Problem migrating mailboxes accross forests...

  • Thread starter Brian147
  • Start date Views 2,456
Status
Not open for further replies.
B

Brian147

We have an old forest with two domains (Topdomain: srcdom.aau.dk and subdomain: uni.srcdom.aau.dk). This forest contains all users and the Exchange 2003 SP2 server in the uni.srcdom.aau.dk domain. All users in the domain have username@dstdom.aau.dk as primary email address.

We're now in the process of migrating the domain to a new forest. This forest is roughly configured as: (aau.dk with subdomains including dstdom.aau.dk). The Exchange 2010 SP1 servers are located in the aau.dk domain.

We also have an external two-way trust in place between uni.srcdom.aau.dk and dstdom.aau.dk.

What we would like to do is to move all mailboxes from the old domain (uni.srcdom.aau.dk) to the new domain (dstdom.aau.dk) keeping username@dstdom.aau.dk as their primary mail address.

Right now we're testing using the " Prepare-MoveRequest.ps1" script from Exchange 2010 SP1 using the following command:

Prepare-MoveRequest.ps1 testuser01 -RemoteForestDomainController aau3.uni.srcdom.aau.dk -RemoteForestCredential $RemoteCredentials -LocalForestDomainController dstdom-dc02.dstdom.aau.dk -LocalForestCredential $LocalCredentials -TargetMailUserOU 'OU=Staff,OU=People,DC=dstdom,DC=aau,DC=dk' -Verbose

This completes successfully and a new user is created in the TargetMailUserOU.

We then run the 'New-MoveRequest' command:

New-MoveRequest -Identity testuser01 -RemoteLegacy -TargetDatabase mbxt01 -RemoteGlobalCatalog aau3.uni.srcdom.aau.dk -RemoteCredential $RemoteCredentials -TargetDeliveryDomain dstdom.aau.dk -DomainController dstdom-dc02.dstdom.aau.dk -Verbose

VERBOSE: [06:50:47.920 GMT] New-MoveRequest : Active Directory session settings for 'New-MoveRequest' are: View Entire Forest: 'False', Default Scope: 'aau.dk', Configuration Domain Controller: 'domB-dc01.domB.aau.dk', Preferred Global Catalog: 'domC-dc02.domC.aau.dk', Preferred Domain Controllers: '{ domC-dc02.domC.aau.dk }'

VERBOSE: [06:50:47.920 GMT] New-MoveRequest : Runspace context: Executing user: aau.dk/Admins/Admin Identities/AdminUser01, Executing user organization: , Current organization: , RBAC-enabled: Enabled.

VERBOSE: [06:50:47.920 GMT] New-MoveRequest : Beginning processing & VERBOSE: [06:50:47.920 GMT] New-MoveRequest : Instantiating handler with index 0 for cmdlet extension agent " Admin Audit Log Agent" .

VERBOSE: [06:50:47.920 GMT] New-MoveRequest : Searching objects " mbxt01" of type " MailboxDatabase" under the root " $null" .

VERBOSE: [06:50:47.936 GMT] New-MoveRequest : Previous operation run on domain controller 'domB-dc01.domB.aau.dk'.

VERBOSE: [06:50:47.936 GMT] New-MoveRequest : Current ScopeSet is: { Recipient Read Scope: {{, }}, Recipient Write Scopes: {{, }}, Configuration Read Scope: {{, }}, Configuration Write Scope(s): {{, }, }, Exclusive Recipient Scope(s): {}, Exclusive Configuration Scope(s): {} }

VERBOSE: [06:50:47.951 GMT] New-MoveRequest : Searching objects " testuser01" of type " ADUser" under the root " $null" .

VERBOSE: [06:50:47.951 GMT] New-MoveRequest : Previous operation run on domain controller 'dstdom-dc02.dstdom.aau.dk'.

VERBOSE: [06:50:47.951 GMT] New-MoveRequest : Processing object " $null" .

VERBOSE: [06:50:47.967 GMT] New-MoveRequest : [DEBUG] No RequestJob messages found.

VERBOSE: [06:50:47.967 GMT] New-MoveRequest : [DEBUG] MDB c6b577ff-a99c-4dd8-82b0-49aa2c473b02 found to belong to Site: aau.dk/Configuration/Sites/Site01

VERBOSE: [06:50:47.967 GMT] New-MoveRequest : [DEBUG] MRSClient: attempting to connect to 'AD-EXCHCAS1-1.aau.dk'

VERBOSE: [06:50:49.186 GMT] New-MoveRequest : [DEBUG] MRSClient: connected to 'AD-EXCHCAS1-1.aau.dk', version 14.1.218.11 caps:07

VERBOSE: [06:50:49.186 GMT] New-MoveRequest : [DEBUG] Loading source mailbox info

VERBOSE: [06:50:51.498 GMT] New-MoveRequest : Failed to reconnect to Active Directory server aau3.uni.srcdom.aau.dk. Make sure the server is available, and that you have used the correct credentials. --> A local error occurred.

VERBOSE: [06:50:51.514 GMT] New-MoveRequest : Admin Audit Log: Entered Handler:OnComplete.

Failed to reconnect to Active Directory server aau3.uni.srcdom.aau.dk. Make sure the server is available, and that you have
used the correct credentials.
+ CategoryInfo : NotSpecified: (0:Int32) [New-MoveRequest], RemoteTransientException
+ FullyQualifiedErrorId : CFD456BA,Microsoft.Exchange.Management.RecipientTasks.NewMoveRequest

VERBOSE: [06:50:51.514 GMT] New-MoveRequest : Ending processing &

We've tried a lot of things to figure out what is going on - including trying different Administrator accounts on the source domain ($RemoteCredentials) - including Forest level. The aau3.uni.srcdom.aau.dk domain controller is reachable and has been used in the " Prepare-MoveRequest.ps1" without problems.

Does anybody have any suggestions?

Thanks,

Brian Kirkegaard
 
X

Xiu Zhang

Hi,

Please verify if you have deployed Microsoft Identity Lifecycle Manager (ILM) for cross-forest global address list (GAL) synchronization or have used other tool to create the target user. We need to create mail-enabled users with the required attributes in the target forest. Detail information you can refer to article below:

Prepare Mailboxes for Cross-Forest Move Requests

http://technet.microsoft.com/en-us/library/ee633491.aspx

Please check if the account that you use is the number of the following group:

 Exchange Server Administrators role

 Exchange Recipient Administrators role

Please check if the proper port has been opened on the source DC:


Port


Protocol


808 (TCP)


Mailbox Replication Service uses to communicate


53 (TCP)


DNS


135 (TCP)


RPC End Point


389 (TCP)


LDAP


3268


LDAP


1024 > (TCP)


if mailbox store is not statically configured then 1024 higher ports need to be open


88 (TCP)


Kerberos


445 (TCP)


Microsoft-DS Service


443 (TCP)


Mailbox Replication Proxy service uses port 443 to communicate with other Exchange 2010 client access server via HTTPS.


Please verify if servers in both forests can successfully perform name resolution using DNS.

More related information to share with you:

Exchange 2010 Cross-Forest Mailbox Moves

http://msexchangeteam.com/archive/2010/08/10/455779.aspx

Regards,

Xiu
 
Status
Not open for further replies.
Top