33 C
Dubai
Wednesday, April 30, 2025
Home Blog Page 104

Cross Forest Migration Guide – Exchange 2003 to Exchange 2010

Satheshwaran Manoharan
-
63

Step 1:

Have Trust in place , In my Situation I created Two way Transitive Trust

We can limit permissions by going for different type of trusts

See –

How to Create Two way Transitive Trust – Windows Server 2008 R2

Step 2:

If you are planning to Migrate the User account with SID – Which is recommended

See –

How to install ADMT 3.2 in Windows Server 2008 R2

Step 3:

If you are planning to Migrate Users with Password , You have to Configure “Password Export Server” in the source domain

See –

How to Migrate Users Across forest (Cross Forest) using ADMT 3.2 with sid and Passwords

Check List

  • Now Trusts are in place
  • ADMT is installed on the Target DC
  • If you are planning to migrate passwords as well – Password Export Service is Configured and Started in the Source Domain

Before starting, There are many methods to Move mailboxes across forest .First I will go for the Recommended one .

Later we will see the other methods in the future posts

let us call this method as “Running .\PrepareMoveRequest.ps1 first and then using ADMT to migrate the Sid History

We will do it for one user to get a Clear idea , Then we can go for Bulk Migration in later posts

Step 1:

Created a Test Mailbox – Mailbox1

image

First Store the Access Credentials in the Shell in the Target Forest

Please don’t confuse yourself Here.

Am Running this on the Target Forest – $localCredentials Means the TargetForestCredentials

SourceForest – oldcompany.in

TargetForest – careExchange.in

Please don’t forget to Type the DomainName\UserName

$localCrendentials = Get-Credential

image

$RemoteCrendentials = Get-Credential

Means my Source Forest

image

Now Preparing a Move Request

Browse your Exchange Management Shell in Scripts Folder in your Target Forest

.\Prepare-MoveRequest.Ps1 -Identity "EmailAddress" -RemoteForestDomainController "FQDN of Source DC" -RemoteForestCredential $RemoteCredentials -LocalForestDomainController "FQDN of Target Forest DC" -LocalForestCredential $LocalCredentials -TargetMailUserOU "Distinguished name of OU in TargetForest" –UseLocalObject

Using –Verbose

You can see what are the Attributes its getting touched

Mail,Displayname,Proxyaddress etc..

image

Now you can See a Disabled account as been Created on the Specified OU

image

Now use ADMT to migrate the SID and Enable the Target Account

How to Migrate Users Across forest (Cross Forest) using ADMT 3.2 with sid and Passwords

Now you can find the SID history

image

Now your AD account will get Enabled

Now moving the mailbox by a Remote move request

New-MoveRequest –Identity 'Mailbox1@oldcompany.in' –Remotelegacy -RemoteCredential $RemoteCredentials –TargetDeliverydomain 'careexchange.in' –RemoteGlobalCatalog "Source DC FQDN"

image

Now you can See a Remote move has been Completed

image

Now you won’t be able logon on the new forest directly as you required to change password as first logon

To avoid that situation

see

How to Disable “User must change password at next logon” after cross forest move using ADMT 3.2

Open Adsiedit –Set pwdlastset to –1

image

or just login to a client machine and change the password at first logon

image

Great !! you able to login in Target Forest Successfully !!

You can Refer the Below Link , The only change is – You will be using –RemoteLegacy Switch and not a –Remote Switch

Import-Csv "SourceUserdump.csv" | New-MoveRequest –Remotelegacy -RemoteCredential $RemoteCredentials –TargetDeliverydomain ‘careexchange.in –RemoteGlobalCatalog "Source DC FQDN"

Cross forest Move Mailbox in Bulk – Exchange2010 to Exchange 2010

 

Microsoft Releases “Outlook.com” – Upgrade Hotmail accounts to Outlook.com

Satheshwaran Manoharan
-
0

Login to Outlook.com

Login with your hotmail Credentials

The new Interface – Integrated with Skype

image

Start using today ,, Its smooth and easy to use ..!!

