    # ---------------------------------------------------------------------------------------------------
    {
        foreach($att in $attriblist)
        {
            if ($propertybag.Contains($att))
            {
                Write-Verbose "Setting $att to $($propertybag.Item($att))"
                [void]($target.Put($att, $propertybag.Item($att).Value))
            }
        }
    }

    # ---------------------------------------------------------------------------------------------------
    function getEscapedldapFilterStr ([string]$original)
    # ---------------------------------------------------------------------------------------------------
    {
        $escape = $original.replace("\", "\5c")
        $escape = $escape.replace("(", "\28").replace(")", "\29")
        $escape = $escape.replace("&", "\26").replace("|", "\7c")
        $escape = $escape.replace("=", "\3d").replace(">", "\3e")
        $escape = $escape.replace("<", "\3c").replace("~", "\7e")
        $escape = $escape.replace("*", "\2a").replace("/", "\2f")
        return $escape
    }
    
    # ---------------------------------------------------------------------------------------------------
    function sidToLDAPQuery([byte[]]$sid)
    # ---------------------------------------------------------------------------------------------------
    {
        foreach ($by in $sid)
        {
            $ret += "\" + $by.tostring("X")
        }
        return $ret
    }
    
    # ---------------------------------------------------------------------------------------------------    
    function MasterAccountSidIsSelf ( $srcMbxAttributes )
    # ---------------------------------------------------------------------------------------------------
    {
        if ($srcMbxAttributes.Contains("msExchMasterAccountSid"))
        {
            $master = new-object System.Security.Principal.SecurityIdentifier($srcMbxAttributes.Item("msExchMasterAccountSid").value, 0)
            if ($master.IsWellKnown("SelfSid"))
            {
                return $true
            }
        }
        return $false
    }

    # ---------------------------------------------------------------------------------------------------
    function findLocalObject ($OU, $srcuser)
    # ---------------------------------------------------------------------------------------------------
    {
        $usr = $null
        if ($srcuser.properties.Contains("msExchMasterAccountSid") -and -not (MasterAccountSidIsSelf $srcuser.properties))
        {
            $sourcesid += sidToLDAPQuery $srcuser.properties.Item("msExchMasterAccountSid").Value
            $filter = "(| (ObjectSid=$sourcesid) (msExchMasterAccountSid=$sourcesid) )"
            $usr = findADObject $OU $filter
        }
        if ($usr -eq $null)
        {
            $address = $srcuser.Properties.Item("proxyAddresses")
            foreach ($addr in $address)
            {
                if ($addr.startswith("x500:", "OrdinalIgnoreCase") -or $addr.startswith("smtp:", "OrdinalIgnoreCase"))
                {
                    $addr1 = getEscapedldapFilterStr ($addr.Substring(0,4).toUpper() + $addr.Substring(4))
                    $addr2 = getEscapedldapFilterStr ($addr.Substring(0,4).toLower() + $addr.Substring(4))
                    $filterstring += "(proxyAddresses=$addr1) (proxyAddresses=$addr2)"
                }
            }
            
            $filter = "(| $filterstring)"
            
            $usr = findADObject $OU $filter
        }
        return $usr
    }

    # ---------------------------------------------------------------------------------------------------
    function generateUniqueSAM ($ou, $srcMbxAttributes)
    # ---------------------------------------------------------------------------------------------------
    {
        $uniquesam = $srcMbxAttributes.Item('samaccountname').Value
        $retrycount = 30
        if ($uniquesam.Length -lt 20)
        {
            while ($retrycount -gt 0 -and (checkUserExist $ou "(samAccountName=$(getEscapedldapFilterStr $uniquesam))"))
            {
                $uniquesam = $srcMbxAttributes.Item("samaccountname").Value + (random)
                if ($uniquesam.length -gt 20)
                {
                    $uniquesam = $uniquesam.substring(0,20)
                }
                $retrycount = $retrycount - 1
            }
        }
        return $uniquesam
    }

    # ---------------------------------------------------------------------------------------------------
    function generateUniqueUPN ($ou, $srcMbxAttributes, $fallbacks)
    # ---------------------------------------------------------------------------------------------------
    {
        if ($srcMbxAttributes.Contains('userPrincipalName'))
        {
            $uniqueupn = $srcMbxAttributes.Item('userPrincipalName').Value
            if ($uniqueupn -match "^(.*)(@.*)$")
            {
                $postfix = $matches[2]
                $prefix  = $matches[1]
            }
            $preferedupn = ,$uniqueupn + $fallbacks
            foreach ($upn in $preferedupn)
            {
                if ($upn -ne $null)
                {
                    if ($upn.contains("@"))
                    {
                        $testupn = $upn
                    }
                    else
                    {
                        $testupn = "$upn$postfix"
                    }
                    if ($(checkUserExist $ou "(userPrincipalName=$(getEscapedldapFilterStr $testupn))") -eq $false)
                    {
                        return $testupn
                    }
                }
            }
            #try to use prefered upn, if all unsuitable, generate a new one
            while ($(checkUserExist $ou "(userPrincipalName=$(getEscapedldapFilterStr $uniqueupn))"))
            {
                $uniqueupn = "$prefix$(random)$postfix"
            }
        }
        return $uniqueupn
    }
    
    # ---------------------------------------------------------------------------------------------------
    function copyMandatoryAttributes ($newuser, $srcAttributes, $localDC)
    # ---------------------------------------------------------------------------------------------------
    {
        $copyAttributes="displayName",
                        "Mail",
                        "mailNickName",
                        "msExchMailboxGuid",
                        "msExchArchiveGuid",
                        "msExchUserCulture",
                        "msExchArchivename",
                        "proxyAddresses"
                        
        $specialAttributes = @{  "msExchRecipientDisplayType"=0x80000006;
                                 "msExchRecipientTypeDetails"=0x80;
                                 "msExchVersion"="44220983382016";
                                 "userAccountControl"=0x202 #ACCOUNTDISABLE | NORMAL_ACCOUNT
                               }
                               
        if ($localDC -ne $null)
        {
            $specialAttributes["samaccountname"] = generateUniqueSAM $localDC $srcAttributes
            $specialAttributes["userPrincipalName"] = generateUniqueUPN $localDC $srcAttributes $newuser.cn,$specialAttributes["samaccountname"]
        }
                               
        [void](copyIfExist $newuser $copyAttributes $srcAttributes)
        
        foreach($att in $specialAttributes.getenumerator())
        {
            if ($att.value -ne $null)
            {
                Write-Verbose "Setting $($att.key) to $($att.value)"
                [void]($newuser.put($att.key, $att.value.tostring()))
            }
        }
    }

    # ---------------------------------------------------------------------------------------------------
    function createMailUserAccount ($localDC, $ou, $srcMbxAttributes)
    # ---------------------------------------------------------------------------------------------------
    {
        try{
            $newcn = getEscapedldapFilterStr $srcMbxAttributes.Item("cn").value
            $newcn = $newcn.replace(",", "\,")
            while ([DirectoryServices.DirectoryEntry]::exists("LDAP://cn=$newcn,$($ou.distinguishedname)"))
            {
                $newcn = getEscapedldapFilterStr ($srcMbxAttributes.Item('cn').value + (random))
                $newcn = $newcn.replace(",", "\,")
            }
            
            [void]($newuser = $ou.create("user", "cn=$newcn"))
            
            copyMandatoryAttributes $newuser $srcMbxAttributes $localDC
            
            #additional operations for proxyaddresses and targetaddress
            $srcproxys = $srcMbxAttributes.Item("proxyAddresses")
            $X500proxyAddr = "x500:" + $srcMbxAttributes.Item("LegacyExchangeDN").value
            if ($srcMbxAttributes.Contains("LegacyExchangeDN") -and
                -not $srcproxys.tostring().toupper().contains($X500proxyAddr.ToUpper()))
            {
                Write-Verbose "Appending proxyAddresses with $X500proxyAddr"
                [void]($newuser.putex(3, "proxyAddresses", [array]$X500proxyAddr))
            }
            
            foreach ($addr in $srcproxys)
            {
                if ($addr -match "^(SMTP|smtp):.*@(.*)$")
                {
                    #if don't specify authoritative domains, use primary smtp address
                    if (([string]::IsNullOrEmpty($MailboxDeliveryDomain) -and $addr.startswith("SMTP")) -or
                        ($matches[2] -eq $MailboxDeliveryDomain))
                    {
                        Write-Verbose "Setting targetAddress to $addr"
                        [void]$newuser.put("targetAddress", $addr)
                        break
                    }
                }
            }

