34.1 C
Sunday, June 23, 2024

Cross Forest Migration Guide – Exchange 2010 to Exchange 2010

This Migration Guide will help you to migrate mailboxes across forest

Its always people go confused when source and target forests are Exchange 2010, I have tried to explain as detailed a possible and covered one method

where “Running .\PrepareMoveRequest.ps1 first and then using ADMT to migrate the Sid History” of the users

Please share your feedback in comments , So that I can update the guide frequently

so lets go ahead

Step 1:

Have Trust in place across forests , In my Situation I created Two way Transitive Trust where I won’t get into any permission constraints

Good to know : We can limit permissions by going for different type of trusts

See –

How to Create Two way Transitive Trust – Windows Server 2008 R2

Step 2:

You need Active Directory Migration Tool to Get your User accounts migrated without any hassle, You can install it in either of the forests but , Have installed in the target forest , where I will be doing most of my work

See –

How to install ADMT 3.2 in Windows Server 2008 R2

Step 3:

If you are planning to Migrate the User account with SID – Which is recommended – where users will still have access to their old forest where they will be recognized like

access to file shares and permission groups . So I would always recommend to get your SID along with the Users

If you are planning to Migrate Users with Password that doesn’t happen by default , You have to Configure “Password Export Server” in the source domain

See –

How to Migrate Users Across forest (Cross Forest) using ADMT 3.2 with sid and Passwords

Step 4:

Enable MRS Proxy on the Source Client Access Server which is going to Facilitate the Remote move from the Source Forest,

I have described Enabling MRS proxy where version is Exchange 2010 Sp1 or later cause enabling in RTM version differs


How to Enable MRS Proxy and Increase timeout In Exchange 2010

Step 5:

Ignore if you are not using a Self Signed Cert.

If you are using a Self Signed Certificate –Where Exchange servers won’t authenticate between each other

Because they won’t trust each of them

You got to Export the Cert from Source Exchange Server and import it on Target Exchange Server

Vice versa

See –

How to Export a Self signed Server Certificate and Import it on a another Server in Windows server 2008 R2

Step 6:

Check List

  •  Now Trusts are in place
  • ADMT is installed on the Target DC
  • MRS Proxy is Enabled on the Source Forest Client Access Server
  • Admin User of the Target forest  is a member of administrators group in the Source forest – Add vice Versa
  • If you are using Self Signed Cert – They have been Exported from the target and imported in source (vice versa)
  • If you are planning to migrate passwords as well – Password Export Service is Configured and PES service is Started in the Source Domain

Before starting, There are many methods to Move mailboxes across forest .I will go for the Recommended one .

let us call this method as “Running .\PrepareMoveRequest.ps1 first and then using ADMT to migrate the Sid History

We will move one mailbox to get a Clear idea , Then we can go for Bulk Migration of mailboxes.

I always recommend to move few mailboxes . Test it as much as you can . they go for bulk migration

Step 7 :

Created a Test Mailbox – Mailbox1


Step 8:

First Store the Access Credentials in the Shell

Please don’t confuse yourself Here.

Am Running this on the Target Forest – $localCredentials Means the TargetForestCredentials

SourceForest – careExchange.in

TargetForest – TargetExchange.in

Please don’t forget to Type the DomainName\UserName (Note:If it fails with Error – Authentication Failed – Try Entering Domain.Com\Username ,.com or .local refers to your local domain)

$localCredentials = Get-Credential


$RemoteCredentials = Get-Credential

Means my Source Forest


Note : After Storing your Credentials – Do not Close Shell – You got to run the Future Command in the Same Power Shell Session

Step 9:

Now Preparing a Move Request

Browse your Exchange Management Shell into Scripts Folder in your Target Forest , Which will be in Exchange installation Location

.\Prepare-MoveRequest.Ps1 -Identity EmailAddress -RemoteForestDomainController FQDN of Source DC -RemoteForestCredential $RemoteCredentials -LocalForestDomainController FQDNofTargetForestDC -LocalForestCredential $LocalCredentials -TargetMailUserOU Distinguished name of OU in TargetForest –UseLocalObject -Verbose

Using –Verbose in the end of the Command

You can clearly see what are the Attributes its getting touched

Mail,Display name,Proxy address etc..


Now you can See a Disabled account which has been Created on the Specified OU


Step 10:

Now use ADMT to migrate the SID and Enable the Target Account which is “Mailbox1”  in my Scenario


How to Migrate Users Across forest (Cross Forest) using ADMT 3.2 with sid and Passwords

Now you can find the SID history of the account , Where you can confirm that you did things correctly


Now your AD account will get  Enabled


Step 11:

Now your Account with SID and password as been moved, But still your Content of the mailbox hasn’t moved yet. Which is moved my a remote as below

Now moving the mailbox using a Remote move request

New-MoveRequest –Identity 'Mailbox1@careexchange.in' –Remote –Remotehostname 'sourceExchange.CareExchange.in'  -RemoteCredential $RemoteCredentials –TargetDeliverydomain 'targetexchange.in'



Now you can See a Remote move has been Completed


Now you won’t be able logon on the new forest directly as you required to change password as first logon

To avoid that situation


How to Disable “User must change password at next logon” after cross forest move using ADMT 3.2

Open Adsiedit –Set pwdlastset to –1


or just login to a client machine and change the password at first logon


Great !! you able to login in Target Forest Success fully !!