Also see

Outlook Blog

 

Cross Forest Migration Guide – Exchange 2010 to Exchange 2010

Satheshwaran Manoharan
-
152
Cross Forest Migration Guide – Exchange 2010 to Exchange 2010

This Migration Guide will help you to migrate mailboxes across forest

Its always people go confused when source and target forests are Exchange 2010, I have tried to explain as detailed a possible and covered one method

where “Running .\PrepareMoveRequest.ps1 first and then using ADMT to migrate the Sid History” of the users

Please share your feedback in comments , So that I can update the guide frequently

so lets go ahead

Step 1:

Have Trust in place across forests , In my Situation I created Two way Transitive Trust where I won’t get into any permission constraints

Good to know : We can limit permissions by going for different type of trusts

See –

How to Create Two way Transitive Trust – Windows Server 2008 R2

Step 2:

You need Active Directory Migration Tool to Get your User accounts migrated without any hassle, You can install it in either of the forests but , Have installed in the target forest , where I will be doing most of my work

See –

How to install ADMT 3.2 in Windows Server 2008 R2

Step 3:

If you are planning to Migrate the User account with SID – Which is recommended – where users will still have access to their old forest where they will be recognized like

access to file shares and permission groups . So I would always recommend to get your SID along with the Users

If you are planning to Migrate Users with Password that doesn’t happen by default , You have to Configure “Password Export Server” in the source domain

See –

How to Migrate Users Across forest (Cross Forest) using ADMT 3.2 with sid and Passwords

Step 4:

Enable MRS Proxy on the Source Client Access Server which is going to Facilitate the Remote move from the Source Forest,

I have described Enabling MRS proxy where version is Exchange 2010 Sp1 or later cause enabling in RTM version differs

See-

How to Enable MRS Proxy and Increase timeout In Exchange 2010

Step 5:

Ignore if you are not using a Self Signed Cert.

If you are using a Self Signed Certificate –Where Exchange servers won’t authenticate between each other

Because they won’t trust each of them

You got to Export the Cert from Source Exchange Server and import it on Target Exchange Server

Vice versa

See –

How to Export a Self signed Server Certificate and Import it on a another Server in Windows server 2008 R2

Step 6:

Check List

  •  Now Trusts are in place
  • ADMT is installed on the Target DC
  • MRS Proxy is Enabled on the Source Forest Client Access Server
  • Admin User of the Target forest  is a member of administrators group in the Source forest – Add vice Versa
  • If you are using Self Signed Cert – They have been Exported from the target and imported in source (vice versa)
  • If you are planning to migrate passwords as well – Password Export Service is Configured and PES service is Started in the Source Domain

Before starting, There are many methods to Move mailboxes across forest .I will go for the Recommended one .

let us call this method as “Running .\PrepareMoveRequest.ps1 first and then using ADMT to migrate the Sid History

We will move one mailbox to get a Clear idea , Then we can go for Bulk Migration of mailboxes.

I always recommend to move few mailboxes . Test it as much as you can . they go for bulk migration

Step 7 :

Created a Test Mailbox – Mailbox1

image

Step 8:

First Store the Access Credentials in the Shell

Please don’t confuse yourself Here.

Am Running this on the Target Forest – $localCredentials Means the TargetForestCredentials

SourceForest – careExchange.in

TargetForest – TargetExchange.in

Please don’t forget to Type the DomainName\UserName (Note:If it fails with Error – Authentication Failed – Try Entering Domain.Com\Username ,.com or .local refers to your local domain)

$localCredentials = Get-Credential

image

$RemoteCredentials = Get-Credential

Means my Source Forest

image

Note : After Storing your Credentials – Do not Close Shell – You got to run the Future Command in the Same Power Shell Session

Step 9:

Now Preparing a Move Request

Browse your Exchange Management Shell into Scripts Folder in your Target Forest , Which will be in Exchange installation Location

.\Prepare-MoveRequest.Ps1 -Identity EmailAddress -RemoteForestDomainController FQDN of Source DC -RemoteForestCredential $RemoteCredentials -LocalForestDomainController FQDNofTargetForestDC -LocalForestCredential $LocalCredentials -TargetMailUserOU Distinguished name of OU in TargetForest –UseLocalObject -Verbose