            [void]($newuser.SetInfo())
            
            return $newuser
        }
        catch
        {
            Write-Error "Error creating mailuser CN=$newcn,$($ou.distinguishedname) in local forest or setting its mandatory attributes."
        }
        
        return $null
    }

    # ---------------------------------------------------------------------------------------------------
    function copyGalySyncAttributes ($user, $srcMbxAttributes)
    # ---------------------------------------------------------------------------------------------------
    {
        $copyAttributes= "C",
                         "Co",
                         "countryCode",
                         "Company",
                         "Department",
                         "facsimileTelephoneNumber",
                         "givenName",
                         "homePhone",
                         "Info",
                         "Initials",
                         "L",
                         "Mobile",
                         "msExchAssistantName",
                         "msExchHideFromAddressLists",
                         "otherHomePhone",
                         "otherTelephone",
                         "Pager",
                         "physicalDeliveryOfficeName",
                         "postalCode",
                         "Sn",
                         "St",
                         "streetAddress",
                         "telephoneAssistant",
                         "telephoneNumber",
                         "Title"

        copyIfExist $user $copyAttributes $srcMbxAttributes
    }

    # ---------------------------------------------------------------------------------------------------
    function copyE2k7OptionalAttributes ($user, $srcMbxAttributes)
    # ---------------------------------------------------------------------------------------------------
    {
        $copyAttributes= #"Cn",
                         "Comment",
                         "deletedItemFlags",
                         "delivContLength",
                         "departmentNumber",
                         "Description",
                         "Division",
                         "employeeID",
                         "employeeNumber",
                         "employeeType",
                         "homePostalAddress",
                         "internationalISDNNumber",
                         "ipPhone",
                         "Language",
                         "localeID",
                         "mAPIRecipient",
                         "middleName",
                         "msDS-PhoneticCompanyName",
                         "msDS-PhoneticDepartment",
                         "msDS-PhoneticDisplayName",
                         "msDS-PhoneticFirstName",
                         "msDS-PhoneticLastName",
                         "msExchBlockedSendersHash",
                         "msExchELCExpirySuspensionEnd",
                         "msExchELCExpirySuspensionStart",
                         "msExchELCMailboxFlags",
                         "msExchExternalOOFOptions",
                         "msExchMessageHygieneFlags",
                         "msExchMessageHygieneSCLDeleteThreshold",
                         "msExchMessageHygieneSCLJunkThreshold",
                         "msExchMessageHygieneSCLQuarantineThreshold",
                         "msExchMessageHygieneSCLRejectThreshold",
                         "msExchMDBRulesQuota",
                         "msExchPoliciesExcluded",
                         "msExchSafeRecipientsHash",
                         "msExchSafeSendersHash",
                         "msExchUMSpokenName",
                         "O",
                         "otherFacsimileTelephoneNumber",
                         "otherIpPhone",
                         "otherMobile",
                         "otherPager",
                         "preferredDeliveryMethod",
                         "personalPager",
                         "personalTitle",
                         "Photo",
                         "pOPCharacterSet",
                         "pOPContentFormat",
                         "postalAddress",
                         "postOfficeBox",
                         "primaryInternationalISDNNumber",
                         "primaryTelexNumber",
                         "showInAdvancedViewOnly",
                         "Street",
                         "terminalServer",
                         "textEncodedORAddress",
                         "thumbnailLogo",
                         "thumbnailPhoto",
                         "url",
                         "userCert",
                         "userCertificate",
                         "userSMIMECertificate",
                         "wWWHomePage"
        foreach ($i in 1..15)
        {
            $copyAttributes += "extensionAttribute$i";
        }


        copyIfExist $user $copyAttributes $srcMbxAttributes
    }

    # ---------------------------------------------------------------------------------------------------
    function findCorrespondingADObject ($targetOU, $DN, $srcDomain)
    # ---------------------------------------------------------------------------------------------------
    {
        $cn = "$DN".substring(0, "$DN".indexof(",DC="))
        $srcreferenceobject = $srcDomain.children.find($cn)
        $usr = $null
        if ($srcreferenceobject -ne $null)
        {
            if ($srcreferenceobject.Properties.Contains("legacyExchangeDN"))
            {
                $legexch = getEscapedldapFilterStr $srcreferenceobject.Properties.Item("legacyExchangeDN")
                $addrfilter = "(proxyAddresses=x500:$legexch) (proxyAddresses=X500:$legexch)"
            }
            $address = $srcreferenceobject.Properties.Item("proxyAddresses")
            foreach ($addr in $address)
            {
                if ($addr.startswith("x500:", "OrdinalIgnoreCase"))
                {
                    $addrfilter += "(legacyExchangeDN=$(getEscapedldapFilterStr $addr.substring(5)))"
                }
                if ($addr.startswith("smtp:", "OrdinalIgnoreCase") -or $addr.startswith("x500:", "OrdinalIgnoreCase"))
                {
                    $addr1 = getEscapedldapFilterStr ($addr.Substring(0,4).toUpper() + $addr.Substring(4))
                    $addr2 = getEscapedldapFilterStr ($addr.Substring(0,4).toLower() + $addr.Substring(4))
                    $addrfilter += "(proxyAddresses=$addr1) (proxyAddresses=$addr2)"
                }
            }
            if ([string]::IsNullOrEmpty($addrfilter) -eq $false)
            {
                $filter = "(| $addrfilter)"
                            
                $usr = findADObject $targetOU $filter
                
                if ($usr -eq $null)
                {
                    #user not found, try find the contact
                    $usr = findADObject $targetOU "(& (objectClass=contact) $filter)"
                }
            }

            return $usr
        }
    }

    # ---------------------------------------------------------------------------------------------------
    function setLinkedAttribute ($attribname, $backlinkname, $targetOU, $user, $srcMbxAttributes, $srcDomain)
    # ---------------------------------------------------------------------------------------------------
    {
        if ($srcMbxAttributes.contains($attribname))
        {
            foreach ($dn in $srcMbxAttributes.item($attribname))
            {
                try
                {
                    $corobj = findCorrespondingADObject $targetOU $dn $srcDomain
                    if ($corobj -eq $null)
                    {
                        Write-Warning "Cannot find corresponding object for $dn in current forest. `'$attribname`' not set."
                    }
                    else
                    {
                        Write-Verbose "Setting $attribname to $($corobj.properties.item('distinguishedname'))"
                        $user.putex(3, $attribname, [array]"$($corobj.properties.item('distinguishedname'))")
                    }
                }
                catch
                {
                    Write-Warning "Error updating $($user.distinguishedName)   Attribute: $attribname! Attribute Not Set! Error: $($Error[0])"
                }
            }
        }
        
        #find backlink from source MBX, set it on corresponding user in target
        if ($srcMbxAttributes.contains($backlinkname))
        {
            foreach ($dn in $srcMbxAttributes.item($backlinkname))
            {
                try
                {
                    $corobj = findCorrespondingADObject $targetOU $dn $srcDomain
                    if ($corobj -eq $null)
                    {
                        Write-Warning "Cannot find corresponding object for $dn in current forest. `'$attribname`' not updated."
                    }
                    else
                    {
                            $corobj.PutEx(3, $attribname, [array]"$($user.properties.item("distinguishedname"))")
                            $corobj.SetInfo()
                            Write-Host "Updating $($corobj.distinguishedName)   Attribute: $attribname" -ForegroundColor Green
                    }
                }
                catch
                {
                    Write-Warning "Error updating $($corobj.distinguishedName)   Attribute: $attribname! Attribute Not Set! Error: $($Error[0])"
                }
            }
        }
    }

    # ---------------------------------------------------------------------------------------------------
    function setLinkedAttributes ($targetOU, $user, $srcMbxAttributes, $srcDomain)
    # ---------------------------------------------------------------------------------------------------
    {
        setLinkedAttribute "altRecipient" "altRecipientBL" $targetOU $user $srcMbxAttributes $srcDomain
        if ($user.properties.contains("altRecipient") -and $srcMbxAttributes.contains("deliverAndRedirect"))
        {
            $user.put("deliverAndRedirect", "$($srcMbxAttributes.item('deliverAndRedirect'))".toupper())
        }
        
        setLinkedAttribute "Manager" "directReports" $targetOU $user $srcMbxAttributes $srcDomain
        
        setLinkedAttribute "publicDelegates" "publicDelegatesBL"  $targetOU $user $srcMbxAttributes $srcDomain
        
        setLinkedAttribute "member" "memberOf"  $targetOU $user $srcMbxAttributes $srcDomain
    }

