Have Trust in place , In my Situation I created Two way Transitive Trust
We can limit permissions by going for different type of trusts
If you are planning to Migrate the User account with SID – Which is recommended
If you are planning to Migrate Users with Password , You have to Configure “Password Export Server” in the source domain
- Now Trusts are in place
- ADMT is installed on the Target DC
- If you are planning to migrate passwords as well – Password Export Service is Configured and Started in the Source Domain
Before starting, There are many methods to Move mailboxes across forest .First I will go for the Recommended one .
Later we will see the other methods in the future posts
let us call this method as “Running .\PrepareMoveRequest.ps1 first and then using ADMT to migrate the Sid History”
We will do it for one user to get a Clear idea , Then we can go for Bulk Migration in later posts
Created a Test Mailbox – Mailbox1
First Store the Access Credentials in the Shell in the Target Forest
Please don’t confuse yourself Here.
Am Running this on the Target Forest – $localCredentials Means the TargetForestCredentials
SourceForest – oldcompany.in
TargetForest – careExchange.in
Please don’t forget to Type the DomainName\UserName
$localCrendentials = Get-Credential
$RemoteCrendentials = Get-Credential
Means my Source Forest
Now Preparing a Move Request
Browse your Exchange Management Shell in Scripts Folder in your Target Forest
.\Prepare-MoveRequest.Ps1 -Identity "EmailAddress" -RemoteForestDomainController "FQDN of Source DC" -RemoteForestCredential $RemoteCredentials -LocalForestDomainController "FQDN of Target Forest DC" -LocalForestCredential $LocalCredentials -TargetMailUserOU "Distinguished name of OU in TargetForest" –UseLocalObject
You can see what are the Attributes its getting touched
Now you can See a Disabled account as been Created on the Specified OU
Now use ADMT to migrate the SID and Enable the Target Account
Now you can find the SID history
Now your AD account will get Enabled
Now moving the mailbox by a Remote move request
New-MoveRequest –Identity 'Mailbox1@oldcompany.in' –Remotelegacy -RemoteCredential $RemoteCredentials –TargetDeliverydomain 'careexchange.in' –RemoteGlobalCatalog "Source DC FQDN"
Now you can See a Remote move has been Completed
Now you won’t be able logon on the new forest directly as you required to change password as first logon
To avoid that situation
Open Adsiedit –Set pwdlastset to –1
or just login to a client machine and change the password at first logon
Great !! you able to login in Target Forest Successfully !!
You can Refer the Below Link , The only change is – You will be using –RemoteLegacy Switch and not a –Remote Switch
Import-Csv "SourceUserdump.csv" | New-MoveRequest –Remotelegacy -RemoteCredential $RemoteCredentials –TargetDeliverydomain ‘careexchange.in –RemoteGlobalCatalog "Source DC FQDN"