Step 12:

To Move the Users in Bulk


Cross forest Move Mailbox in Bulk – Exchange2010 to Exchange 2010

Step 13:

If you doesn’t want to share free/busy information as of now. Skip it

if you want to share Free/busy information between these forests. If source domain is always going to exist after migration . I would recommend to create Federation Trust which is free of service from Microsoft to share free busy information.

if you doesn’t want to go for Federation you can share free busy using below method

See –

How to Configure Cross forest Availability Service (Free/Busy,Auto discover) – Exchange 2010 to Exchange 2010

Step 14:

Please look into the below link for configuring Cross forest coexistence mail flow

How to Configure Cross forest connectors (Mail flow) Exchange 2010 to Exchange 2010


Happy Cross forest Migration !!

Hope I made as much simpler as I can !!

Thank you !!

Satheshwaran Manoharan
Satheshwaran Manoharanhttps://www.azure365pro.com
Award-winning Technology Leader with a wealth of experience running large teams and diversified industry exposure in cloud computing. From shipping lines to rolling stocks.In-depth expertise in driving cloud adoption strategies and modernizing systems to cloud native. Specialized in Microsoft Cloud, DevOps, and Microsoft 365 Stack and conducted numerous successful projects worldwide. Also, Acting as a Technical Advisor for various start-ups.

Related Articles


  1. We have purchased another company. We will need to keep their old active directory up so they can log into a propitiatory application for a while until we get fully integrated.
    We both have Exchange 2010, we will be changing their email address domain as well as their logon usernames. What is the best way to go about this? Do we add their computers to the domain then move the mailbox and logon as them? What about their user profiles? Any recommendations are appreciated.

  2. Hi Michelle,

    Will you be getting rid of the Active directory of the company you purchased ?
    How many users are there ?

    If its less amount of users – You can move them to your own Company – Move their AD accounts – and re Configure their Outlook to Outlook anywhere profiles for the time being.

    Once all the applications are integrated you can rejoin the domain machines to your own domain

  3. HI Satheshwaran,

    Thanks for sharing these useful and step by step process to migrate mailboxes. A migration process is really complicated procedure and requires lots of planning , efforts and times. In our case, we used a program ( http://www.serversdatarecovery.com/exchange.html )and successfully migrated our 1600 mailboxes with full accuracy and quickly. It saved our a lot of time and efforts by giving an opportunity to move multiple mailboxes at a time.


  4. Hi,

    Thanks for this knowledgeable advice in which you have shared the things regarding cross forest migration from exchange 2010 to 2010. I had a similar kind of problem and I read your blog and used the tool named Lepide Exchange Recovery Manager and it solved my problem easily.

  5. hello.

    we also purchased a new company. Is it possible to keep the user account in Source Forest, but move only the mailbox to the Target Forest’s exchange Servers?

    If so, What extra steps are needed?

    • You will run only .Preparemoverequest.ps1 with an Extra switch of -LinkedMailUser
      and move the mailbox using New-Moverequest

  6. After doing the mailbox move and updating the OAB, I still see the moved users as mail enabled contacts or users in the OAB. Even after updating the OAB, restarting the File distribution service, the icons for these users in GAL shows as contacts.

    I waitied for 24 hours and still no luck. How to resolve this.

      • It was an issue with OAB generation which we ahve solved it and it appears okay after that.

        But the new issue is that outlook profile in cache mode doesn’t receive e-mail after cross forest mailbox move. It says outlook data file cannot be accessed.It works fine in online mode.

        Either we have to reconfigure outlook profile or delete the ost file and resynchronize it.
        How to do it for bulk users?

        • Yes It can’t reconfigure itself to the new user , You got to do it manually.

          Or you got to get in touch with a Group Policy Expert to Reconfigure it on Bulk.

          but machines will be joining in the old domain right ? so you planning to join to the new domain later ?

          and to use Outlook anywhere for the mean while ?

  7. If I wanted to migrate a separate forest into an existing forest and used this guide, would users maintain email addresses for both domains (source and target) and still have access to their email as the system performs a remote move? I’d think they would have access to email as it does a remote move (as it does with a local). I will have a need for the users from the source domain to receive email from the old domain name after everything is done.

    The source domain as a windows infrastructure will go away but we will retain the domain for email routing purposes.

    • In that case . you have to move your mailboxes from Forest 1 to Forest 2 . but not the active directory accounts.
      Once you feel Migration is done. you have to move your AD accounts.

      This procedure is different. for your requirement.


      Resource Forest
      Each mailbox in the Exchange forest must have a corresponding user in the account forest, which is granted access to logon to the mailbox. This is referred to as a “Linked Mailbox”.