    # ---------------------------------------------------------------------------------------------------
    function copyLinkedMailboxTypeAttributes ($user, $srcMbxAttributes)
    # ---------------------------------------------------------------------------------------------------
    {
        $copyAttributes = @()
        $valuedAttributes = @{ }
        
        $accountenable = ($srcMbxAttributes.Item("UserAccountControl").tostring() -band 0x2) -eq 0
        if (-not $accountenable -and (MasterAccountSidIsSelf $srcMbxAttributes))
        {
            $valuedAttributes["msExchRecipientDisplayType"] = $user.properties.Item("msExchRecipientDisplayType").value -bor 2
        }
        else
        {
            $valuedAttributes["msExchRecipientDisplayType"] = 0xC0000006
            if ($srcMbxAttributes.Contains("msExchMasterAccountSid"))
            {
                $copyAttributes += "msExchMasterAccountSid"
            }
            elseif ($srcMbxAttributes.Contains("objectSid"))
            {
                $valuedAttributes["msExchMasterAccountSid"] = $srcMbxAttributes.Item("objectSid").Value
            }
            #this can also be done by carefully arrange "msExchMasterAccountSid" and "objectSid"
            #in the list, avoid the trouble of nested branching. but it's not worth the maintainence effort
        }
        
        [void](copyIfExist $user $copyAttributes $srcMbxAttributes)
    
        foreach($att in $valuedAttributes.getenumerator())
        {
            Write-Verbose "Setting $($att.key) to $($att.value)"
            [void]($user.put($att.key, $att.value))
        }
    }

    # ---------------------------------------------------------------------------------------------------
    function copySpecialMailboxTypeAttributes ($user, $srcMbxAttributes)
    # ---------------------------------------------------------------------------------------------------
    {
    #Mailbox Type Constants
        $ROOMMAILBOX      = 16
        $EQUIPMENTMAILBOX = 32
    #End Mailbox Type Constants
        $copyAttributes = "msExchResourceCapacity",
                          "msExchResourceDisplay",
                          "msExchResourceMetaData",
                          "msExchResourceSearchProperties"
                          
        $valuedAttributes = @{ }
        
        if ($srcMbxAttributes.Contains("msExchRecipientTypeDetails"))
        {
            $typedetail = $user.ConvertLargeIntegerToInt64($srcMbxAttributes.Item("msExchRecipientTypeDetails").Value)
            if (($typedetail -band $ROOMMAILBOX) -ne 0)
            {
                $valuedAttributes["msExchRecipientDisplayType"] = 0x80000706
            }
            elseif (($typedetail -band $EQUIPMENTMAILBOX) -ne 0)
            {
                $valuedAttributes["msExchRecipientDisplayType"] = 0x80000806
            }
            else
            {
                return
            }

            [void](copyIfExist $user $copyAttributes $srcMbxAttributes)
            
            foreach($att in $valuedAttributes.getenumerator())
            {
                Write-Verbose "Setting $($att.key) to $($att.value)"
                [void]($newuser.put($att.key, $att.value))
            }
        }
    }

    # ---------------------------------------------------------------------------------------------------
    function createMEUAndCopyAttrs ($localDC, $localOU, $srcDC, $srcObject)
    # ---------------------------------------------------------------------------------------------------
    {
        $srcAttributes = $srcObject.properties
        $newuser = createMailUserAccount $localDC $localOU $srcAttributes

        if ($newuser -eq $null)
        {
            return
        }

        #mandatory attributes are all set. go with optional attributes
        copyGalySyncAttributes $newuser $srcAttributes
        copyE2k7OptionalAttributes $newuser $srcAttributes
        setLinkedAttributes $localdc $newuser $srcAttributes $srcdc
        copySpecialMailboxTypeAttributes $newuser $srcAttributes

        if ($LinkedMailUser)
        {
            copyLinkedMailboxTypeAttributes $newuser $srcAttributes
        }

        try
        {
            [void]($newuser.SetInfo())
        
            Update-Recipient $newuser.DistinguishedName.Value @DomainControllerParameterSet
            
            #syncback Legacy Exchange DN
            #rebind ad object to retrieve new properties set by Update-Recipient
            $newuser.RefreshCache([array]"legacyExchangeDN")
            $srcproxys = $srcAttributes.Item("proxyAddresses")
            $X500proxyAddr = "x500:" + $newuser.properties.Item("LegacyExchangeDN")
            if ($newuser.properties.Contains("LegacyExchangeDN") -and $srcproxys.Contains($X500proxyAddr) -eq $false)
            {
                Write-Host "Updating source MBX($($srcObject.distinguishedName)) in source forest, appending $X500proxyAddr to proxyAddresses" -ForegroundColor Green
                [void]($srcObject.putex(3, "proxyAddresses", [array]$X500proxyAddr))
                $srcObject.setinfo()
            }
            $Global:movecount++
            "Preparation for $Identity done."
        }
        catch
        {
            Write-Error "failed performing final steps. $($Error[0])"
            return
        }
    }
    
    # ---------------------------------------------------------------------------------------------------
    function forceMergeObject ($recipienttype, $localOU, $localusr, $srcObject)
    # ---------------------------------------------------------------------------------------------------
    {
        $copyAttributes = "msExchMailboxGUID",
                          "msExchArchiveGUID",
                          "msExchArchiveName"

        if ($recipienttype -eq 'MailUser')
        {
            Write-Verbose "Merging Mailbox properties to local MailUser"
            [void](copyIfExist $localusr $copyAttributes $srcObject.properties)
            $logindisabled = ($srcObject.userAccountControl.Value -band 0x2) -ne 0 #AccountDisabled
            if ($LinkedMailUser -and $logindisabled)
            {
                copyLinkedMailboxTypeAttributes $localusr $srcObject.properties
            }
            try
            {
                [void]($localusr.SetInfo())  # Might get Access Denied.
            }
            catch
            {
                Write-Error "Error merging mailbox information with local mailuser: $($localusr.DistinguishedName). Error: $($Error[0])"
                return
            }
        }
        elseif ($recipienttype -eq 'MailContact')
        {
            Write-Verbose "Creating MailUser with same attributes as local MailContact"
            
            $srcMbxAttributes = $srcObject.Properties
            $ContactAttributes = $localusr.Properties
            
            $newcn = getEscapedldapFilterStr $srcMbxAttributes.Item("cn").value
            $newcn = $newcn.replace(",", "\,")
            while ([DirectoryServices.DirectoryEntry]::exists("LDAP://cn=$newcn,$($localou.distinguishedname)"))
            {
                $newcn = getEscapedldapFilterStr ($srcMbxAttributes.Item('cn').value + (random))
                $newcn = $newcn.replace(",", "\,")
            }
            $newuser = $localOU.create("user", "cn=$newcn")
            
            copyMandatoryAttributes $newuser $ContactAttributes
            copyGalySyncAttributes $newuser $ContactAttributes
            copyE2k7OptionalAttributes $newuser $ContactAttributes
            setLinkedAttributes $localdc $newuser $ContactAttributes $localdc
            copySpecialMailboxTypeAttributes $newuser $ContactAttributes

            if ($LinkedMailUser)
            {
                copyLinkedMailboxTypeAttributes $newuser $ContactAttributes
            }
            
            [void](copyIfExist $newuser "targetAddress" $ContactAttributes)
            
            foreach ($addr in $srcproxys)
            {
                if ($addr -match "^(SMTP|smtp):.*@(.*)$")
                {
                    #if don't specify authoritative domains, use primary smtp address
                    if (([string]::IsNullOrEmpty($MailboxDeliveryDomain) -and $addr.startswith("SMTP")) -or
                        ($matches[2] -eq $MailboxDeliveryDomain))
                    {
                        Write-Verbose "Setting targetAddress to $addr"
                        [void]$newuser.put("targetAddress", $addr)
                        break
                    }
                }
            }
            try
            {
                $localusr.deletetree()
                
                $copyAttributes += "sAMAccountName",
                                   "userPrincipalName"
                [void](copyIfExist $newuser $copyAttributes $srcMbxAttributes)

                Write-Host -ForegroundColor red "Deleteing $($localusr.distinguishedname)"
                [System.Threading.Thread]::Sleep(500)
                [void]($newuser.setinfo())
            }
            catch
            {
                Write-Error "Error merging recipient infomation. Recipient data unchanged. Error: $($Error[0])"
                return
            }
        }
        "Preparation for $Identity done. Local recipient info Merged."
        $Global:movecount++
    }
    
