Exchange 2003 to new Forest Migration isses

Our company recently went through a merger. We are migrating from an old 2003 domain with exchange to a new 2003 domain with exchange.
Acme (Source) - has AD domain that will no longer be used, but holds the current Exchange 2003 server and all user mailboxes for entire NewCompany

NewCompany (Target) - has AD domain that will be used enterprise wide and domain users are already established. Exchange 2003 is installed and we want to migrate the Acme exchange mailboxes to this new domain/exchange.

Running into some problems with the following scenario:

1.) We have user John.Doe in the Acme domain (with mailbox)
2.) We also have that same user as jdoe in the NewCompany domain (with no mailbox)
3.) We want to migrate all the emails, contacts, settings etc from #1 to #2, but every time we use the migration tools, it tries to create a new user account on the target domain (NewCompany) Basically to join the two accounts together into one on the new target domain.

We've read through the technet articles and other help sites, but nothing describes the scenario above. Any advice would be appreciated, as we're trying not to redo all 100+ accounts and mailboxes.

Thank you!
avalon-gsAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Satya PathakLead Technical ConsultantCommented:
Active Directory Migration
--------------------------------------------------------------------------------
I wrote a procedure for Inter-Forest Migration for ADMT, but this Step-by-Step procedure is also valid for NetIQ DMA and Quest Migration Manager tools (they are all running on the same concept). with Quest tool there are few other things that are recommended to be set but I won't go into it unless you are about to tell me you planing using it.
This procedure covers all your issues (I have been through them all).
If you are planing to be using both on Target Domain and on Source domain a User that is a member of Domain Admins Group,
(each User on his domain),then you can skip the "Site_Admins" part on all sections.
here I am posting the Preparations for Inter-Forest Migration.
 
Inter-Forest Migration Preparation using ADMT
==================================================
 
1.Purpose
 
The purpose of this document is to prepare Source & Target Domains for Inter-Forest Migration
 
2.Prerequisites
 

1.Understanding in Active Directory and DNS
2.Administrative access is needed on the source domain that is about to be migrated into the Target Domain by creating a user on the source domain that is a member of “Domain Admins” & “Enterprise Admins” that would be used during migration.
3.Communication between the source domain DC & PDC Emulator and Target DC on site & Target PDC Emulator has to be fully open between them all (full IP).
 
Inter-Forest Migration Preparation
1.Make sure the Target DC on site that is going to be used for Migration has a DNS Server Service Installed.
2.Create an AD integrated conditional forwarder on “target.com” DNS to forward any DNS queries of the source domain to the source domain’s DNS server. This could be done by running the following command on one of “target.com” DNS servers: DnsCmd DNSServer /ZoneAdd SourceDomain.com /DsForwarder xx.xx.xx.xx (IP Address of the Source Domain’s DNS Server).
3.Create an AD integrated conditional forwarder on “SourceDomain.com” DNS to forward any DNS queries of “target.com” domain to the Target domain’s DNS server. This could be done by running the following command on one of “SourceDomain.com” DNS servers : DnsCmd SourceDC /ZoneAdd target.com /DsForwarder xx.xx.xx.xx (IP Address of the target Domain’s DNS Server closest to the source domain site).
4.Verify that there is DNS resolving between the Domains using NSLOOKUP, This test could only take place from the DC’s that are open to each other (refer to “PREREQUISITES”, Section 3).
5.Create a Two Way External Trust between both Domains using an Target Domain Admin User and the Domain Admin user you created on the Source Domain.
Make sure that if you are using the same user “name” on both Domains, the Password of that user must match on both domains, otherwise you would receive an unrelated RPC error when trying to create the Trust.
6.Disable SID filtering on the outgoing Trust on both Domains, This could be done by running the following command:
·On Target Domain: Netdom trust target.com /domain:SourceDomain.com /quarantine:No /userD:User /passwordD:Password
·On Source Domain: Netdom trust SourceDomain.com /domain:target.com /quarantine:No /userD:User /passwordD:Password
7.Modify/Create the following registry key “AllowPasswordExport” to DWORD 1. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Contro l\LSA on the Source Domain PDC Emulator and on the source DC that would be used for migration (Installing PES).
 