      • That doesn’t make sense to me. The last time I moved from one forest to another it was 2010 to 2007 and by default all of the old domain SMTP addresses and even the X400/X500’s stayed in place. The only way to get rid of them was manually. I still have users in my current forest with old SMTP addresses from an older domain. I didn’t have to break apart the migration for that.

        When the trust is in place, can’t I just add the source domain as a domain in the target domains “accepted domains” list in Exchange? Then can the source’s mx records be pointed to the target domains HUB?

        That document references a hybrid configuration with co-existence. Is that what you are referring to? Having enabled and disabled users and maintaining information in both domains?

        That resource forest method doesn’t sound like what I am in need of. We don’t want to maintain the other (source) domain. We will be moving everything as quickly as possible and in the order recommended by ADMT (groups in certain order, user/email accounts, and finally computer accounts, etc).

  8. Just wanted to let you know the cross-forest exchange connector works great. I have two separate forests with a bi-directional transitive trust in place. I setup that connector and if we move a user from the one forest into the one we are migrating to, they keep their email address and can still receive mail at that address.

  9. Great job on this process and sharing with the greater community !

    Your order is this:

    1 – prepare mailbox
    2 – Run ADMT on account for SID migration
    3 – Migrate mailbox

    I found that with a target Exchange 2013 forest from a source Exchange 2010 forest migration worked out in this order:

    1 – prepare mailbox
    2 – Migrate mailbox
    3 – Run ADMT on account for SID migration

    It seems that using the built in Exchange 2013 GUI migration tools, I can’t migrate the mailboxes after they have had ADMT run on them, probably because ADMT turns them into full blown Exchange mailboxes.

    Can you add to this ?

    Cheers !

    • Hi Loon,

      I haven’t started testing cross forest migration with Exchange 2013 yet.

      Once I post an article. I would add to this soon.

      thank you for your comments. It will be useful for me.

  10. This guide for moving users does work great for me. The only thing out of the guide that didn’t work was the free/busy sharing. I can live without that though to be honest, since the users will be in the same forest in the end and cross forest sharing won’t be required at that point.

    Good article Satheshwaran! Much easier on the eyes that how Microsoft has it laid out on TechNet.

  11. Hi, When I run step11 powershell command, I have this error,I installed all of certificates in both of forest exchange server 🙁
    The call to ‘https://exc.mydomain.local/EWS/mrsproxy.svc’ failed. Error details: Could not establish trust relation
    ship for the SSL/TLS secure channel with authority ‘exc.mydomain.local’. –> The underlying connection was closed:
    Could not establish trust relationship for the SSL/TLS secure channel. –> The remote certificate is invalid according
    to the validation procedure..
    + CategoryInfo : NotSpecified: (0:Int32) [New-MoveRequest], RemoteTransientException
    + FullyQualifiedErrorId : 5695ADBE,Microsoft.Exchange.Management.RecipientTasks.NewMoveRequest

    • if you have .local domain . it might give out issues like this .

      Make sure if your using a cert. see it does have a .local entry.

      or you might have to use a self signed cert for moment to verify it does work or not

      hopefully MRS proxy is already enabled,

  12. Hello Satheshwaran,

    Would you please clarify something for me.

    We are looking to perform a cross-forest mailbox move from Exchange 2010 to Exchange 2010. We have a forest trust in-place. My question is, we initially utilized GALSync between the two forests to bring over contacts information. So in the destination forest we have “Cross-Forest mail contacts” in Exchange from the source forest.

    We are only looking to bring over the users mailbox over to our environment.

    1. The user account will remain in the source forest so I wanted to make sure we will not run into any issues with having the cross-forest mail contacts already in place.

    2. Is ADMT still needed if the users account is going to remain in the source forest?

    3. When the mailbox is moved, and the users account remains in the source forest, how do we get the user account over to the new forest when that time comes, and how does it changed from a none-linked user mailbox?

    Any help on the process we look to do is greatly appreciated.


    • 1. you wont run into any issues

      2. ADMT is not needed in the initial move.

      3. We are building a , Resource forest.

      Just scroll up , and see . mr. user (Edit)

      This question is already answered

  13. Hi Loon!

    We are also doing cross forest migration from Exchange 2010 to 2013. Tried this order – prepare, migrate, run ADMT, everything works, no errors. But in the end we have a mail user under contacts in Exchange Admin Center instead of having normal user. Did you have this problem? Any hints are highly appreciated!

    • I feel once you prepare move . a disabled account is created

      Once you migrate using ADMT make sure . The same account gets enabled and activated.

      Thank you

  14. Hello Satheshwaran!

    Yes, everything is OK with user accounts under AD Users and Computers, first the account is disabled, and later after ADMT it gets enabled. But my problem ist that in Exchange Admin Center this new user appears under contacts, not under mailboxes as normal user should. Actually this contact appears right after running PrepareMoveRequest.ps1 script which is starnge because mail-enabled user shoult be created.