Using –Verbose in the end of the Command

You can clearly see what are the Attributes its getting touched

Mail,Display name,Proxy address etc..

image

Now you can See a Disabled account which has been Created on the Specified OU

image

Step 10:

Now use ADMT to migrate the SID and Enable the Target Account which is “Mailbox1”  in my Scenario

See-

How to Migrate Users Across forest (Cross Forest) using ADMT 3.2 with sid and Passwords

Now you can find the SID history of the account , Where you can confirm that you did things correctly

image

Now your AD account will get  Enabled

image

Step 11:

Now your Account with SID and password as been moved, But still your Content of the mailbox hasn’t moved yet. Which is moved my a remote as below

Now moving the mailbox using a Remote move request

New-MoveRequest –Identity 'Mailbox1@careexchange.in' –Remote –Remotehostname 'sourceExchange.CareExchange.in'  -RemoteCredential $RemoteCredentials –TargetDeliverydomain 'targetexchange.in'

 

image

Now you can See a Remote move has been Completed

image

Now you won’t be able logon on the new forest directly as you required to change password as first logon

To avoid that situation

See-

How to Disable “User must change password at next logon” after cross forest move using ADMT 3.2

Open Adsiedit –Set pwdlastset to –1

image

or just login to a client machine and change the password at first logon

image

Great !! you able to login in Target Forest Success fully !!

Step 12:

To Move the Users in Bulk

See-

Cross forest Move Mailbox in Bulk – Exchange2010 to Exchange 2010

Step 13:

If you doesn’t want to share free/busy information as of now. Skip it

if you want to share Free/busy information between these forests. If source domain is always going to exist after migration . I would recommend to create Federation Trust which is free of service from Microsoft to share free busy information.

if you doesn’t want to go for Federation you can share free busy using below method

See –

How to Configure Cross forest Availability Service (Free/Busy,Auto discover) – Exchange 2010 to Exchange 2010

Step 14:

Please look into the below link for configuring Cross forest coexistence mail flow

How to Configure Cross forest connectors (Mail flow) Exchange 2010 to Exchange 2010

https://www.azure365pro.com/how-to-configure-cross-forest-connectors-mail-flow-exchange-2010-to-exchange-2010/

Happy Cross forest Migration !!

Hope I made as much simpler as I can !!

Thank you !!

How to Export a Self signed Server Certificate and Import it on a another Server in Windows server 2008 R2

Satheshwaran Manoharan
-
5

If you are doing to a Cross forest move between two Exchange 2010 Forests

In order to authenticate between Exchange 2010 forests – using a Self Signed Certificate

Will be Exporting the Target Exchange Server Certificate and import it on the Source Exchange Server

Vice Versa

Will be Exporting the source Exchange Server Certificate and import it on the Target Exchange Server

Its Pretty simple

Am Running this on the Source Server

image

Start – Run – MMC – Click on Add/Remove Snap in

image

Add Certificates

image

Choose Computer Account

image

Choose Local Computer

image

image

Click OK

Now being in the Source Exchange Server,

Am Exporting the Certificate from the Certificates Container

image

image

Click Next

image

Choose Next

image

image

image

Now Getting the Source Exchange Server Cert file to the Target Exchange Server

Start – Run – MMC – Click on Add/Remove Snap in

image

Add Certificates

image

Choose Computer Account

image

Choose Local Computer

image

image

Right Click on Certificates – All Tasks – Import

image

Choose the File

image

Choose Trusted Root Certification

image

Do the Same Process And Import to Certificates on the Personal Container

Now Source Cert has been Exported and imported to the Target Exchange Server

Now

Do the Same Process vice versa

Export the Target Exchange Cert and imported to the Source Exchange Server

Now Both Exchange 2010 forests can authenticate without any issues , While a cross forest move

 

Hard coding a Domain Controller in Exchange 2010

Satheshwaran Manoharan
-
3

Unlike the previous versions, Hard coding a domain controller became as simple for trouble-shooters

When to Hard Code a Domain Controller in Exchange 2010 ?

