Network World
- Newsletters
- Videos
- Events
- Resources
- Communities
- The Challenges of OS Migration
- Citrix's Mobile Enterprise 360
- Cloud Powered Work
- The Essential Guide to Managing Power
- Get an Integrated Approach to Data Management
- Oracle Cloud KnowledgeVault
- Virtualization Boosts SMBs
- Your IT Journey — Your Way
- Research
- Aruba Networks Bring Your Own Device
- BlackBerry: Build up your BlackBerry® 10 knowledge
- CA Technologies Transform Your IT Strategy
- HP + Microsoft Data Management Appliances & Architectures
- Network World Data Center Challenge 2012
- Riverbed Accelerate Business Performance Solution Center
- Riverbed Cascade® Solution Center
- View all Solution Centers
- Insider
- More
- Linked In
Exchange Server 2007: Doing a cross-forest migration with your hands tied behind your back.
How to solve migration issues using creative thinking and the default set of tools.
By tyson.kopczynski on Mon, 08/17/09 - 2:12am.How do people typically do an Exchange Server 2007 cross-forest migration using the basic set of tools provided by Microsoft? Well, to summarize the process, most people tend to perform Active Directory object migration via ADMT and then "move" user mailboxes using the Move-Mailbox cmdlet. Or, at least that tends to be the path of least resistance. On the other hand, if the need should arise, there are also a number of other paths that can be taken to achieve the same goal.
Case in point, what if ADMT is for some reason not “migrating” a majority of an object’s attributes (like anything mail related). Compounding the issue, what if moving a single mailbox (without any data) using the Move-Mailbox cmdlet is taking 4 hours. Oh, did I mention that the entire migration has to be completed over the weekend. :>)
At this point, you might be turning to a third-party vendor to complete your migration (which might also encounter the same issues). However, what if I were to tell you there are other ways to complete a cross-forest migration using the same set of tools you have already been given. For example, did you know that you can use the mail recipient cmdlets in Exchange Server 2007 to examine information from an organization in a remote forest?
To better understand what I’m talking about, let’s look at the Get-Mailbox cmdlet. This cmdlet has two related parameters to our conversation: Credential and DomainController. By defining these parameters correctly, I can connect to a remote organization and pull information about the mailboxes in this organization.
Let’s take a look:
$SourceGC = "sourcedc01.mydomain.com"
$AdminCred = Get-Credential
Get-Mailbox -DomainController $SourceGC -Credential $AdminCred
Shazam! You can now pull in mailbox information from a remote organization. But, how does this relate to performing a migration. Well… the scenario works like this.
- We will assume that you have some form of co-existence in place (contacts galore).
- Next, you perform the botched ADMT migration to ensure that you now have migrated accounts + sid-history within the target forest.
- Next, using a little PowerShell scripting arm grease you can do the following:
- Read the information from the existing contacts in the target organization.
- Read the remote organization’s recipient information.
- Create dail-tone mailboxes for mail-enabled users, distribution groups, contacts in the target organization.
- Remove the existing contacts from the target organization.
- Using the remote recipient information and the target contact information correctly stamp your new recipients.
- Lastly, clean-up the recipients from the source organization (needs to be executed from the source organization).
Yes, I’m skirting around topics such as mailbox data, profile redirection and such… But, even those have solutions as well. For instance, when tackling the mailbox data… Your first concern is to get mailbox access and mail flow going ASAP. Provided that is working, you could then export the existing data from all of the source organization mailboxes and then over time stream that data back into the dial-tone mailboxes that were just created. Or, just give the user the resulting PST file. :>)
Hopefully… this post spawns ideas when faced with wall. After all, walls are meant to be climbed. Lastly… for those of you who boulder… I’m slowly getting back to where I used to be. After today, I’m just about ready to cracked my first V4 and V5 since starting up climbing again. No beta please! Let’s just climb…
If you like this, check out some other posts from Tyson:
- When a computer science degree matters, and when it doesn't
- Since when did cloud computing become/need a manifesto?
- Why would one phish using a Certificate Authority (CA) as bait?
- Would I trust you, if everyone else trusted you?
- Here is a good question: Is scripting programming or just systems administration?
- PowerShell boy and the case of the missing cmdlets!
- Fun with PowerShell 2.0 Eventing!
- Creating a custom 404 page to handle link redirection for ASP.NET web applications
Or if you want, you can also check out some of Tyson's latest publications:
- Windows PowerShell Unleashed (2ndEdition)
- Windows Server 2008 Unleashed (Yes, I did help on this book)
Lastly, visit the Microsoft Subnet for more news, blogs, and opinions from around the Internet. Or, sign up for the bi-weekly Microsoft newsletter. (Click on News/Microsoft News Alert)
Recent Blog Posts
- About Hidden Microsoft
With more than ten years of experience in IT, Tyson Kopczynski has become a specialist in Active Directory, Information Assurance, Windows automation, PKI, and IT security practices. Tyson is also the founding author of the Windows PowerShell Unleashed series and has been a contributing author for such books as Microsoft Internet Security and Acceleration (ISA) Server 2006 Unleashed and Microsoft Windows Server 2008 R2 Unleashed. He has also written many detailed technical papers and guides covering various technologies. As a consultant at Convergent Computing, Tyson works with and provides feedback for next generation Microsoft technologies since their inception and has also played a key role in expanding the automation and security practices at CCO. Tyson also holds such certifications as the Certified Information Systems Security Professional (CISSP), the SANS Security Essentials Certification (GSEC) and SANS Certified Incident Handler (GCIH), and the MCTS (Application Platform, Active Directory, and Network Infrastructure).
Certifications:
- Certified Information Systems Security Professional (CISSP)
- SANS GIAC Security Essentials Certification (GSEC)
- SANS GIAC Certified Incident Handler (GCIH)
- MCTS (Application Platform, Active Directory, and Network Infrastructure)
- Microsoft Certified Systems Engineer (MCSE) Security
- CompTIA Security+
Publications:
- Windows PowerShell Unleashed (author)
- System Center Enterprise Suite Unleashed (author)
- Microsoft Windows Server 2008 Unleashed (contributing author)
- Microsoft Windows Server 2003 Unleashed (contributing author)
- Microsoft ISA Server 2006 Unleashed (contributing author)
- Microsoft ISA Server 2004 Unleashed (contributing author)
- Microsoft SharePoint 2007 Unleashed (contributing author)
- Microsoft SharePoint 2003 Unleashed (contributing author)
Other Stuff:
- Blogger NetworkWorld.com from June 2007
- GIAC Advisory Board from 2009
- Lecturer / Speaker (Information Technology or Security related)
- SANS Local Mentor (active in Japan)
- CompTIA Security+ SME (a long time ago)
- Judge, Imagine Cup 2005 Int'l IT Competition
- Judge, Imagine Cup 2007 Int'l IT Competition
-
-
Most Discussed Posts
- On The Web
-
Network World, Inc
The Connected Enterprise