  15. First of all, Thank you for your detailed post!

    My question is, Will migrating the SID of users make it so that when the workstations are migrated to the new forest, the users keep access to the same user profile on the workstations?

    • HI Fabian,

      SID migration is Recognize the Migrated users ..In giving access to fileshares and stuff.

      But recreating the profile is must. We cannot skip it.
      Unjoin and join to new domain

      • Thanks for the quick reply!

        Just so im clear, After Disjoining old domain and rejoining new domain with the workstation, The local Workstation profiles will be rebuilt even if user SID is migrated? or will the user see their same profile on the workstation?

  16. Yet Another question. Should we take the same precaution in moving distribution groups and security groups? Exchange migration first by prepare move script and then admt?

    My plan was just to move the distribution groups in AD and then re enable them as mail distribution lists. Is that a sound thing to do?

  17. Hi, I have found your site because I am having problems moving mailboxes from one forest to another, after doing prepare-moverequest and ADMT to take over SID. These stages work great and new AD account appears with SID history and all other attributes. But the New-move request wont bring across the mailbox. It is saying: The Target mail user doesn’t have an SMTP address that matches the taget delivery domain.

    I have verified all your steps:
    Certs aren’t self signed

    Am at a loss…

    We are migrating from Exchange 2010 SP2 to Exchange 2010 SP3
    Is this the problem?
    Any help appreciated..

    • This happens because of missing proxy address . In the command change the target delivery domain to your source domain . And change the destination email address later .

  18. How would we include or also migrate users archive mailboxes ? Would it be easier to migrate it through the exchange mmc? Our users online archives are in a separate DB then the mailboxes. Do you perhaps have a write up somewhere or a good link to a document on the procedures?


  19. Hi, how to migrate Distribution list with all of the mail attribute ? Without migrate mail attribute when users open old email to distribution group and reply that email, they receive undelivered message.

  20. Hi, thanks for the beautiful article but I think that I’m missing something.
    The Prepare-MoveRequest goes like descibed (output: 1 mailbox ready to move), ADMT migrate what needed but doing the move request I recive this message:
    —The target recipient “recipient” must be a mail-enabled user when the primary mailbox is moving cross forest.—
    Have you got any idea about this problem?
    I have tryed with different user but no luck.
    Thanks for your time and your help.

    • I feel while using ADMT , you are not enabling the account Marco.

      Once using ADMT , make sure migrating account is getting enabled

  21. Hello, & thank you for this nice little nugget of knowledge.

    I have been given a task of migrating Exchange from 1 domain/forest to a completley new Forest/Domain

    the new domain is in place, & i have the trust setup between both. I used the ADMT to copy the OU structure, groups, Users, group memberships, SID history & Passwords. all of it is working nice.

    Nowi have to migrate Exchange over. The Source environment is Exchange 2010 (not sure of the SP at the moment.) & the new Target environment is Exchange 2013.

    I know little to nothing about exchange, but if i use the scripts to add the attributes to the target users, & then the script to move the mailboxes. What would be the state of the mailboxes on the Source? would users still be able to use exchange over there? or would they be forced to use the new domain/exchange environment.

    What i want to do is prevent ANY changes to the source environment, as it must stay prestine for quite some time. When we fully transition EVERYTHING to the new domain/forest we will then run for about 6-12 months using the new environment ONLY & the trust between each will be severed once that initial cut over takes place, but the data will remain intact over there…Just in case we ever need to go back to the old model. Once the 1-2 year span is over, i assume our offshoot will then begin removing/deleting/cleaning up the items & data we left on their environment

    thank you in advance for your response.

    • If you just migrate the Data . They will still stay there.
      But once you migrate . You got to change the mail flow to the new environment.
      As your data gets old . as they are going to keep on receive new mails on the new environment

    • Yeah that’s the same . Still they will need the old proxy address added . So that they can reply their old emails

  22. Dear Satheswaran,

    Thanks for your article and i need your support regarding Cross Forest Migration between 2010 to 2013 Exchange server. Shall i used the same steps of there is any change as the in my scenario the source is Windows 2008 R2 Domain Controller and Exchange 2010 mail Server and Target is Windows 2012 DC and Exchange 2013 Mail with 2 CAS and 2 Mailbox with DAG.

  23. Hi and a happy new year!

    Thanks for these good suggestions! I have a little bit different situation – we need to separate a small bunch of users into another domain in another forest. But their mailboxes have to stay into the same Exchange 2010 server (where they are already within the existing domain). So we need to move the AD accounts away to the other DC and re-map those accounts within the existing Exchange server to the new trusted AD accounts. How could that be achieved in the right way?

    • Exchange mailboxes and AD accounts have to be in the same forest .

      You can take the accounts migrated like a copy of it . and have a GAL sync .
      So that AD accounts used is destination forest for – system login
      AD accounts for email password will be different.

