Exchange 2010 Cross Forest Migration

  • Article

Here is the scenario of my test lab, which we will be following.

Source Forest: Exchange 2010

Target Forest: Exchange 2010

AD Functional Level: Both running at 2008R2

You have been given a chance to work on a project for cross forest migration for your company. In this article, we will elaborate the steps that you need to perform in order to do cross forest migration.

Assumption:

1. Active Directory trust is in place between both the organizations.

  1. Exchange connectors have been setup for email flow internally.

Once you have AD Trust and Exchange connectors in place, then the following steps need to be performed to migrate users and Exchange mailboxes from the source forest to target forest.

1. Install ADMT on target Exchange domain joined machine.

  1. Install Password Export Service on the source domain controller if you want to migrate user accounts with password.

  2. Run ADMT to migrate user accounts along with Password and SID history.

  3. Enable MRS Proxy on all CAS servers in source Exchange. You can enable MRS Proxy by running the Cmdlet.

Set-WebServicesVirtualDirectory –Identity “EWS (Default Web Site)” –MRSProxyEnabled $True

  1. Once MRSProxy is enabled, increase the timeout settings to 20 minutes from 1 minute. Go to:

"C:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\ExchWeb\EWS\ and open Web.Config" file in notepad. After changing this, reset IIS service. Now the source exchange forest is ready.

  1. Run ADMT to migrate user accounts along with SID history and password.

6.1 Run ADMT and Choose User Account Migration Wizard.

6.2 Choose Source Domain, Source Domain Controller and Target Domain from the wizard.

6.3 Choose ‘Select users from domain’.

6.4 Add required user accounts.

6.5 Select Target OU. Note: All users selected above will be migrated to this OU. If different OUs are required they will need to be migrated in different batches with the relevant OU.

6.6 Select Migrate passwords.

6.7 Select Target Account State: ‘Target same as source’, uncheck ‘Disable source accounts’ and uncheck ‘’Days until source accounts expire’. Check ‘Migrate user SIDs to target domain’.

6.8 The first time ADMT is run, the following prompt appears. Select Yes.

6.9 Enter a username, password and domain.

6.10 Select required User options.

6.11 Select ‘Exclude specific object properties from migration’ – choose Mail, Mailnickname and msExch*.

6.12 Select ‘Do not migrate source object if a conflict is detected in the target domain’.

6.13 Click Finish.

6.14 Verify that users were copied and no errors. If there are error View Log and resolve errors.

After migrating user accounts with SID and password history you can see that user account is now enabled in AD and SID is visible in user attributes.

Exchange Migration

Exchange migration is assuming that User account has been migrated following steps above.

Create target Mail User with @source.com SMTP address in the Exchange management console. Prepare-MoveRequest to the next section uses the SMTP address as one of its matching parameters.

Run Prepare-MoveRequest script on target exchange. PS cmdlets are as below:

$RemoteCred=Get-Credential
$LocalCred=Get-Credential

Run Prepare-MoveRequest command for each mailbox that will be migrated.

.\Prepare-MoveRequest.PS1 –identity test@source.com –RemoteForestDomainController “DC.source.com” –RemoteForestCredential $RemoteCred –LocalForestDomainController “DC.target.com” –LocalForestCredential $LocalCred –UseLocalObject -Overwritelocalobject –Verbose

Add Secondary SMTP address in target Exchange.

Secondary @target.com SMTP address is required New-MoveRequest script in the next section.

@target.com secondary SMTP addresses can be added manually, through a script or by modifying target Address Policy to include Mail User and the target OU.

Run New-MoveRequest to move the user mailbox.

Run the following command on target Exchange EMS to move the user mailbox.

New-MoveRequest –Identity test@source.com –Remote –RemoteHostName “Exchange.source.com” –RemoteCredential $RemoteCred –TargetDeliveryDomain target.COM –TargetDatabase “DB Name” –BadItemLimit ‘10’

User Experience:

Once the mailbox is moved to target exchange server. User’s need to

1. Reconfigure their mobile device (s).

  1. They won’t be able to access their emails through Source Exchange OWA. They can access emails using a target OWA URL.

  2. Their primary SMTP address will be changed to target.

  3. User will get a prompt on their outlook that “The Microsoft Exchange Administrator has made a change that requires you to quit and restart your outlook”. Once a user restart outlook their outlook profile will be redirected.