#=========================================================================================================
#                                         Initialize code
#=========================================================================================================

    $usr = $RemoteForestCredential.UserName
    $pwd = [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($RemoteForestCredential.Password))
    
    if ($LocalForestCredential -ne $null)
    {
        $localusr = $LocalForestCredential.UserName
        $localpwd = [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($LocalForestCredential.Password))
    }
    $Global:movecount = 0

    $srcdc   = New-Object DirectoryServices.DirectoryEntry("LDAP://$RemoteForestDomainController", $usr, $pwd)
    $DomainControllerParameterSet = @{}
    if ($srcdc.guid -eq $null)
    {
        #guid not present, consider src unavailable
        throw "Source Domain controller unavailable or authentication failed."
    }

    try {
        if ($LocalForestCredential -eq $null -and [string]::IsNullorEmpty($LocalForestDomainController))
        {
            $localdc = [ADSI]""
        }
        elseif ($LocalForestCredential -ne $null -and $LocalForestDomainController -ne $null)
        {
            $localdc = New-Object DirectoryServices.DirectoryEntry("LDAP://$LocalForestDomainController", $localusr, $localpwd)
            $DomainControllerParameterSet = @{ DomainController=$LocalForestDomainController; Credential=$LocalForestCredential }
        }
        else
        {
            throw "LocalForestCredential and LocalForestDomainController need to be specified at the same time"
        }
        $escapedtargetou = getEscapedldapFilterStr $TargetMailUserOU
        $OUfilter = "(& (| (ObjectClass=Container)" +
                    "      (ObjectClass=organizationalUnit))" +
                    "   (| (name=$escapedtargetou)" +
                    "      (distinguishedname=$escapedtargetou)))"
        $localOU =  findADObject $localdc $OUfilter
        if ($localOU -eq $null)
        {
            throw "Cannot find specified OU or Container: $TargetMailUserOU"
        }
    }
    catch
    {
        throw "Error looking up local OU, Error Msg: $($Error[0])"
    }
}

process
{    
    $escapedIdentity = getEscapedldapFilterStr $Identity
    $filterDN =   "(& (objectClass=user)" +
                  "   (distinguishedName=$escapedIdentity))"

    $filterParm = "(& (objectClass=user)" +
                  "   ( (| (mailnickname=$escapedIdentity)" + 
                  "        (cn=$escapedIdentity)" +
                  "        (proxyAddresses=SMTP:$escapedIdentity)" +
                  "        (proxyAddresses=smtp:$escapedIdentity)" +
                  "        (proxyAddresses=X500:$escapedIdentity)" +
                  "        (proxyAddresses=x500:$escapedIdentity)" +
                  "        (objectGUID=$escapedIdentity)" +
                  "        (displayname=$escapedIdentity))))"

    $srcObject = findADObject $srcdc $filterParm

    if ($srcObject -eq $null)
    {
        $srcObject = findADObject $srcdc $filterDN
    
        if ($srcObject -eq $null)
        {
            Write-Error "Error looking up source MBX $identity in source forest."
            return
        }
    }
    
    if (-not $srcObject.properties.contains("mailNickName") -or -not $srcObject.properties.contains("msExchHomeServerName"))
    {
        Write-Error "Source Object $($srcObject.distinguishedName) found, but it is not a Mailbox!."
        return
    }
    
    $accountenable = ($srcObject.properties.Item("UserAccountControl").tostring() -band 0x2) -eq 0
    
    if (-not $accountenable -and -not $srcObject.properties.contains("msExchMasterAccountSid"))
    {
        Write-Error "Source Mailbox is invalid because it is disabled but did not set msExchMasterAccountSid."
        return
    }
    
    try
    {
        $localusr = findLocalObject $localdc $srcObject
    }
    catch
    {
        Write-Error "Error processing $identity, Mailbox not ready to move! Error message: $($error[0])"
        return
    }
    if ($localusr -eq $null)
    {
        #local recipient not exist, source object found, proceed the MEU creation process
        createMEUAndCopyAttrs $localdc $localOU $srcDC $srcObject
    }
    else
    {
        Write-Verbose "Local ad account with dupplicate proxy addresses found: $($localusr.distinguishedName)"
        try
        {
            $recipienttype = (get-recipient $localusr.distinguishedname.value @DomainControllerParameterSet).RecipientType
            if ($recipienttype -eq 'MailUniversalDistributionGroup' -or $recipienttype -eq 'UserMailbox')
            {
                    write-error "Cannot create mail enabled user because an existing mailbox user or mail enabled group already has the same proxy addresses/MasterAccountSid."
            }
            elseif ($recipienttype -eq 'MailUser' -or $recipienttype -eq 'MailContact')
            {
                if ($UseLocalObject)
                {
                    forceMergeObject $recipienttype $localOU $localusr $srcObject
                }
                else
                {
                    write-error ("Cannot create mail enabled user because an existing mail enabled user " +
                                 "or contact already has the same proxy addresses/MasterAccountSid. Please rerun the script with " + 
                                 "‘-UseLocalObject’ if you want to convert the existing email enabled user or contact to " +
                                 "a mail enabled user that is ready for online mailbox move.")
                }
            }
        }
        catch
        {
            Write-Error "Found a non mail enabled object with duplicated proxyaddress or Masteraccoutsid: $($localusr.distinguishedName). Error: $($Error[0])"
        }
    }
}

end
{
    Write-Host -ForegroundColor Black -BackgroundColor Green "$movecount mailbox(s) ready to move."
}

Open in new window

0
 
Chris DentPowerShell DeveloperCommented:

Most kind :)

They're doing much the same as we just did to test. Here's the bit of code from the script. Lets give it a try all on it's own? You'll need to fix the server, username and password.

Chris
$RemoteForestDomainController = "server01.domain.local"
$usr = "SomeUsername"
$pwd = "SomePassword"

$srcdc   = New-Object DirectoryServices.DirectoryEntry("LDAP://$RemoteForestDomainController", $usr, $pwd)
if ($srcdc.guid -eq $null)
{
  #guid not present, consider src unavailable
  throw "Source Domain controller unavailable or authentication failed."
}

Open in new window

0
 
awilderbeastAuthor Commented:
it just printed the script

didnt run anything
0
 
Chris DentPowerShell DeveloperCommented:

Hmm okay that's annoying, it should have thrown an error if it were to behave in the same way as it does when you try to run it as a script.

This time it will prompt for the username and password, you only need fix the server name. If this works I'll be quite annoyed, we're calling the bit which appears to fail when you run it as a script :)

Chris
$RemoteForestDomainController = "server01.domain.local"
$RemoteForestCredential = $(Get-Credential)

$usr = $RemoteForestCredential.UserName
$pwd = [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($RemoteForestCredential.Password))

$srcdc   = New-Object DirectoryServices.DirectoryEntry("LDAP://$RemoteForestDomainController", $usr, $pwd)
if ($srcdc.guid -eq $null)
{
  #guid not present, consider src unavailable
  throw "Source Domain controller unavailable or authentication failed."
}

Open in new window

0
 
awilderbeastAuthor Commented:
again just prints it
[PS] C:\Windows\system32>$RemoteForestDomainController = "server01.domain.local"
[PS] C:\Windows\system32>$RemoteForestCredential = $(Get-Credential)

cmdlet Get-Credential at command pipeline position 1
Supply values for the following parameters:
Credential
[PS] C:\Windows\system32>
[PS] C:\Windows\system32>$usr = $RemoteForestCredential.UserName
[PS] C:\Windows\system32>$pwd = [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::Se
cureStringToBSTR($RemoteForestCredential.Password))
[PS] C:\Windows\system32>
[PS] C:\Windows\system32>$srcdc   = New-Object DirectoryServices.DirectoryEntry("LDAP://$RemoteForestDomainController",
$usr, $pwd)
[PS] C:\Windows\system32>if ($srcdc.guid -eq $null)
>> {
>>   #guid not present, consider src unavailable
>>   throw "Source Domain controller unavailable or authentication failed."
>> }
>>
[PS] C:\Windows\system32>
[PS] C:\Windows\system32>
[PS] C:\Windows\system32>
[PS] C:\Windows\system32>
[PS] C:\Windows\system32>

Open in new window

0
 
Chris DentPowerShell DeveloperCommented:

Yet if you run the script using the same credentials it comes back and complains with the same error message as before?

