Exchange 2010 Cross-Forest Migration
Hallo zusammen,
Hier zeige ich euch mal das Vorgehen um eine Mailbox Cross-Forest von einer Windows 2003 Domain mit Exchange 2003 in eine Windows 2008 Domain mit Exchange 2010 zu moven.
Informationen
Vorgehen
1) Time Sync http://blog.icewolf.ch/archive/0001/01/01/zeitsynchronisation-im-netzwerk.aspx
2) Trust http://blog.icewolf.ch/archive/0001/01/01/active-directory-trust.aspx
3) Shared Maildomain (optional) http://blog.icewolf.ch/archive/2010/05/24/exchange-2003-2010-shared-email-namespace.aspx
4) Install ADMT http://blog.icewolf.ch/archive/2010/06/16/admt-3.1-part1-installation.aspx
5) Move User http://blog.icewolf.ch/archive/2010/06/16/admt-3.1-part2-move-users-and-groups.aspx
6) Mail Enable moved User in Target Domain
7) PrepareMove Request from Target Domain
8) Move Mailbox
9) Remove Move Request
6) Mail Enable moved User in Target Domain
Enable-MailUser -Identity MigratedUser -ExternalEmailAddress "Exchange 2003 Email Address"
Enable-MailUser -Identity j.right -ExternalEmailAddress john.right@public.com
Das AD Userobjekt erhält nun folgende zusätzlichen Exchange Attribute:
proxyAddresses: smtp:JohnRight@destination.internal
proxyAddresses: SMTP:john.right@public.com
legacyExchangeDN: /o=First Organization/ou=Exchange Administrative Group(FYDIBOHF23SPDLT)/cn=Recipients/cn=John Right
mail: john.right@public.com
internetEncoding: 1310720
targetAddress: SMTP:john.right@public.com
msExchUMDtmfMap: emailAddress:564674448
msExchUMDtmfMap: lastNameFirstName:744485646
msExchUMDtmfMap: firstNameLastName:564674448
mailNickname: JohnRight
msExchPoliciesIncluded: 2afe4339-3eb7-42b8-a14a-f77c821b3112
msExchPoliciesIncluded: {26491cfc-9e50-4857-861b-0cb8df22b5d7}
msExchVersion: 44220983382016
msExchRecipientDisplayType: 6
7) PrepareMove Request from Target Domain
$RemoteCredentials = get-credential
$LocalCredentials = get-credential
cd "C:\Program Files\Microsoft\Exchange Server\V14\Scripts"
./Prepare-MoveRequest.ps1 -Identity carla.bruni@public.com -RemoteForestDomainController source01.source.internal -RemoteForestCredential $RemoteCredentials -LocalForestDomainController destination01.destination.internal -LocalForestCredential $LocalCredentials -TargetMailUserOU "OU=DestinationOU,DC=destination,DC=internal" -UseLocalObject -LinkedMailUser
Gibt es einen Mail-Enabled User der übereinstimmt, so werden die weiteren Attribute gemerged.
Das AD Userobjekt erhält nun folgende zusätzlichen Exchange Attribute:
proxyAddresses: x500:/o=First Organization/ou=First Administrative Group/cn=Recipients/cn=j.right
msExchMailboxGuid:: H7kLIzpv9UGQbEzKDwZxhw==
Ist der mittels AMDT gemovte User nicht Mail Enabled, so gibt es keine übereinstimmung. Somit wird ein neues Userobjekt angelegt.
Das Resultat sieht dann so aus. Beim Mail Enabled User wird gemerged, beim User ohne Exchange Attribute wird ein neuer User erzeugt.
8) Move Mailbox
new-moverequest -identity j.right -RemoteLegacy -TargetDatabase "MDB01" -RemoteGlobalCatalog source01.source.internal -RemoteCredential $RemoteCredentials -TargetDeliveryDomain public.com
Das AD Userobjekt erhält nun folgende zusätzlichen Exchange Attribute:
CN=Mailboxes(VLV),CN=All System Address Lists,CN=Address Lists Container,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=destination,DC=internal
showInAddressBook: CN=All Mailboxes(VLV),CN=All System Address Lists,CN=Address Lists Container,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=destination,DC=internal
msExchMailboxMoveStatus: 10
msExchRBACPolicyLink:
CN=Default Role Assignment Policy,CN=Policies,CN=RBAC,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=destination,DC=internal
msExchMailboxMoveFlags: 73
msExchMailboxSecurityDescriptor::
AQAEjBQAAAAwAAAAAAAAAEwAAAABBQAAAAAABRUAAABsevM37CUu7XQQWYP0AQAAAQUAAAAAAAUVAA
AAbHrzN+wlLu10EFmD9AEAAAQArAENAAAAAAIUAAMAAgABAQAAAAAABQoAAAAAEiQAAQAPAAEFAAAA
AAAFFQAAAGx68zfsJS7tdBBZg+sDAAABEiQAAQAAAAEFAAAAAAAFFQAAAGx68zfsJS7tdBBZg1UEAA
ABEiQAAQAAAAEFAAAAAAAFFQAAAGx68zfsJS7tdBBZgwACAAABEiQAAQAAAAEFAAAAAAAFFQAAAGx6
8zfsJS7tdBBZgwcCAAABEiQAAQAAAAEFAAAAAAAFFQAAAGx68zfsJS7tdBBZg/QBAAAAEhQAAAACAA
EBAAAAAAABAAAAAAASFAAAAAIAAQEAAAAAAAUHAAAAABIkAAEAAAABBQAAAAAABRUAAABsevM37CUu
7XQQWYNVBAAAABIkAAAADwABBQAAAAAABRUAAABsevM37CUu7XQQWYNVBAAAABIkAAEADwABBQAAAA
AABRUAAABsevM37CUu7XQQWYP0AQAAABIkAAEADwABBQAAAAAABRUAAABsevM37CUu7XQQWYMHAgAA
ABIkAAEADwABBQAAAAAABRUAAABsevM37CUu7XQQWYMAAgAA
msExchMailboxMoveTargetMDBLink:
CN=MDB01,CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=destination,DC=internal
homeMTA: CN=Microsoft MTA,CN=DESTINATION01,CN=Servers,CN=Exchange Administrative Group
(FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,CN=Microsoft
Exchange,CN=Services,CN=Configuration,DC=destination,DC=internal
msExchUserAccountControl: 0
protocolSettings:: SFRUUMKnMcKnMcKnwqfCp8KnwqfCpw==
protocolSettings:: T1dBwqcx
msExchUMEnabledFlags2: -1
msExchMDBRulesQuota: 64
msExchRecipientTypeDetails: 1
msExchHomeServerName:
/o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Co
nfiguration/cn=Servers/cn=DESTINATION01
msExchPoliciesIncluded: 2bb233ea-3915-4a78-a3b6-58345898df54
msExchRecipientDisplayType: 1073741824
homeMDB:
CN=MDB01,CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=destination,DC=internal
msExchWhenMailboxCreated: 20100620134307.0Z
msExchTextMessagingState: 302120705
msExchTextMessagingState: 16842751
9) Remove Move Request
Get-Moverequest -MoveStatus completed | Remove-MoveRequest
Nach jedem Schritt habe ich die AD Objekte mit folgenden Befehlen aus dem AD Exportiert:
ldifde.exe -f C:\right01.txt -d "CN=John Right,OU=SourceOU,DC=source,DC=internal" -s source01.source.internal
ldifde.exe -f C:\right01.txt -d "CN=John Right,OU=DestinationOU,DC=destination,DC=internal" -s destination01.destination.internal
Ihr könnt euch die exportierten Dateien hier herunterladen.