If you feel Exchange should not see some domain controllers which is not in a good shape

or

Exchange becomes too sluggish when its trying to contact the Domain Controller across site

Some more Scenarios…

For Temporarily , To Troubleshoot and isolate the issue, We can hard code a domain controller

Note: Hard coding a Domain Controller to Exchange 2010 , Gets you to a State of Single Point of Failure

Like, When The hard coded domain Controller Reboots Exchange 2010 will stop working

So Try to Give Multiple DC’s and GC’s while hard coding and It has to be used for temporary purpose as its a single point of failure

To Verify its already Hard coded or not

Run

Get-ExchangeServer “Server Name” –Status | fl Identity,Static*

image

To Hardcode a Domain Controller in Exchange 2010

Run

Set-ExchangeServer -StaticDomainControllers "DC FQDN" -StaticConfigDomainController "DC FQDN" –StaticGlobalCatalogs "GC FQDN"

Also You can use –StaticExcludedDomainControllers

The StaticExcludedDomainControllers parameter specifies whether to exclude a list of domain controllers to be used by the server.

Reference Link:

http://technet.microsoft.com/en-us/library/bb123716.aspx

To Verify the hardcode

Run

Get-ExchangeServer “Server Name” –Status | fl Identity,Static*

image

To Remove the hardcode

Run

Set-ExchangeServer –StaticDomainControllers $null –StaticConfigDomainController $null –StaticGlobalCatalogs $null

image

 

How to Clean up a Mailbox or Clean up the Dumpster using Discovery Search in Exchange 2010

Satheshwaran Manoharan
-
4

Updated – Supports Exchange 2010/2013 and Exchange 2016

Lets say I want to Clean up a Users mailbox completely to have a fresh Start.

We can use Discovery Search to do this task

First Assign the Permissions which is required to use discovery Search – Refer Below link

https://www.azure365pro.com/deleting-a-specific-email-from-entire-organization-in-exchange-2010-2/

I just Created a Test user with Few mails and Few Items in his dumpster

image

Get-MailboxFolderStatistics -Identity "User2" -FolderScope RecoverableItems | Format-Table Name,FolderPath,ItemsInFolder,FolderAndSubfolderSize

image

Now am doing a search query with a wildcard to query everything and deleting it completely including the archive mailbox

Get-mailbox "User1"| search-mailbox –searchquery "Subject:'*'" –DeleteContent

Caution : Its going to Clean up the Archive Mailbox as well

Use this command for not to include archive

Get-mailbox "User1"| search-mailbox –searchquery "Subject:'*'" –DeleteContent -<em>DoNotIncludeArchive

 

Use this command to delete Dumpster alone

Get-mailbox "User1"| search-mailbox –searchquery "Subject:'*'" –DeleteContent -<em>SearchDumpsterOnly</em>

image

Now mailbox is cleaned up completely including the dumpster

Get-MailboxFolderStatistics -Identity "user1" -FolderScope RecoverableItems | Format-Table Name,FolderPath,ItemsInFolder,FolderAndSubfolderSize

image

If you feel its too confusing –  Check out the Automated Script to do these tasks for you

Discovery Search Simplified Script to Delete a Specific Email and other Tasks – Exchange 2010

 

1...103104105...113Page 104 of 113

EDITOR PICKS

POPULAR POSTS

POPULAR CATEGORY

ABOUT ME

Satheshwaran Manoharan - Microsoft MVP - Award-winning Technology Leader with a wealth of experience running large teams and diversified industry exposure in cloud computing. From shipping lines to rolling stocks.In-depth expertise in driving cloud adoption strategies and modernizing systems to cloud native. Specialized in Microsoft Cloud, DevOps, and Microsoft 365 Stack and conducted numerous successful projects worldwide. Also, Acting as a Technical Advisor for various start-ups.

Contact : Info@Azure365Pro.com

FOLLOW US

© Azure365Pro.com

× How can I help you?