Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Exchange 2010 Cross-Forest Mailbox Move and AD Migration

Posted on 2011-09-20
6
931 Views
Last Modified: 2012-05-12
Hello,
I am in the middle of an Active Directory migration, during the last phase I will be migrating the user accounts and mailboxes, all at the same time, over a long weekend.
My plan is to run the Prepare Move Request script in exchange 2010, then migrate the accounts with the ADMT tool and then move the mailboxes.
At a some point during that weekend I will need to forward incoming emails to the new server versus the old.
My question is just at what point? Do I need to wait until all mailboxes have finished moving?
I am planning on "SuspendWhenReadytoComplete" and then complete them all, but I am not sure at what point I will be able to start receiving emails into the new mailboxes. I want to allow the users to access their emails for as long as possible during that weekend, or have the shortest down time as possible.
Also any tips you can provide to deal with active sync and anything else you can thin of will be welcome.

Thanks,
0
Comment
Question by:amenezes0617
  • 3
  • 2
6 Comments
 
LVL 11

Expert Comment

by:Marc Dekeyser
ID: 36572225
it is obvious that you prepared this well enough, but have you read this article? http://blogs.technet.com/b/exchange/archive/2010/08/10/3410619.aspx
0
 
LVL 29

Expert Comment

by:pwindell
ID: 36573662
Mail boxes don't move.

The New AD Domain creates new blank mailboxes for the users.  The users needs to be using them first (with the mail going to the new mail server).   Then use whatever chosen means you are using to copy (not move) the contents of the old mail boxes into the new mail boxes.  The users will simply have to survive for a short period of time without their old messages.  If you are doing it over the week end then you may be able to complete the whole thing before the users get involved.

Users and not move either

The migration process never moves anything,...it copies. It simply makes new user accounts in the new Domain that are spelled the same and may have the same password.  The new accounts get a new SID,...so they are not really the same old account.  However the ADMT process can add the old SID to the account as a secondary SID in oder for the Account to impersonate the old account.  But it is still a distinct new account,...that only impersonates the old account via the SID history
0
 
LVL 5

Author Comment

by:amenezes0617
ID: 36574939
Thanks Geminon, I have read that article several times. :-)

So, pwindell, if I understand you correctly, the prepare move request will create the account and mailbox, then the ADMT tool will just basically "stamp" the old SID in the SID history attribute and get the group membership, etc done. So then I should switch the email to flow to the new server anytime after I run the prepare move request script? Is that correct?

Thanks a lot, I think I got it, I just really want to confirm my ideas.

0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 29

Accepted Solution

by:
pwindell earned 500 total points
ID: 36575073
You need to read the Docs for the ADMT (over and over and over) until you clearly understand what it does, how it works, and what the whole migration process consists of.  You cannot do this based on my simplified posts that do not contain all the facts and details.  I studied the Docs for about a couple weeks before I even began the process,...then I built a test lab and run through the process a couple times.

ADMT creates the new user accounts in one step
ADMT adds the SID history in an additional step when you run the Security Translation Wizard (a part of ADMT)

AD automatically creates the mailboxes as soon as the accounts are "born" if the new Exchange is already built and running on the new Domain ahead of time.  It could be that the ADMT triggers AD into doing that process,...but it is an AD process none-the-less.   If the mailboxes are not created for whatever reason then you just select all the users in AD and trigger the creation of the mailboxes manually.

Exchange initializes the mail boxes the first time they receive a new message.  So send a test message to every user to initialize the mailboxes.

Copying the old mail into the new boxes happens by yet another separate process.  With Exchange2003 it was done with the Exmerge Tool.  With Exchange2007-2010 it is done from a command line or some other third party tools.  It can also be done in advance by adding a Personal Folders to Outlook and making it the delivery point,...Outlook will shift the mail into the local PST over a period of time (maybe an hour or so depending on the mailbox size). This must be done while the old user in the old Domain is still in using the old Exchange.  You're going to have to research that and decide which means will work best for you.   Just remember that the moving of the old mail is not part of the Migration,...it is a separate Post-Migration process,...and Exchange has no migration at all,..you are just building a new Exchange with fresh clean empty mailbox,...there is no migration with Exchange.
0
 
LVL 29

Expert Comment

by:pwindell
ID: 36575149
Lastly,...do not wipe out the old domain and the old Exchange for a period of time.   That will be how you preserve the old email and you may have to go back and grab stuff if the process get screwed up the first time around.

The migration is non-destructive to the old domain,...even the old machine accounts are left behind.  The old user accounts may or may not be disabled during the process (depends on the option you choose in ADMT).  But in any case leave the old Exchange and old DC fully intact for a period of time after.
0
 
LVL 5

Author Closing Comment

by:amenezes0617
ID: 36575171
Thanks, I have read all that I can find out there about this, and the ADMT guide, several times.
I have already done a test run in a lab as well and my live environment is ready to go as well.
I am just ironing out the last details.

Thanks for all your input, I appreciate it.
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question