Exchange 2010 Cross-Forest Mailbox Move and AD Migration

Posted on 2011-09-20
Last Modified: 2012-05-12
I am in the middle of an Active Directory migration, during the last phase I will be migrating the user accounts and mailboxes, all at the same time, over a long weekend.
My plan is to run the Prepare Move Request script in exchange 2010, then migrate the accounts with the ADMT tool and then move the mailboxes.
At a some point during that weekend I will need to forward incoming emails to the new server versus the old.
My question is just at what point? Do I need to wait until all mailboxes have finished moving?
I am planning on "SuspendWhenReadytoComplete" and then complete them all, but I am not sure at what point I will be able to start receiving emails into the new mailboxes. I want to allow the users to access their emails for as long as possible during that weekend, or have the shortest down time as possible.
Also any tips you can provide to deal with active sync and anything else you can thin of will be welcome.

Question by:amenezes0617
  • 3
  • 2
LVL 11

Expert Comment

by:Marc Dekeyser
ID: 36572225
it is obvious that you prepared this well enough, but have you read this article?
LVL 29

Expert Comment

ID: 36573662
Mail boxes don't move.

The New AD Domain creates new blank mailboxes for the users.  The users needs to be using them first (with the mail going to the new mail server).   Then use whatever chosen means you are using to copy (not move) the contents of the old mail boxes into the new mail boxes.  The users will simply have to survive for a short period of time without their old messages.  If you are doing it over the week end then you may be able to complete the whole thing before the users get involved.

Users and not move either

The migration process never moves anything, copies. It simply makes new user accounts in the new Domain that are spelled the same and may have the same password.  The new accounts get a new SID, they are not really the same old account.  However the ADMT process can add the old SID to the account as a secondary SID in oder for the Account to impersonate the old account.  But it is still a distinct new account,...that only impersonates the old account via the SID history

Author Comment

ID: 36574939
Thanks Geminon, I have read that article several times. :-)

So, pwindell, if I understand you correctly, the prepare move request will create the account and mailbox, then the ADMT tool will just basically "stamp" the old SID in the SID history attribute and get the group membership, etc done. So then I should switch the email to flow to the new server anytime after I run the prepare move request script? Is that correct?

Thanks a lot, I think I got it, I just really want to confirm my ideas.

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

LVL 29

Accepted Solution

pwindell earned 500 total points
ID: 36575073
You need to read the Docs for the ADMT (over and over and over) until you clearly understand what it does, how it works, and what the whole migration process consists of.  You cannot do this based on my simplified posts that do not contain all the facts and details.  I studied the Docs for about a couple weeks before I even began the process,...then I built a test lab and run through the process a couple times.

ADMT creates the new user accounts in one step
ADMT adds the SID history in an additional step when you run the Security Translation Wizard (a part of ADMT)

AD automatically creates the mailboxes as soon as the accounts are "born" if the new Exchange is already built and running on the new Domain ahead of time.  It could be that the ADMT triggers AD into doing that process,...but it is an AD process none-the-less.   If the mailboxes are not created for whatever reason then you just select all the users in AD and trigger the creation of the mailboxes manually.

Exchange initializes the mail boxes the first time they receive a new message.  So send a test message to every user to initialize the mailboxes.

Copying the old mail into the new boxes happens by yet another separate process.  With Exchange2003 it was done with the Exmerge Tool.  With Exchange2007-2010 it is done from a command line or some other third party tools.  It can also be done in advance by adding a Personal Folders to Outlook and making it the delivery point,...Outlook will shift the mail into the local PST over a period of time (maybe an hour or so depending on the mailbox size). This must be done while the old user in the old Domain is still in using the old Exchange.  You're going to have to research that and decide which means will work best for you.   Just remember that the moving of the old mail is not part of the Migration, is a separate Post-Migration process,...and Exchange has no migration at all, are just building a new Exchange with fresh clean empty mailbox,...there is no migration with Exchange.
LVL 29

Expert Comment

ID: 36575149
Lastly, not wipe out the old domain and the old Exchange for a period of time.   That will be how you preserve the old email and you may have to go back and grab stuff if the process get screwed up the first time around.

The migration is non-destructive to the old domain,...even the old machine accounts are left behind.  The old user accounts may or may not be disabled during the process (depends on the option you choose in ADMT).  But in any case leave the old Exchange and old DC fully intact for a period of time after.

Author Closing Comment

ID: 36575171
Thanks, I have read all that I can find out there about this, and the ADMT guide, several times.
I have already done a test run in a lab as well and my live environment is ready to go as well.
I am just ironing out the last details.

Thanks for all your input, I appreciate it.

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Exchnage ./. Sophos Web Application Firewall 5 13
Exchange Cross-Forest Migation 6 31
Unable to hit site 2 23
Restrict Mailbox size in Exchange 2 18
This article explains how to install and use the NTBackup utility that comes with Windows Server.
This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to:…

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question