Chris
0
 
awilderbeastAuthor Commented:
if i run the script with this code

$UserCredentials = Get-Credential
e:\move\Prepare-MoveRequest.ps1 -Identity test@domain.local`
  -RemoteForestDomainController server01.domain.local`
  -RemoteForestCredential $UserCredentials

i get the below

with the username i tried "test", "DOMAIN\test", "test@domain.local" and same error on all of them

also i get asked for credentials twice everytime too


[PS] C:\Windows\system32>$UserCredentials = Get-Credential

cmdlet Get-Credential at command pipeline position 1
Supply values for the following parameters:
Credential
[PS] C:\Windows\system32>e:\move\Prepare-MoveRequest.ps1 -Identity test@domain.local`

cmdlet Prepare-MoveRequest.ps1 at command pipeline position 1
Supply values for the following parameters:
RemoteForestDomainController:   -RemoteForestDomainController server01.domain.local`
RemoteForestCredential
Source Domain controller unavailable or authentication failed.
At E:\move\Prepare-MoveRequest.ps1:756 char:14
+         throw <<<<  "Source Domain controller unavailable or authentication failed."
    + CategoryInfo          : OperationStopped: (Source Domain c...ication failed.:String) [], RuntimeException
    + FullyQualifiedErrorId : Source Domain controller unavailable or authentication failed.

[PS] C:\Windows\system32>  -RemoteForestCredential $UserCredentials
Missing expression after unary operator '-'.
At line:1 char:4
+   - <<<< RemoteForestCredential $UserCredentials
    + CategoryInfo          : ParserError: (-:String) [], ParentContainsErrorRecordException
    + FullyQualifiedErrorId : MissingExpressionAfterOperator

[PS] C:\Windows\system32>

Open in new window

0
 
awilderbeastAuthor Commented:
ok looks like that worked a bit :)
[PS] C:\Windows\system32>e:\move\Prepare-MoveRequest.ps1 -Identity test@domain.local -RemoteForestDomainController serve
r01.cworks.local -RemoteForestCredential $UserCredentials
WARNING: Cannot find corresponding object for CN=My Place,OU=Security Groups,OU=MyBusiness,DC=domain,DC=local in
current forest. 'member' not updated.
Updating source MBX(CN=test,OU=SBSUsers,OU=Users,OU=MyBusiness,DC=domain,DC=local) in source forest, appending x500:/o=C
onstruction Works/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=test2f153796 to proxyAddresses
createMEUAndCopyAttrs : failed performing final steps. Exception calling "setinfo" with "0" argument(s): "Access is den
ied.
"
At E:\move\Prepare-MoveRequest.ps1:845 char:30
+         createMEUAndCopyAttrs <<<<  $localdc $localOU $srcDC $srcObject
    + CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException
    + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,createMEUAndCopyAttrs

0 mailbox(s) ready to move.
[PS] C:\Windows\system32>

Open in new window

0
 
Chris DentPowerShell DeveloperCommented:
Hey that's looking better :)

Does the account you're using have permission to write to the account in the source directory? That is, are you using an admin account?

Chris
0
 
awilderbeastAuthor Commented:
i thought i was supposed to use the account the email address was associated with lol whoops

ill do it with my account...

is this error becuase i have already created the test account on the new exchagne server? shall i delete it?
[PS] C:\Windows\system32>e:\move\Prepare-MoveRequest.ps1 -Identity test@domain.local -RemoteForestDomainController serve
r01.domain.local -RemoteForestCredential $UserCredentials
E:\move\Prepare-MoveRequest.ps1 : Cannot create mail enabled user because an existing mail enabled user or contact alre
ady has the same proxy addresses/MasterAccountSid. Please rerun the script with '-UseLocalObject' if you want to conver
t the existing email enabled user or contact to a mail enabled user that is ready for online mailbox move.
At line:1 char:32
+ e:\move\Prepare-MoveRequest.ps1 <<<<  -Identity test@domain.local -RemoteForestDomainController server01.cworks.local
 -RemoteForestCredential $UserCredentials
    + CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException
    + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Prepare-MoveRequest.ps1

0 mailbox(s) ready to move.

Open in new window

0
 
Chris DentConnect With a Mentor PowerShell DeveloperCommented:

If you're quite happy to continue with that account you can just add -UseLocalObject as it suggests. Otherwise delete will work :)

Adding -UseLocalObject if you want to try that:

e:\move\Prepare-MoveRequest.ps1 -Identity test@domain.local -RemoteForestDomainController server01.domain.local -RemoteForestCredential $UserCredentials -UseLocalObject

Chris
0
 
awilderbeastAuthor Commented:
well theres nothing on any of the local accounts yet i just created them for some reason,

i just deleted it and it popped up saying it will be disabled and marked for removal, how can i start that removal now?

cheers
0
 
Chris DentPowerShell DeveloperCommented:

I'm assuming you're talking about deleting the account from the destination domain and got that when you deleted the mailbox?

The mailbox will be purged after 14 days (if I remember correctly). It won't stop you creating a new mailbox though. Did you delete the account with AD Users and Computers as well?

Chris
0
 
awilderbeastAuthor Commented:
yeah on the destination domain in exchange, recipent configuation > mailbox and got that it will be marked for removal

can i make it purge?

no i didnt delete if from ad, do i have to delete from AD too?

and when i transfer the mailbox it recreates the users account in AD?

thanks
0
 
Chris DentPowerShell DeveloperCommented:

> can i make it purge?

You can if you really need to, but if it appears under Disconnected Mailbox I'd leave it alone. If it doesn't appear there you can force it to by running this in the shell:

Get-MailboxDatabase | Clean-MailboxDatabase

> no i didnt delete if from ad, do i have to delete from AD too?

In theory you don't need to if you're using -UseLocalObject. It'll take the account it finds, overwrite a few settings and carry on creating the mailbox.

> and when i transfer the mailbox it recreates the users account in AD?

It looks like the Prepare script is trying to do that, the mailbox move part expects the account to exist.

Chris
0
 
awilderbeastAuthor Commented:
ok even though ive deleted the mailbox i can still use -localobject?

well i ran it with -localobject and it worked, i now have 1 mailbox ready to move

now the next step? i run the below?

the credentials are admin creds again?

thanks
New-MoveRequest -Identity "test@domain.net" -RemoteLegacy `
  -TargetDatabase "Mailbox Database 123456789" `
  -RemoteGlobalCatalog "server01.domain.local" `
  -RemoteCredential $Cred -TargetDeliveryDomain "CH-EX.domain.net"

Open in new window

0
 
Chris DentPowerShell DeveloperCommented:

> ok even though ive deleted the mailbox i can still use -localobject?

Yes, it's bothered about the user account, not the mailbox.

> well i ran it with -localobject and it worked, i now have 1 mailbox ready to move

\o/

Yeah, give it a try, it'll be "fun". I suspect the account you use will need access to the mailbox in the source domain, make sure you feed it something with sufficient rights.

Chris
0
 
awilderbeastAuthor Commented:
thanks

well heres the fun bit lol

looks like it was doing something but im not sure what

ive put the correct settings in yes?
they look right to me anyway
[PS] C:\Windows\system32>$Cred = Get-Credential

cmdlet Get-Credential at command pipeline position 1
Supply values for the following parameters:
Credential
[PS] C:\Windows\system32>New-MoveRequest -Identity "test@domain.local" -RemoteLegacy `
>>   -TargetDatabase "Mailbox Database 0939530914" `
>>   -RemoteGlobalCatalog "server01.domain.local" `
>>   -RemoteCredential $Cred -TargetDeliveryDomain "CH-EX.cworks.net"
>>
Service 'net.tcp://ch-ex.domain.net/Microsoft.Exchange.MailboxReplicationService' encountered an exception. Error: Mapi
ExceptionNetworkError: Unable to make connection to the server. (hr=0x80004005, ec=2423)
Diagnostic context:
    ......
    Lid: 11672   dwParam: 0x6BA      Msg: EEInfo: NumberOfParameters: 0
    Lid: 16280   dwParam: 0x6BA      Msg: EEInfo: ComputerName: n/a
    Lid: 8600    dwParam: 0x6BA      Msg: EEInfo: ProcessID: 1932
    Lid: 12696   dwParam: 0x6BA      Msg: EEInfo: Generation Time: 2010-04-07 10:30:41:76
    Lid: 10648   dwParam: 0x6BA      Msg: EEInfo: Generating component: 18
    Lid: 14744   dwParam: 0x6BA      Msg: EEInfo: Status: 11001
    Lid: 9624    dwParam: 0x6BA      Msg: EEInfo: Detection location: 320
    Lid: 13720   dwParam: 0x6BA      Msg: EEInfo: Flags: 0
    Lid: 11672   dwParam: 0x6BA      Msg: EEInfo: NumberOfParameters: 1
    Lid: 8856    dwParam: 0x6BA      Msg: EEInfo: prm[0]: Unicode string: SERVER01
    Lid: 45169   StoreEc: 0x977
    Lid: 52465   StoreEc: 0x977
    Lid: 60065
    Lid: 33777   StoreEc: 0x977
    Lid: 59805
    Lid: 52209   StoreEc: 0x977
    Lid: 19778
    Lid: 27970   StoreEc: 0x977
    Lid: 17730
    Lid: 25922   StoreEc: 0x977
    + CategoryInfo          : NotSpecified: (0:Int32) [New-MoveRequest], MailboxReplicationTransientException
    + FullyQualifiedErrorId : 8A678493,Microsoft.Exchange.Management.RecipientTasks.NewMoveRequest

[PS] C:\Windows\system32>

Open in new window

0
 
Chris DentPowerShell DeveloperCommented:

I suspect that'll be network access. Are you able to ping the Exchange server? Harder to test the port-level part because it'll be negotiating a port using RPC.