  24. Dear Satheswaran,

    Hello and Happy New Year, this is my second email regarding the same subject I follo your article each and every step is successfully done but after running the move command I face the below error and there is no such article or help available on the below error please let me know if you have any idea on the below error

    The call to ‘https://SERVERNAME.com/EWS/mrsproxy.svc’ failed. Error details: Could not establish trust
    relationship for the SSL/TLS secure channel with authority ‘aucmail01.alhamranigroup.com’. –> The underlying
    connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. –> The remote
    certificate is invalid according to the validation procedure..

  25. Hi,
    I’m moving Exchange 2007 to Exchange 2013 intra forest, but on user I received the error:
    SkipFolderPromotedProperties, WordBreak
    FailureCode : -2146233088
    FailureType: NonUniqueRecipientException
    FailureSide: Target
    Message : Error: Multiple objects with Sid S-1-5-21-2308973541-373552077-3909921197-2649 were found.

    Can you help me Satheshwaran Manoharan?

    Tks Daniel

  26. First, thank you for this post. I’m have some some issues, I am getting the following error, ”

    “This task does not support recipients of this type. The specified recipient destination.local/Imported Users/Dave Test is of type UserMailBox. Please make sure that this recipient matches the required recipient type for this task.

    Well in the source domain it was mailbox enabled. I’m not quite sure what I’m missing.

    Environment is Server 2008 R2 Exchange 2010 SP3 to new forest with same configuration. Account are migrated with ADMT, passwords and sync’d and “merge” is selected within ADMT. What do I need to look for.

    Many Thanks, Dave

    • Can you check — Get-mailbox “Problematic mailboxname” | Fl

      Check for receipient type details. “Make sure its user mailbox”

  27. Hi Satheshwaram,

    This is one of finest articles I have seen on Exchange cross forest migration. Great work.

    Will this approach work for exchange 2007 to 2007 as well. In the target forest the we have upgraded the Cas server to 2010 as we are using quest for legacy lotus notes connectivity.

    Also what happens to free/ busy and resource booking. Is there additional steps required for that.

    This is merger situation where we only want to migrate the mailboxes to new forest the users will remain in the same forest.


  28. This will also work mostly for a Exchange 2003 cross migration also. Just a few little tweaks. Use the -remotelegacy switch during the move. Also during the new-moverequest use -baditemlimit 150 -acceptlargedataloss or a lot of mailboxes will fail after hours of waiting for them to move.
    On the target server make sure the mailbox quota is larger than what you are moving.

  29. I have problem with New-MoveRequest.
    It gets error “THe target mail user “xx” doesnt hav an SMTP address that matches the target delivery domain”.

    I did :
    1. Made all your steps
    2. Add Target Exchange sourche exchange domain to be trusted.

    What I should to step by ste to get mailboxes moved ?

  30. Hi,

    I am following the steps that you recommend for the cross forest migration. I am able to successfully run prepare-moverequest script along with the required parameters. Successfully migrated the user account using ADMT along with SID and password history from source to target forest. but when i run the new-moverequest cmdlet i am getting the following error message.

    “The Target mail user “domian.com/users/username” doesn’t have and SMTP address that matches the target delivery domain “Targetdomain.com”

    Kindly if it’s possible for your then reply on my email ID. thanks…

  31. Hi Sathesh, I followed all your steps for cross forest migration (Exchange 2010 SP3 to Exchange 2010 Sp3). when I do new-move request, am getting “doesn’t have an SMTP address that matches the target delivery domain” error but mail enabled contact is created already. please advise.

  32. Hi,

    I get this 🙁 please help…..

    The call to ‘https://exchangeserver.domain.local/EWS/mrsproxy.svc’ failed. Error details: The remote server returned an unexpected response: (405) Method Not Allowed. –> The remote server returned an error: (405) Method not allowed…


    • When executing:

      New-MoveRequest -Identity ‘user@mail.com’ -Remote -Remotehostname ‘exchangeserver.domain.local’ -RemoteCredential $RemoteCredentials -TargetDeliverydoman domain.local

      • Hi Satheshwaran,

        I am also getting the following error while creating new move request.https://exchangeserver.domain.local/EWS/mrsproxy.svc’ failed. Error details: The remote server returned an unexpected response: (405) Method Not Allowed. –> The remote server returned an error: (405) .

        When i tried to open the above url in the source url, i am getting 404 error. But am able to successfully open the same url in the target exchange server.

        Kindly assist me in troubleshooting the issue

        • Make sure you are entering the right credentials.

          Try restarting replication service. or restarting the source Exchange server may help.

  33. Hi my friend,
    Thank you for this training.
    I have a problem with download Password Export Server 3.1 x64. Would you please send me this software by email or upload to another place for download.
    Thank you

  34. Thanks for this great article. Getting some issues, Please help out.

    While executing
    New-MoveRequest –Identity ‘Mailbox1@careexchange.in’ –Remote –Remotehostname ‘sourceExchange.CareExchange.in’ -RemoteCredential $RemoteCredentials –TargetDeliverydomain ‘targetexchange.in
    it end up with below error. I have already enabled MRS Proxy on source CAS and increased the data import time out to 20.

