Cross Forest Exchange 2007 to Exchange 2010 Mailbox Move question

  • Thread starter Baba 20009
  • Start date Views 5,300
Status
Not open for further replies.
B

Baba 20009

We currently have two forest each has one domain with two way trust.

Source Domain = AD 2003 ; exchange 2007 SP3

Target Domain = AD 2008 ; exchange 2010 sp1

I am planning to install exchange 2010 in target domain and Move Mailboxes only. Users and Computers will need to remain in Source Domain. Not sure what it means when it says you have to create mail enabled users in target domain first.

If this is possible what are the steps I need to follow? I have setup a lab to duplicate the production.

Thanks
 
S

Sembee [MVP]

Not sure what isn't clear about having to create mail enabled users first. You will have to create user accounts, which are seen in Exchange. Simple as that.

Cross Forest migration is documented on Technet. If you don't get it correct, then it doesn't work fully automatically, so you should test it as much as possible. The main issue can be different aliases and account names. You need to get everything as similar as possible.

Simon.

Simon Butler, Exchange MVP
Blog | Exchange Resources
 
S

Sembee [MVP]

Yes.
You can't have a mailbox without an account. Mailbox = AD Account.

Simon

Simon Butler, Exchange MVP
Blog | Exchange Resources
 
B

Baba 20009

Thanks for reply Simon,

I recall in Exchange 2003 our AD accounts were in Domain A and our Exchange servers in Domain B. Although I am not sure if they were in different Forest or not.
 
S

Sembee [MVP]

There would be accounts somewhere in the same Forest as Exchange. There had to be.
If the forests were different then you would have accounts in both. Same forest, then one account would be fine.

Simon.

Simon Butler, Exchange MVP
Blog | Exchange Resources
 
G

Gen Lin

Hi,

You can just move the mailbox to exchange 2010 forest, and keep the user in Source Domain. Please refer the following steps:

Step 1. You have target.com and source.com(Separate Forests) and there is a forest trust between them.

Step 2. On exchange 2010 server, run the following commands to prepare Move request:

$Remote=get-credential

Please type in the administrator account in the resource domain.

$Local=get-credential

Prepare-MoveRequest.Ps1 -Identity user1@sourcedomain.com -RemoteForestDomainController FQDN.Sourcedomain.com -RemoteForestCredential $Remote -LocalForestDomainController FQDN.Targetdomain.com -LocalForestCredential $Local -UseLocalObject -Verbose"

This command will create a AD user1 in your target domain and migrate some attribute from the source object.

Step 3. Run the following command to move the mailbox:

New-MoveRequest -Identity " CN=user1,CN=Users,DC=targetDomain,DC=com" -TargetDatabase 'Your database' -remoteGlobalCatalog " FQDN.Sourcedomain.com " -remoteCredential $remote -TargetDeliveryDomain 'targetdomain.com' -RemoteLegacy

Step 4. If you successfully move the mailbox, you will see the mailbox under EMC\Recipient Configuration\Mailbox. Then disconnect the mailbox from the AD user that created in step 2.
Disable-Mailbox -Identity User1

Step 5. Then link the mailbox in exchange 2010 to the user in your source forest:

$cred = Get-Credential

You will be prompted for credentials. Specify an account that has permissions to access the domain controller in the forest where the user account resides. Use the LinkedDomainController parameter to specify the domain controller. This domain controller obtains security information for the account to which you are linking the mailbox object.

To reconnect the mailbox object in the Exchange store to an external user object, use this example.

Connect-Mailbox -Identity User1 -Database " Mailbox Database" -LinkedDomainController FQDN.Sourcedomain.com -LinkedMasterAccount user1@sourceDomain.com -LinkedCredential $cred


Please type in the administrator account in the target domain.2. On exchange 2010 server, run the following commands to prepare Move request:
 
B

Baba 20009

Thanks Gen. I have couple more steps to do to setup the environment. I will test the steps and update.
 