Chris
0
 
awilderbeastAuthor Commented:
yup i can ping server01.domain.local, it all works fine, it must anyway cos the prepare worked?

i did notice this

  -RemoteCredential $Cred -TargetDeliveryDomain "CH-EX.domain.net"

it says domain not server so i changed it to

  -RemoteCredential $Cred -TargetDeliveryDomain "domain.net"

and still got same error anyway

we checked the ports yesterday too, we were all good
how do i check rpc?
0
 
Chris DentPowerShell DeveloperCommented:
> it says domain not server so i changed it to

Yeah, that's the domain name you want for your new Primary Email Address on the target domain, a bit of an odd inclusion if you ask me.

> how do i check rpc?

There's always RPCPing, not so easy to use. Lets see...

Log onto the Exchange server, then run:

netstat -anb -p TCP

We're looking for any services that might be Exchange running on TCP. One of those will be the end-point its decided on for MAPI (it changes each time you reboot). We need to test the connection to that part with Telnet. I bet it works...

Chris
0
 
awilderbeastAuthor Commented:
do i run netstat -anb -p TCP on the 2010 or 2003 box?

on teh 2010 box theres about 15 exchange things in there

so once i find port telnet to that port?
0
 
awilderbeastAuthor Commented:
well i ran it on the sbs 2003 box and it sucks! lol
look at what it came out with :|
  Can not obtain ownership information
  TCP    192.168.170.2:1026     192.168.173.9:2335     ESTABLISHED     544
  Can not obtain ownership information
  TCP    192.168.170.2:1026     192.168.170.19:1143    ESTABLISHED     544
  Can not obtain ownership information
  TCP    192.168.170.2:1026     192.168.174.99:61311   ESTABLISHED     544
  Can not obtain ownership information
  TCP    192.168.170.2:1026     192.168.174.13:51650   ESTABLISHED     544
  Can not obtain ownership information
  TCP    192.168.170.2:1026     192.168.172.2:1103     ESTABLISHED     544
  Can not obtain ownership information
  TCP    192.168.170.2:1026     192.168.170.2:38483    ESTABLISHED     544
  Can not obtain ownership information
  TCP    192.168.170.2:1026     192.168.173.6:1116     ESTABLISHED     544
  Can not obtain ownership information
  TCP    192.168.170.2:1026     192.168.170.13:49883   ESTABLISHED     544
  Can not obtain ownership information
  TCP    192.168.170.2:1026     192.168.170.23:1195    ESTABLISHED     544
  Can not obtain ownership information
  TCP    192.168.170.2:1026     192.168.170.17:1157    ESTABLISHED     544
  Can not obtain ownership information
  TCP    192.168.170.2:1026     192.168.170.2:1927     ESTABLISHED     544
  Can not obtain ownership information
  TCP    192.168.170.2:1026     192.168.170.16:49477   ESTABLISHED     544
  Can not obtain ownership information
  TCP    192.168.170.2:1026     192.168.170.17:1168    ESTABLISHED     544
  Can not obtain ownership information
  TCP    192.168.170.2:1026     192.168.170.14:1124    ESTABLISHED     544
  Can not obtain ownership information
  TCP    192.168.170.2:1026     192.168.174.98:49548   ESTABLISHED     544
  Can not obtain ownership information
  TCP    192.168.170.2:1290     192.168.170.2:2258     ESTABLISHED     4324
  Can not obtain ownership information
  TCP    192.168.170.2:1302     192.168.170.2:2258     ESTABLISHED     4528
  Can not obtain ownership information
  TCP    192.168.170.2:1335     192.168.170.2:2258     ESTABLISHED     6104
  Can not obtain ownership information
  TCP    192.168.170.2:1470     192.168.170.2:2258     ESTABLISHED     6104
  Can not obtain ownership information
  TCP    192.168.170.2:1477     192.168.170.2:2258     ESTABLISHED     4664
  Can not obtain ownership information
  TCP    192.168.170.2:1482     192.168.170.2:2258     ESTABLISHED     4664
  Can not obtain ownership information
  TCP    192.168.170.2:1488     192.168.170.2:2258     ESTABLISHED     4664
  Can not obtain ownership information
  TCP    192.168.170.2:1489     192.168.170.2:2258     ESTABLISHED     4664
  Can not obtain ownership information
  TCP    192.168.170.2:1774     192.168.170.2:691      ESTABLISHED     7392
  Can not obtain ownership information
  TCP    192.168.170.2:1791     192.168.174.15:49277   ESTABLISHED     7368
  Can not obtain ownership information
  TCP    192.168.170.2:1791     192.168.174.98:49544   ESTABLISHED     7368
  Can not obtain ownership information
  TCP    192.168.170.2:1791     192.168.170.14:1143    ESTABLISHED     7368
  Can not obtain ownership information
  TCP    192.168.170.2:1791     192.168.170.13:49885   ESTABLISHED     7368
  Can not obtain ownership information
  TCP    192.168.170.2:1791     192.168.173.6:1541     ESTABLISHED     7368
  Can not obtain ownership information
  TCP    192.168.170.2:1791     192.168.172.2:1106     ESTABLISHED     7368
  Can not obtain ownership information
  TCP    192.168.170.2:1791     192.168.173.9:2341     ESTABLISHED     7368
  Can not obtain ownership information
  TCP    192.168.170.2:1791     192.168.173.4:1201     ESTABLISHED     7368
  Can not obtain ownership information
  TCP    192.168.170.2:1791     192.168.174.19:1217    ESTABLISHED     7368
  Can not obtain ownership information
  TCP    192.168.170.2:1791     192.168.170.16:53092   ESTABLISHED     7368
  Can not obtain ownership information
  TCP    192.168.170.2:1791     192.168.172.9:4669     ESTABLISHED     7368
  Can not obtain ownership information
  TCP    192.168.170.2:1791     192.168.170.19:1146    ESTABLISHED     7368
  Can not obtain ownership information
  TCP    192.168.170.2:1791     192.168.170.23:1199    ESTABLISHED     7368
  Can not obtain ownership information
  TCP    192.168.170.2:1791     192.168.170.11:1915    ESTABLISHED     7368
  Can not obtain ownership information
  TCP    192.168.170.2:1791     192.168.170.17:1160    ESTABLISHED     7368
  Can not obtain ownership information
  TCP    192.168.170.2:1791     192.168.170.18:49618   ESTABLISHED     7368
  Can not obtain ownership information
  TCP    192.168.170.2:1791     192.168.174.99:62248   ESTABLISHED     7368
  Can not obtain ownership information
  TCP    192.168.170.2:1791     192.168.174.12:56010   ESTABLISHED     7368
  Can not obtain ownership information
  TCP    192.168.170.2:1791     192.168.174.13:52812   ESTABLISHED     7368
  Can not obtain ownership information
  TCP    192.168.170.2:1793     192.168.170.2:691      ESTABLISHED     7368
  Can not obtain ownership information
  TCP    192.168.170.2:1807     192.168.170.2:691      ESTABLISHED     1988
  Can not obtain ownership information
  TCP    192.168.170.2:1927     192.168.170.2:1026     ESTABLISHED     5264
  Can not obtain ownership information
  TCP    192.168.170.2:2011     192.168.170.2:691      ESTABLISHED     2412
  Can not obtain ownership information
  TCP    192.168.170.2:2131     192.168.170.2:1026     ESTABLISHED     544
  Can not obtain ownership information
  TCP    192.168.170.2:2161     192.168.170.2:27431    ESTABLISHED     1480
  Can not obtain ownership information
  TCP    192.168.170.2:2258     192.168.170.2:1477     ESTABLISHED     2976
  Can not obtain ownership information
  TCP    192.168.170.2:2258     192.168.170.2:1290     ESTABLISHED     2976
  Can not obtain ownership information
  TCP    192.168.170.2:2258     192.168.170.2:1335     ESTABLISHED     2976
  Can not obtain ownership information
  TCP    192.168.170.2:2258     192.168.170.2:1482     ESTABLISHED     2976
  Can not obtain ownership information
  TCP    192.168.170.2:2258     192.168.170.2:1488     ESTABLISHED     2976
  Can not obtain ownership information
  TCP    192.168.170.2:2258     192.168.170.2:1470     ESTABLISHED     2976
  Can not obtain ownership information
  TCP    192.168.170.2:2258     192.168.170.2:1302     ESTABLISHED     2976
  Can not obtain ownership information
  TCP    192.168.170.2:2258     192.168.170.2:38490    ESTABLISHED     2976
  Can not obtain ownership information
  TCP    192.168.170.2:2258     192.168.170.2:1489     ESTABLISHED     2976
  Can not obtain ownership information
  TCP    192.168.170.2:2794     192.168.170.11:1921    ESTABLISHED     2916
  Can not obtain ownership information
  TCP    192.168.170.2:2794     192.168.170.18:49654   ESTABLISHED     2916
  Can not obtain ownership information
  TCP    192.168.170.2:3268     192.168.170.2:32498    ESTABLISHED     544
  Can not obtain ownership information
  TCP    192.168.170.2:3268     192.168.170.2:30230    ESTABLISHED     544
  Can not obtain ownership information
  TCP    192.168.170.2:3268     192.168.170.2:30240    ESTABLISHED     544
  Can not obtain ownership information
  TCP    192.168.170.2:3268     192.168.170.2:31415    ESTABLISHED     544
  Can not obtain ownership information
  TCP    192.168.170.2:3268     192.168.170.2:30877    ESTABLISHED     544
  Can not obtain ownership information
  TCP    192.168.170.2:3268     192.168.170.2:32640    ESTABLISHED     544
  Can not obtain ownership information
  TCP    192.168.170.2:3268     192.168.170.2:37237    ESTABLISHED     544
  Can not obtain ownership information
  TCP    192.168.170.2:3268     192.168.170.2:30231    ESTABLISHED     544
  Can not obtain ownership information
  TCP    192.168.170.2:3268     192.168.170.2:30229    ESTABLISHED     544
  Can not obtain ownership information