8.If the Source Domain Controller used for migration is running Windows 2000, you must add on the Domain Controller the following Registry Key: “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\LSA” Modify/Create the registry entry TcpipClientSupport, of data type REG_DWORD, by setting the value to 1.
9.Create a dedicated Global Group in the OU on the Target domain, which would contain the members of those who would be involved in the migration process of Users/Groups/Workstations/Servers (e.g. Site_Admins).
10.Assign the Migrators Members to the Site_Admins Group.

11.Install the ADMT Software on a member server that is Part of Target Domain (not on the Source Domain member server).
12. Add Target “Domain Admins” group & Site_Admins in to the “Administrators” Group on the server that is running the ADMT.
13.Add Target “Domain Admins” group & Site_Admins in to the “Administrators” Group in the SourceDomain Active Directory.
14.Delegate permissions on “target.com” root domain in “Active Directory Users & Computers” "migrate SID History" to the Site_Admins group and a Full Control permissions on the OU where the Objects would be migrated to (i.e. users/groups/computers,etc).
15.Make sure that on both Domains “Default Domain Controller Policy” -> Computer Configuration -> Windows Setting -> Security Settings -> Local Policies -> Audit Policy -> "Audit Account Management" is set to Audit both Success & Failure.
16.On the Source Domain create a Domain Local group “SourceDomain$$$" (Domain NetBios name).
Make sure you do not place any members in this group or the ADMT would fail migrating SID History.
17.On the Server that the ADMT is installed run the following command (c:\windows\ADMT)
admt key /opt:create /sd:sourcedomain.com /kf:"c:\temp\source.pes"
18.copy the “source.pes” that you just created onto a local disk on the source domain controller that would be used for the migration process.
19.Install the PES Application/DLL on the source domain controller, the Installation setup could be found at: could be found on the ADMT server where the ADMT was Installed. Supply the Installation wizard with the “source.pes” you just copied onto the DC, When asked under what service to run the PES DLL choose and set a Target Domain Admin user account that was decided.
 
your done, after that ADMT v3 should be working without a problem, ADMT v3.1 is based the same, so that should apply on ADMT v3.1 as well..
 
--------------------------------------------------------------------------------
ohh one thing I did not mention, this procedure I wrote was originally meant for migration between 2003 AD to 2003 AD, the only difference is that on a 2000 source DNS you won't be able to create a conditional forwarder as you could do on a 2003 DNS, so just create a secondary zone on the source DNS containing a zone copy of the target Domain's DNS Zone , that would have the same effect.
another difference when you establish an External Trust on 2000 AD Domain, the SID filtering is not enabled by default ,hence you don't need to disable it on the 2000 domain,
but only on the 2003 Domain (at your case the Target domain).
on a Forest trust the SID filtering is not enabled by default , but you can't create a Forest trust on a 2000 Forest, so that doesn't
really matters to you any way.
 
BTW - have you considered using the ADMT v3.1? - you would mainly benefit from it if you got 2008 Member server you want to migrate and/or Vista Workstations, which ADMT v3 does not officially support - there are work around making it work though.

0
avalon-gsAuthor Commented:
Before I try this - I did not see any mention of Exchange in your solution - that is our main goal, the migration of the exchange mailboxes. The problem is, we had dual logins for each domain, as in my example:
Domain1- John Doe's login = john.doe
Domain2 - John Doe's login = jdoe

I need to have all the info (especially mailbox) from Domain1 John Doe combine into the Domain2 John Doe account
0
avalon-gsAuthor Commented:
Btw, We had already completed steps 1-6 of your solution and we have ADMT installed.

To further clarify the John Doe in each domain is the same person, not two seperate people with the same name.

How can we merge/combine the two accounts into the one on Domain2? Is this even possible?
0
avalon-gsAuthor Commented:
Ok, I figured out how to accomplish this. We have to migrate the accounts to the new domain, then delete them (Exchange keeps the mailbox intact) then we reconnect the mailbox to an existing Domain2 account.

http://exchangepedia.com/blog/2006/03/how-to-reconnect-mailbox-to-another.html

I tested this on our test group and it works great.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Satya PathakLead Technical ConsultantCommented:
Excellent  @avalon-gs  great job !!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.