Paginas

24 January 2017

Exchange 2010 Inter-Organizations Migration – Remote Move






The migration scenario:
  • Two different forests;
  • Exchange 2007 in one forest and Exchange 2010 in the other;
  • Exchange 2007 with SP2 installed.


Requirements:
  • Create a DNS Conditional Forwarding on the source domain for the destination domain;
  • Create a DNS Conditional Forwarding on the destination domain for the source domain;
  • Before starting the migration itself, you need to trust between the two domains and deactivate SID Filtering:
    • Netdom trust destination.local /domain:source.local / quarantine: No / usero: destination\user / passwordo: *******
    • Netdom trust source.local /domain:destination.local / quarantine: No / usero: source\user / passwordo: ********

 
This way, when migrating with ADMT, users' SIDs remain the same (Filtering Disabled), thus ensuring the same permissions on files and groups in the target domain.
 
With ADMT installed on a server machine in the target domain, migrate the users/groups from the source to the destination (need to install the password exporter on a Domain Controller at the source, so we can guarantee the passwords are the same in both domains)
O In this document I will not go ahead with the ADMT settings.
 
 
Prepare the Migration:
  • In Exchange 2007 Source
    • You must create a connector that points all addresses to the exchange destination.
 
  • In Exchange 2010 Destination
    • Create all contacts of mailboxes in the source exchange (as external). Example:
    • New-MailContact -ExternalEmailAddress SMTP:First.Last@source.com -Name "First M. Last" -Alias ​​"FLast" -OrganizationalUnit "destination.local/Migration/Contacts"
    • Create the custom Distribution Lists manually in Exchange 2010 (groups have already been migrated) and delete on the source domain;
    •  Create all Legacy Address Lists manually and delete on the source domain. Example:
    • New-AddressList -Name "-RecipientFilter {((((Company -eq 'DL') -and ((Department -eq 'Dep') -or (department -eq 'Selection')) Container '\GroupCompanies\Company'
 
 
 
Migrate Mailboxes:
  •  Delete the contact in Exchange 2010 of the user to be migrated:
  • Open the Exchange Management console and navigate to:
    • C:\Program Files\Microsoft\Exchange Server\V14\Scripts
  • Enter the command and enter the domain admin credentials of the destination domain (source.local\username):
    • $Local = Get-Credential
  • Enter the command and enter the domain admin credentials of the source domain (destination.local\username):
    • $Remote = Get-Credential
  • Enter the command:
    • Enable-MailUser -Identity FLast -ExternalEmailAddress First.Last@source.com
  • Enter the command:
    • Prepare-MoveRequest.ps1 -Identity "CN=XXXX,OU=OU-XXXs,OU=OU-XXX,DC=source,DC=local" -RemoteForestDomainController DC.source.local -RemoteForestCredential $Remote -LocalForestDomainController DC.destination.local -LocalForestCredential $Local -TargetMailUserOU "OU=YYYY,OU=YYYYY,DC=destination,DC=local" -UseLocalObject
    • Validate that the following appears: "1 mailbox (s) ready to move."
  • Enter the command:
    • New-MoveRequest -Identity "CN=XXXX,OU=YYYY,OU=YYYYY,DC=destination,DC=local" -RemoteLegacy -TargetDatabase "StorageGroup" -RemoteGlobalCatalog DC.source.local -RemoteCredential $Remote -TargetDeliveryDomain "destination.local" -baditemlimit 100
    • Validate that the status has been queue.
  •  From this point on, the mailbox appears in Exchange 2010 under Move Request (Remote);
  • We can see the logs and migration time. Note that 1GB takes about 90 minutes;
  • Validate that the mailbox has been successfully migrated and clear the move request;
  • For each migrated mailbox, it is necessary to check/change the user's primary addresses in exchange 2010 (by default, the primary address is @destination.local);
  • If the Usar has more than one address, you have to add those same addresses in exchange 2010.
 
 
Post Migration:
 
  • Validate that all mailboxes are on the Exchange 2010 side;
  • Validate that public folders work correctly (in this Post I will not cover the Public Folder Migration);
  • Enter the source domain as authoritative domain;
  • Create a Receive Connector with all the IPs that were allowed to Relay in the source domain, like printers, servers, etc.
  • Point the MX Records from source domain to destination;
  • Some firewall operations may be required;
  • Test sending and receiving emails in Outlook;
  • Test sending and receiving emails by ActiveSync;
  • Uninstall Exchange 2007.
 
That's All Folks! :)

No comments:

Post a Comment