  TCP    192.168.170.2:3268     192.168.170.2:37495    ESTABLISHED     544
  Can not obtain ownership information
  TCP    192.168.170.2:3389     192.168.174.99:52411   ESTABLISHED     5632
  Can not obtain ownership information
  TCP    192.168.170.2:8080     192.168.170.17:2480    ESTABLISHED     6740
  Can not obtain ownership information
  TCP    192.168.170.2:8080     192.168.170.19:1518    ESTABLISHED     6740
  Can not obtain ownership information
  TCP    192.168.170.2:8815     192.168.170.2:1026     ESTABLISHED     3300
  Can not obtain ownership information
  TCP    192.168.170.2:13000    192.168.174.2:1637     ESTABLISHED     3120
  Can not obtain ownership information
  TCP    192.168.170.2:13000    192.168.173.3:3110     ESTABLISHED     3120
  Can not obtain ownership information
  TCP    192.168.170.2:27431    192.168.170.2:2161     ESTABLISHED     1492
  Can not obtain ownership information
  TCP    192.168.170.2:30216    192.168.170.2:389      ESTABLISHED     5264
  Can not obtain ownership information
  TCP    192.168.170.2:30217    192.168.170.2:389      ESTABLISHED     5264
  Can not obtain ownership information
  TCP    192.168.170.2:30218    192.168.170.2:389      ESTABLISHED     5264
  Can not obtain ownership information
  TCP    192.168.170.2:30219    192.168.170.2:389      ESTABLISHED     5264
  Can not obtain ownership information
  TCP    192.168.170.2:30220    192.168.170.2:389      ESTABLISHED     5264
  Can not obtain ownership information
  TCP    192.168.170.2:30221    192.168.170.2:389      ESTABLISHED     5264
  Can not obtain ownership information
  TCP    192.168.170.2:30223    192.168.170.2:389      ESTABLISHED     2412
  Can not obtain ownership information
  TCP    192.168.170.2:30224    192.168.170.2:389      ESTABLISHED     2412
  Can not obtain ownership information
  TCP    192.168.170.2:30225    192.168.170.2:389      ESTABLISHED     2412
  Can not obtain ownership information
  TCP    192.168.170.2:30226    192.168.170.2:389      ESTABLISHED     2412
  Can not obtain ownership information
  TCP    192.168.170.2:30227    192.168.170.2:389      ESTABLISHED     2412
  Can not obtain ownership information
  TCP    192.168.170.2:30229    192.168.170.2:3268     ESTABLISHED     7392
  Can not obtain ownership information
  TCP    192.168.170.2:30230    192.168.170.2:3268     ESTABLISHED     2412
  Can not obtain ownership information
  TCP    192.168.170.2:30231    192.168.170.2:3268     ESTABLISHED     1988
  Can not obtain ownership information
  TCP    192.168.170.2:30232    192.168.170.2:389      ESTABLISHED     7368
  Can not obtain ownership information
  TCP    192.168.170.2:30233    192.168.170.2:389      ESTABLISHED     5264
  Can not obtain ownership information
  TCP    192.168.170.2:30234    192.168.170.2:389      ESTABLISHED     7368
  Can not obtain ownership information
  TCP    192.168.170.2:30235    192.168.170.2:389      ESTABLISHED     7368
  Can not obtain ownership information
  TCP    192.168.170.2:30237    192.168.170.2:389      ESTABLISHED     5264
  Can not obtain ownership information
  TCP    192.168.170.2:30240    192.168.170.2:3268     ESTABLISHED     7368
  Can not obtain ownership information
  TCP    192.168.170.2:30302    192.168.170.2:389      ESTABLISHED     5264
  Can not obtain ownership information
  TCP    192.168.170.2:30306    192.168.170.2:389      ESTABLISHED     5264
  Can not obtain ownership information
  TCP    192.168.170.2:30310    192.168.170.2:389      ESTABLISHED     3300
  Can not obtain ownership information
  TCP    192.168.170.2:30362    192.168.170.2:389      ESTABLISHED     7392
  Can not obtain ownership information
  TCP    192.168.170.2:30835    192.168.170.2:389      ESTABLISHED     1988
  Can not obtain ownership information
  TCP    192.168.170.2:30877    192.168.170.2:3268     ESTABLISHED     2412
  Can not obtain ownership information
  TCP    192.168.170.2:31214    192.168.170.2:389      ESTABLISHED     2412
  Can not obtain ownership information
  TCP    192.168.170.2:31415    192.168.170.2:3268     ESTABLISHED     2412
  Can not obtain ownership information
  TCP    192.168.170.2:32498    192.168.170.2:3268     ESTABLISHED     2412
  Can not obtain ownership information
  TCP    192.168.170.2:32640    192.168.170.2:3268     ESTABLISHED     2412
  Can not obtain ownership information
  TCP    192.168.170.2:35426    192.168.170.2:389      ESTABLISHED     5264
  Can not obtain ownership information
  TCP    192.168.170.2:35983    192.168.170.2:1026     ESTABLISHED     5264
  Can not obtain ownership information
  TCP    192.168.170.2:37237    192.168.170.2:3268     ESTABLISHED     6544
  Can not obtain ownership information
  TCP    192.168.170.2:37495    192.168.170.2:3268     ESTABLISHED     5264
  Can not obtain ownership information
  TCP    192.168.170.2:38165    192.168.170.2:389      ESTABLISHED     5264
  Can not obtain ownership information
  TCP    192.168.170.2:38359    192.168.170.2:389      ESTABLISHED     6544
  Can not obtain ownership information
  TCP    192.168.170.2:38380    192.168.170.2:80       ESTABLISHED     6544
  Can not obtain ownership information
  TCP    192.168.170.2:38395    192.168.170.2:80       ESTABLISHED     6544
  Can not obtain ownership information
  TCP    192.168.170.2:38428    192.168.170.2:80       ESTABLISHED     6544
  Can not obtain ownership information
  TCP    192.168.170.2:38442    192.168.170.2:80       ESTABLISHED     6544
  Can not obtain ownership information
  TCP    192.168.1.2:38452      85.17.72.66:80         ESTABLISHED     6740
  Can not obtain ownership information
  TCP    192.168.170.2:38483    192.168.170.2:1026     ESTABLISHED     1956
  Can not obtain ownership information
  TCP    192.168.170.2:38490    192.168.170.2:2258     ESTABLISHED     6104
  Can not obtain ownership information
  TCP    192.168.170.2:38501    192.168.170.2:443      ESTABLISHED     6740
  Can not obtain ownership information
  TCP    192.168.170.2:389      192.168.101.2:12636    FIN_WAIT_2      544
  Can not obtain ownership information
  TCP    127.0.0.1:16736        127.0.0.1:389          CLOSE_WAIT      1748
  Can not obtain ownership information
  TCP    192.168.170.2:1731     192.168.170.2:389      CLOSE_WAIT      5264
  Can not obtain ownership information
  TCP    192.168.170.2:1755     192.168.170.2:389      CLOSE_WAIT      5264
  Can not obtain ownership information
  TCP    192.168.170.2:1757     192.168.170.2:389      CLOSE_WAIT      5264
  Can not obtain ownership information
  TCP    192.168.170.2:1758     192.168.170.2:389      CLOSE_WAIT      5264
  Can not obtain ownership information
  TCP    192.168.170.2:1759     192.168.170.2:389      CLOSE_WAIT      5264
  Can not obtain ownership information
  TCP    192.168.170.2:1760     192.168.170.2:3268     CLOSE_WAIT      5264
  Can not obtain ownership information
  TCP    192.168.170.2:1761     192.168.170.2:3268     CLOSE_WAIT      5264
  Can not obtain ownership information
  TCP    192.168.170.2:2088     192.168.170.2:389      CLOSE_WAIT      988
  Can not obtain ownership information
  TCP    192.168.170.2:30236    192.168.170.2:389      CLOSE_WAIT      5264
  Can not obtain ownership information
  TCP    192.168.170.2:33100    192.168.170.2:389      CLOSE_WAIT      7368
  Can not obtain ownership information
  TCP    192.168.170.2:33944    192.168.170.2:389      CLOSE_WAIT      5264
  Can not obtain ownership information
  TCP    192.168.170.2:35519    192.168.170.2:389      CLOSE_WAIT      6412
  Can not obtain ownership information
  TCP    192.168.170.2:35540    192.168.170.2:389      CLOSE_WAIT      6412
  Can not obtain ownership information
  TCP    192.168.170.2:35594    192.168.170.2:389      CLOSE_WAIT      6544
  Can not obtain ownership information
  TCP    192.168.1.2:38196      216.239.59.104:80      CLOSE_WAIT      6740
  Can not obtain ownership information
  TCP    192.168.1.2:38245      209.235.144.9:80       CLOSE_WAIT      6740
  Can not obtain ownership information
  TCP    192.168.170.2:44981    192.168.170.2:389      CLOSE_WAIT      988
  Can not obtain ownership information
  TCP    192.168.170.2:56156    192.168.170.2:3268     CLOSE_WAIT      5264
  Can not obtain ownership information
  TCP    192.168.170.2:389      192.168.170.14:1453    TIME_WAIT       0
  TCP    192.168.170.2:389      192.168.170.2:38488    TIME_WAIT       0
  TCP    192.168.170.2:389      192.168.170.2:38493    TIME_WAIT       0
  TCP    192.168.170.2:389      192.168.170.14:1452    TIME_WAIT       0
  TCP    192.168.170.2:389      192.168.170.14:1451    TIME_WAIT       0
  TCP    192.168.170.2:389      192.168.170.14:1447    TIME_WAIT       0
  TCP    192.168.170.2:389      192.168.170.2:38492    TIME_WAIT       0
  TCP    192.168.170.2:389      192.168.170.2:38487    TIME_WAIT       0
  TCP    192.168.170.2:389      192.168.170.2:38486    TIME_WAIT       0
  TCP    192.168.170.2:389      192.168.170.2:38485    TIME_WAIT       0
  TCP    192.168.170.2:389      192.168.170.14:1446    TIME_WAIT       0
  TCP    192.168.170.2:38434    192.168.170.2:2258     TIME_WAIT       0
  TCP    192.168.170.2:38480    192.168.170.2:135      TIME_WAIT       0
  TCP    192.168.170.2:38481    192.168.170.2:1026     TIME_WAIT       0
  TCP    192.168.170.2:38482    192.168.170.2:135      TIME_WAIT       0