    The call to ‘https://path/EWS/mrsproxy.svc’ timed out. Error details: The request channel timed out attempting to send after 00:00:00:0000005. Increase the timeout value passed to the call to Request or increase the SendTimeout value on the Binding.

    one more error: could not establish trust relationship for the SSL/TLS secure channel with aurthority ‘FQDN of source domain’

  35. Hi Satheshwaran,
    thank you for the valuable info presented.
    my question is , when I moved users to the target forest ( exchange 2007 to exchange 2013) using (prepare move, ADMT, move mailboxes) i have noticed that the users in the target forest don’t have GAL or address book. how to create a GAL for them inorder to be able to use it to exchange emails with other users not migrated yet in case of co-existance.
    Thank you in advance

        • You should introduce one more SMTP domain
          Source Domain where MX is hitting.
          Mailbox in Target — Create Contact – Target Address to Target domain
          Target Domain
          Mailbox in Source – Create Contact – Target Address to Source domain

          Manual GAL SYnc
          Or check for any 3rd party tools like GAlsync

  36. Satheshwaran Manoharan

    Hi, I have go through your document its very help full for me to perform cross forest migration but i need to do the cross forest migration from Exchange 2010 to Exchange 2013 so steps & sequence are little bit change
    Step 1
    Step 2
    Step 3
    finally run ADMT tool to migrate sID History

    Additionally, if new-moverequest failed with error failedother after completion 95%
    then we need to run
    set-moverequest -identity maibox -baditemlimit=1
    resume-moverequest -identity mailbox
    now mailbox move to exchange 2013 successfully.

    I have done this in production environment and its worked fine.

  37. hi & thanks for this great article, really enjoyed readin’ it.
    got a couple of questions here.
    our target domain is 123xyz.org (netbios name: 123xyz), our target domain is 123xyz.com (netbios name: 123zyx.
    1. can we issue forest trust? (hence the netbios names of domains)
    2. can we migrate from ex2010 to ex2013SP1 in this scenarion? or does this work on just EX2010 cross forest migration?
    thanks in advance

  38. Hi Satheshwaran,

    I’ve follow the whole steps – my scenario is cross-forest exchange 2010 mailboxes to exchange 2013.

    Have one mailbox in Queued status but i dont see anything running either management console on 2010 or 2013.

    Am I missing something?

    Thank you

  39. Hi Satheshwara,

    Great article!

    I’m having a bit of an issue with cross forest 2010 – 2010. After I move accounts via ADMT the account in the new forest isn’t enabling and i’m receiving an error about password requirements when i try and enable it. Step 9 seems to go fine so not sure what i’m doing wrong?

    Any help would be great! Thanks

    • In the Group Policy make sure the password complexity is matching between the domains.
      For Example – Source domain may allow 3 letter passwords
      but target forest may not allow it.
      make sure it matches.

      • I did check and the password was well within requirements.

        Oddly enough it worked if i changed the order to:

        Prepare mailbox
        move mailbox

  40. Hi Manohran,

    i am having an issue accessing a mailbox after cross forest move. trust is in place and networking is fine between the two forests. the user account of the mailbox moved is to be retained in the source forest, so the -linkedmailuser switch was used to prepare the move. the disabled account created in the target AD forest is still disabled. please assist.

    • Try reseting the password and access it.
      If its not listed as a mailbox both the ends. please check your event viewer. let me know what it says.

      • Hi Manoharan,

        issue resolved. reset the password and was able to access it.

        i have another concern, what happens to mail enabled groups on the source exchange by the time the mailboxes in the group are moved to another exchange organization. will the users still receive group emails or is there anything to be done to address this. Note that in this scenario, the source AD is still in use.

        • When the mailbox is migrated – It does leave a contact pointing to the other org. SO the group members (moved/not moved) should get emails.

  41. Hi Satheshwaran,

    Thanks for sharing such great information. Requesting you to please help me out for below scenario.

    Source Exchange 2010 SP2:- abc.com
    2AD, 2CAS & 2 MBX servers
    Database:- 4
    Total Users :- 3500
    Accepted Domains :- 8
    Total Data:- 5TB +

    Target Exchange 2010 SP2:- xyz.com
    Resource allocated same as above.
    Now we have to migrate users along with data to target forest xyz.com keeping both setup live, as moving 5TB + data will be a ongoing process and the same will take some time.

    With your guidelines we are able to migrate test users along with data, but after migration the migrated user is not able to connect through MS Outlook even not able to login into OWA. It gives error “The Outlook Web App address https://mail.abc.com/owa is out of date.”

    Kindly suggest,

    Kindly let me know if you want any more information from our end.

    Thanks in advance.

  42. Am getting this error “the target recipient must be a mail enabled user when the primary mailbox is moving cross forest” after running new-move request. Can you please advise on the same.

  43. awesome article!!!!!

    Can I use digital certificate on both forest to authenticate between each other (it doesn’t contains server name space on digital certificate but domain name persist on both certificate). If no, is it required to export certificate from all CAS server (forest A) and import into all CAS servers in forest B (vice versa);
    Thank you in advance!!!!!


