Active Directory and Exchange Cross Forest Migration

Hi Guys,

I am doing a cross forest/exchange migration at the minute, well planning it out at this stage here is the scenario, what we hope to achieve and how we plan to do it, any suggestions would be great.

I would like to add this is pretty high level stuff and ill only be accepting answers from high level contributors with the correct experience no offence to anyone.

Anywayz....

by the time this happens we will upgrade the forest functional level and domain operations level to 2008R2, we will also be adding a 3rd DC to host only the infrastructure master role as per MS recommendations.

We have in SiteA
VMware ESXI 5.5 with Vcenter multi host environment with Failover configured.
1 X AD Forest, 1 X AD Domain(2008 forest and operations level), with 2 X DC(1 X 2008R2 and 1 X 2008), 1 X Exchange 2010 server single CAS, 2 X SQL servers that are mission critical, Various other file print servers and other servers I class as irrelevant at an overview.

The plan is to move SiteA to a datacentre, then leave SiteB running at our office location we plan to also do the following.
- SiteB will be a completely new forest unfortunately this is a requirement.
- Create a forest trust between both forests.
- Leave the mission critical stuff SQL/WEB etc on SiteA.
- Migrate our Exchange server along with our AD data to SiteB which is a completely new forest.

Just at an overview how does this sound.

Has anyone got any recomandations for this?

The thing I am most concerned about is the exchange server and migrating it to a new forest I am actually not even sure if this will work to be honest.

Any help is appreciated

Thanks
LVL 9
Mark BillExchange, AD, SQL, VMware, HPE, 3PAR, FUD, Anti MS Tekhnet, Pro EE, #1Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Will SzymkowskiSenior Solution ArchitectCommented:
The plan is to move SiteA to a datacentre, then leave SiteB running at our office location we plan to also do the following.
 - SiteB will be a completely new forest unfortunately this is a requirement.
 - Create a forest trust between both forests.
 - Leave the mission critical stuff SQL/WEB etc on SiteA.
 - Migrate our Exchange server along with our AD data to SiteB which is a completely new forest.

Based on the scenario above what is the purpose of creating a new forest in SiteB leaving SQL etc in SiteA. This really does not make sense to me at all. You are over complicating things here. What do you gain leaving SiteA and SiteB separate domains? The only thing i see is complexity.

As for moving AD objects you are going to need to use ADMT (Active Directory Migration Tool) specifically for AD objects. However when you use ADMT it does not move Exchange Attributes.

For Exchange you will need to use the Prepare-MoveRequest.sp1 script to move the mailboxes between different Forest.

Prepare-MoveRequest
https://technet.microsoft.com/en-us/library/ee861103(v=exchg.150).aspx

ADMT 3.2 migration guide
https://www.microsoft.com/en-ca/download/details.aspx?id=19188

But as i have stated above, i am still unsure as to why there is a need to create another forest, especially when you are not even moving all of the AD objects.

Will.
Mark BillExchange, AD, SQL, VMware, HPE, 3PAR, FUD, Anti MS Tekhnet, Pro EE, #1Author Commented:
The reason is for compliance reasons, im being pushed down this route, im actually not sure what the best route to go is as this is a huge job. Thanks for the response Will.

I probably explained it a bit crummy. Let me try again.

We are in Site A now. SQL Exchange AD IIS Servers everything is here now.
We have bought a space in a Datacenter and this is SiteB.

We are going to move Site A servers SQL, IIS and AD to SiteB, and create a new forest in SiteA whilst leaving AD SQL IIS in Site B now in its original environment.
The reason it is happening this way is to protect the SQL and customer facing stuff.

I am very open to options on this one. If someone can provide good reason to not do two forests I might be able to change there minds.
Will SzymkowskiSenior Solution ArchitectCommented:
I am very open to options on this one. If someone can provide good reason to not do two forests I might be able to change there minds.

This situation is obviouly driven by the business requirements. Will it work? Sure it can work, it will be a more complex setup but ultimately can work, with the correct planning/implemention. If it was me I would still try and push for a sinle AD environment as management and complexity is simplifed, however business needs sometimes drive decsions and sometimes you don't get to go down the "path of lease resistance".

But coupled with ADMT and Prepare-MoveRequest script will be able to move the objects to the new Forest.

Will.
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

Mark BillExchange, AD, SQL, VMware, HPE, 3PAR, FUD, Anti MS Tekhnet, Pro EE, #1Author Commented:
As for moving AD objects you are going to need to use ADMT (Active Directory Migration Tool) specifically for AD objects. However when you use ADMT it does not move Exchange Attributes.

Thanks Will, what are the implications of not moving the exchange attributes?

Are there ways to do this manually?

I am pretty sure ill be forced down the difficult route, I will try again though.
Will SzymkowskiSenior Solution ArchitectCommented:
If you do not move the Exchange attributes then you will need to either do one of two things...
- export the mailboxes in the current domain and import them into new mailboxes in the new Forest that are tried to the AD accounts you migrated

or

- you can create linked mailboxes from current forest (SiteA) to SiteB. In this setup the mailbox data actually resides on the SiteA Exchange server and your AD users from the new forest (SiteB) will connect to SiteA for mail.

Aside from that those are your other options that you can proceed with.

Will.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Mark BillExchange, AD, SQL, VMware, HPE, 3PAR, FUD, Anti MS Tekhnet, Pro EE, #1Author Commented:
wizard
Will SzymkowskiSenior Solution ArchitectCommented:
Glad to help!

Will.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.