C:\WINDOWS>

Open in new window

0
 
Chris DentPowerShell DeveloperCommented:

2003 box, we're trying to find out what it's trying to connect to.

And yeah, trying to see if it'll connect to that.

There are other ways to see the same, WireShark (a packet sniffer) would let us find out.

Chris
0
 
Chris DentPowerShell DeveloperCommented:

Bleh that's no fun.

Fancy playing with WireShark instead? :)

Chris
0
 
awilderbeastAuthor Commented:
can do, im not great with it though, ill jsut download it to this machine

just point me the right way :)

i bet this is the longest question youve ever helped with?
0
 
Chris DentPowerShell DeveloperCommented:

It's getting there, has potential :) But not quite there yet, a few have run over 200 comments :)

Chris
0
 
awilderbeastAuthor Commented:
ok i have wireshark on server01.cworks.local now

how do i set it up to listen for specific data or shall i just run a capture and look for what?
not really sure how to use this thing


CHeers
0
 
Chris DentPowerShell DeveloperCommented:

Keep it simple, start a capture, then add this filter (display filter):

ip.addr == WhateverIPServer01Uses

Now we should only see traffic between the 2010 server and the old SBS server. Once that's done, run the New-MoveRequest part and see what traffic it passes. We're especially interested in things that go to Server01 where it gets no reply at all.

Chris
0
 
awilderbeastAuthor Commented:
ok i have captured and can see some data going between domain.net and domain.local now

its mostly LDAP and TCP but dont know how to see the port numbers on it

where do i find tcp port info?
0
 
awilderbeastAuthor Commented:
oh right i see it now

in info theres a fair few ports

12363
12630
39703
39707
39708
39713
39714

theres two frames at the end that are highlighted red that have ports 12630 and 12636 on too

this info any good?
0
 
Chris DentPowerShell DeveloperCommented:

Can you show me source and destination ports for each?

If you look in the top pane I'd be interested in seeing Source, Destination and Info. For Info, feel free to discard anything after (and including) Seq=, I only want the port names / numbers it quotes there and the flag ([ACK], [FIN], etc).

Chris
0
 
awilderbeastAuthor Commented:
the source ports are above

12363
12630
39703
39707
39708
39713
39714

and the destination was ldap on them all and if the source was ldap the destination was msft-gc 3268 or ldap
0
 
Chris DentPowerShell DeveloperCommented:

Hmm okay, I expected it to try and connect to the Exchange server, that's when you ran New-MoveRequest right?

Chris
0
 
awilderbeastAuthor Commented:
yeah thats what came out when i ran new-moverequest
0
 
Chris DentConnect With a Mentor PowerShell DeveloperCommented:

Damn, that didn't help as much as I'd hoped.

I like this though, lets try :)

http://social.technet.microsoft.com/Forums/en/exchange2010/thread/31af1f7f-4869-4199-9d3f-904e83d0c7d5

Can you add "domain.local" as a DNS Suffix on the Exchange 2010 system? It'll be TCP/IP Settings, Advanced, DNS, and something like "Append these suffixes in order". Once that's done, see if you can ping "Server01" without the domain.local part, just Server01 on its own.

Chris
0
 
awilderbeastAuthor Commented:
adding the upn suffix seems to have worked

DisplayName               Status                    TotalMailboxSize          TotalArchiveSize         PercentComplete
-----------               ------                    ----------------          ----------------         ---------------
test                      Queued                    34.42 KB (35,244 bytes)                            0


how do i see progress?
0
 
Chris DentConnect With a Mentor PowerShell DeveloperCommented:

Wow... progress... that's some poor quality error reporting from MS there.

Ah well... this should show current status:

Get-MoveRequest

Chris
0
 
awilderbeastAuthor Commented:
it worked :D

now youve helped me enough for this question

im going to open another question

how do i get external emails to this exchange server, can you help with that?

cheers
0
 
awilderbeastAuthor Commented:
thanks
0
All Courses

From novice to tech pro — start learning today.