  44. Nice article, it provide the migration Guide will help you to migrate mailboxes across forest and use New-MoveRequest cmdlet to perform a cross-forest move and step-wise explanation you can check for cross forest migration from exchange 2010 to exchange 2013. I tested this automate application ( http://www.lepide.com/exchangemigrator/ ) to accomplish this task and easily performs cross forest migration from exchange 2010.

  45. Hi Manoharan

    Thank you very much for this document. I would like to ask you one question.

    If I migrate to another forest then , can I reuse my old outlook OST files for the migrated mailbox. Or I need to create a another OST and download all mails.

    • While re configuring the Outlook – new ost will be generated. That cannot be reused. Until you use migration tools like binary tree.

  46. Hi Satheesh,

    Well described document. It is really useful.
    Question:- Ignore if you are not using a Self Signed Cert.

    Could you suggest if client using 3rd party certificate (Both forest different vendor) what needs to be done in this syneario?

  47. I am in a position of doing cross forest migration. Source Exchange is 2007 and target 2013.In the source mail box has got recipient limit set(ex 50). currently we are in a co-existence scenario. when a migrate user send a mail to many distribution list the user receives too many recipients error. which is generating by the remote exchange server(source). Is there away to overcome the issue without increasing the recipient limit on the source enabled user?

  48. Hi Satheesh,
    We are doing migration from exchange 2010 to different forest exchange 2010. We have user AD account and mailbox in source and the same time contact exists on target also AD object exist in target. Target AD account to access application which is located in Target forest. My concern I can migrate/merge source mailbox to target by running prepare move request then new move request by deleting existing contact adding proxy SMTP address. In this scenario if any user from target replied that contacts from their cache, obvious they may end up with NDR since legacy exchange DN is not available. How do I avoid this situation? Is there any method is available to merge target AD and contact? Then we can migrate from source to target. Please suggest. Hope you can understand the situation. Your reply is much appreciated.

  49. My brother suggested I would possibly like this website.
    He was entirely right. This put up actually made my day.
    You cann’t imagine just how a lot time I had spent for this information! Thank you!

  50. Hi Satheshwaran,

    Our one of the client have two forests, Suppose A and B . Forest A has exchange 2010 installed and Forest B doesn’t. There are two way trusts between forests. Forest B has a user’s mailboxes in forest A’s exchange server.
    Now if i migrate users of Forest B users to Forest A what steps i have to be taken.
    would appreciate your response.

  51. Satheshwaran,

    Great write up. I’ve only read through most of it, so i’m sorry if i missed this if it was previously discussed. Basically my question is… I have 2 forests, both have exchange 2013. ForestA bought out ForestB, and they created mailboxes in Forest A for all forest B users, created contacts in both Forests, and then setup forwards from the mailboxes in Forest A to Forest B. At this point they would like to migrate the users to Forest A and decommission exchange in ForestB. Since there mailboxes already exist in Forest A, but all the mail data resides on their mailboxes in Forest B, is there a way to do the cross forest migration and just merge the mail data into the empty mailbox on Forest A from Forest B?

    • If the same Data doesn’t exist on both the forests. if they are different set of data. go for tools like migrationwiz and sync the data and reconfigure Outlook profile and move On.

      • How long did this take most of you to complete, I am needing to do a 200 user site which is on a 2008r2 domain with exchange 2007, I am looking to move to a 2012 r2 domain with exchange 2010 then later move to exchange 2013.

  52. How long did this take most of you to complete, I am needing to do a 200 user site which is on a 2008r2 domain with exchange 2007, I am looking to move to a 2012 r2 domain with exchange 2010 then later move to exchange 2013.

  53. Hi I have a 2008r2 domain with 3 DC’s, I also run exchange 2007 at the moment, if I create a new 2012r2 domain will the above steps work ok?

    I have around 200 users as well and the main reason for this is they want to change the domain from what it is currently as its the old company name, with a 200 user/mailbox setup roughly how long would you expect this to take and is there much downtime incurred with doing it this way?

  54. Hi Satheshwara,

    We have migrated users from exchange 2010 to 2010 but only onsite outlook anywhere users outlook profile is not configuring automatically. if the user is in LAN then it is auto configures and works fine.

    If we reconfigure the outlook profile then it will work fine.

    Any suggestion.


    • This is something you cannot avoid . If its configuring automatically you are lucky i would say. Reconfigure and move on. if the users are less than 1000.

  55. When the electricity is passed a friction is created and thereby heat.
    The length-to-diameter ratio, pitch, length of each zone and helix angles of a screw must all be matched to the plastic type being used.
    The plastic extruder consists from the extrusion device, the extrusion and pressing system,
    the transmission system and the heating and cooling system.

  56. Hi,

    I have the same problem of some users above regarding : The target recipient must be a mail-enabled user when the primary mailbox is moving cross forest.

    You’re Saying the preparation move isn’t done properly. For my part, it seems to be ok as I have the result : Preparation for ….. done.
    1 mailbox(s) ready to move.