B

Baba 20009

Gen,

I was able to run all the steps successfully except the last one:

Connect-Mailbox -Identity User1 -Database " Mailbox Database" -LinkedDomainController FQDN.Sourcedomain.com -LinkedMasterAccount user1@sourceDomain.com -LinkedCredential $cred

my exact command was:

Connect-Mailbox -Identity Test1 -Database " MDB-1" -LinkedDomainController labdc.labdallas.local -LinkedMasterAccount test1@labdallas.local -LinkedCredential $cred

i might add

source user location ou\users = Test Users\Test1

target user location ou\users = Users\Test1
 
G

Gen Lin

Hi,

What error you got after runnning the command:

Connect-Mailbox -Identity Test1 -Database " MDB-1" -LinkedDomainController labdc.labdallas.local -LinkedMasterAccount test1@labdallas.local -LinkedCredential $cred



 
B

Baba 20009

Hi Gen, here is the error:

A positional parameter cannot be found that accepts argument '-LinkedDomainController LabDC'.
+ CategoryInfo : InvalidArgument: :)) [Connect-Mailbox], ParameterBindingException
+ FullyQualifiedErrorId : PositionalParameterNotFound, Connect-Mailbox
 
G

Gen Lin

Hi,

Are you running the Mailboxes in DAG?

Please use the FQND of the DC for the parameter '-LinkedDomainController, also make sure that:

1. You are able to resolve the name of " labdc.labdallas.local.

2. The AD user Test1 is disabled. Please open ADUC to check it.

Connect-Mailbox -Identity Test1 -Database " MDB-1" -LinkedDomainController " labdc.labdallas.local" -LinkedMasterAccount test1@labdallas.local -LinkedCredential $cred

If the issue persists, please try the following steps:

1. Create a mailbox user Test2 in target domain (exchange 2010). Then disconnect the mailbox from the AD user by the disable-mailbox command.

2. Open ADUC, disable the user test2.

2. Run the following command to link this normal mailbox to the user in your source domain:

Connect-Mailbox -Identity Test2 -Database " MDB-1" -LinkedDomainController " labdc.labdallas.local" -LinkedMasterAccount xxx@labdallas.local -LinkedCredential $cred

What's result?


 
B

Baba 20009

Answering your questions:

1. You are able to resolve the name of " labdc.labdallas.local. YES

2. The AD user Test1 is disabled. Please open ADUC to check it. YES

Connect-Mailbox -Identity Test1 -Database " MDB-1" -LinkedDomainController " labdc.labdallas.local" -LinkedMasterAccount test1@labdallas.local -LinkedCredential $cred

STILL THE SAME

If the issue persists, please try the following steps:

1. Create a mailbox user Test2 in target domain (exchange 2010). Then disconnect the mailbox from the AD user by the disable-mailbox command.

DONE

2. Open ADUC, disable the user test2.

DONE

2. Run the following command to link this normal mailbox to the user in your source domain:

Connect-Mailbox -Identity Test2 -Database " MDB-1" -LinkedDomainController labdc.labdallas.local -LinkedMasterAccount test1@labdallas.local -LinkedCredential $cred

Still the same error

I am rebooting all servers. if that does not do it, I will re-install 2010 server with no DAG.
 
G

Gen Lin

Hi,

How troubleshoot is going on?

I tested the command in exchange 2010 dag, it also worked without problem. I think the problem may be in the name of your database. Please create a new database, and named it MDB2 (Do not use MDB-2).


 
B

Baba 20009

I took the DAG out, tried to uninstall and reinstall exchange 2010 but were not successful. So will continue the new Database and update you.

Thanks for reply.
 
B

Baba 20009

Hi Gen,

I setup a a new user / mailbox in the source, and a new Database in target MB1 and still get the same error during step 5.

I have couple questions:

1- Would you happen to have the shell commands to move several users from a text file?

2- when would I use Microsoft Identity Lifecycle Manger (or Forefront Identity Manager), before the mailbox move or after to sync the Gal.

3- Is it still necessary to install exchange 2007 before installing exchange 2010 in Target forest if we have plenty outlook 2003 users?

Thanks
 
Status
Not open for further replies.
Top