    But Still it says I can’t make my new move request because of the target recipient…

    Can you help ?


  57. Hello Dear,

    thanks for this nice document. I have an issue when i try to migrate bulk users i get this error: “Target user ‘Sofia Ricci’ already has a primary mailbox.
    + CategoryInfo : InvalidArgument: (alioune.local/BOS/Sofia Ricci:MailboxOrMailUserIdParameter) [New-MoveR
    equest], RecipientTaskException
    + FullyQualifiedErrorId : 877911DF,Microsoft.Exchange.Management.RecipientTasks.NewMoveRequest”

    can you help please?

  58. Hi, great write up. Question I have is what if we created new AD accounts for the users in the Target domain, and migrated the accounts using ADMT from source to target, then merged the SID history to the new AD account in the Target domain. How do we use the scripts then.

    For example:

    Let’s say MBXSource1 is the AD account in the source domain.
    We create a new AD ID in the target domain called MBXTarget for this user, they use that to use applications on the target domain.
    Now we want to migrate Source Domain Exchange to Target Domain Exchange, but want the users to continue to use the MBXTarget account in the Target domain.
    We use ADMT and migrate MBXSource1 into the Target Domain, then copy the SID History from MBXSource1 into MBXTarget account.

    How do we use the PrePareMove and Move scripts?

    I know this is not the conventional way, but this is the way we need to do it.

  59. Hi,
    Great post, just what i was looking for. Perhaps someone can help me complete the script i require for my situation since im stuck. Currently i have a set up where AD with existing accounts is in Forest1 and exchange is in Forest2. I want to migrate exchange accounts from Forst2 to new server in Forest1. I can migrate the mailboxes with the above tutorial but i cant find a way to disconnect the migrated mailbox and reconnect to existing AD account. Perhaps someone has done it before and can help me figure this out?

  60. hi, we are planning for migration of two forest, and exchange 2013 to office 365 both.

    need your help for this migration.

  61. Hi
    Brilliant article which I have used for a couple of Cross Forest migrations, Can you see any issues with a cross forest migration from Exchange 2010 in the Source Forest to Exchange 2016 in the Destination. Any help appreciated

  62. i am trying to do cross forest migration from exchange 2010 to 2016. i have exported auto discover setting of 2016. but it looks like it is not working. any suggestion

  63. Hi.
    I competed to step 10. If i want use new-moveRequest to source domain to child domain in target domain so which command use ? I tried your command but it’s not appropriate with my project .
    ( Command: New-MoveRequest –Identity saigon01@hvlinh.xyz‘ –Remote –Remotehostname ‘sourceSG.hvlinh.xyz’ -RemoteCredential $RemoteCredentials –TargetDeliverydomain ‘cmcts.xyz’)
    Error: the operation couldn’t be performed because object saigon01@hvlinh.xyz couldn’t be found on with

    Can you help me?

    Thank you.

  64. Hi.
    I competed to step 10. If i want use new-moveRequest to source domain to child domain in target domain so which command use ? I tried your command but it’s not appropriate with my project .
    ( Command: New-MoveRequest –Identity saigon01@hvlinh.xyz‘ –Remote –Remotehostname ‘sourceSG.hvlinh.xyz’ -RemoteCredential $RemoteCredentials –TargetDeliverydomain ‘cmcts.xyz’)
    Error: the operation couldn’t be performed because object saigon01@hvlinh.xyz couldn’t be found on with

    Can you help me?

    Thank you.

  65. Hi Sathesh,

    your article help me a lot in my project.
    but i have question/issue, majority mailbox migration successfully.
    but some mailbox after new-moverequest and completed migration, somehow not exist in target exchange, also if i run get-mailbox i got error user could found on domain controller “servername” but in source exchange already change as mail user. what do i check ?


  66. Hi Sathesh,

    I’ve following your migration guide on Step 11, now I am having an error: The target recipient ‘Mike Young’ must be a mail-enabled user when the primary mailbox is moving cross forest

    [PS] E:\Program Files\Microsoft\Exchange Server\V15\Scripts>New-MoveRequest -Identity ‘mike_young@abc.net’ -Remote -Remotehostname ‘exchang1.abc.net’ -RemoteCredential $RemoteCredentials -TargetDeliverydomain ‘abbb.net’
    The target recipient ‘Mike Young’ must be a mail-enabled user when the primary mailbox is moving cross forest.
    + CategoryInfo : InvalidArgument: (clark_kent@abc.net:MailboxOrMailUserIdParameter) [New-MoveRequest], RecipientTaskException
    + FullyQualifiedErrorId : [Server=EX2019A,RequestId=6c45f065-cd58-4db0-8e27-00f5e91528e7,TimeStamp=11/2/2022 6:54:03 PM] [FailureCategory=Cmdlet
    -RecipientTaskException] 202CD93F,Microsoft.Exchange.Management.Migration.MailboxReplication.MoveRequest.NewMoveRequest
    + PSComputerName : ex2019a.abbb.net

    How do I to fix with that error?



Please enter your comment!
Please enter your name here