Search WWW Search

Tuesday, May 22, 2012

Exchange 2007 to Exchange 2010 Cross Forest Migration Job Aid

Here is a production job aid I've created to perform cross forest mailbox moves migrating from Exchange 2007 to Exchange 2010.


This Job Aid is to provide the steps required to migrate a ipcfcdom user account and mailbox to corp.dom The instructions will cover using ADMT to migrate the user account, profile and computer. The instructions will also cover using Powershell to migrate the mailbox. Finally the instructions will cover migrating the SharePoint and ResolveIT accounts.


This document is intended for use by Server Engineering.


Step Description

CORP.DOM = New Target Forest
IPCFCDOM= Source Forest


Verify that the computer is Wired and set classID to corp “ipconfig /setclassid * corp” (This may not apply to you. This is to ensure new migrated systems will use the DHCP servers in the new Forest and not the source Forest)

1. Provision source AD account to be Exchange Aware.

a. Log into DCEXCASP01 (Target Exchange 2010 CAS Server). Launch Exchange Management Shell Start  All Programs  Microsoft Exchange Server 2010

b. Change directory to C:\Program Files\Microsoft\Exchange Server\V14\Scripts

c. Type: $Local = Get-Credential you will get a windows prompt. Enter your admin credentials for the ipcfcdom domain. Type: $Remote = Get-Credential you will get a windows prompt. Enter your admin credentials for the corp.dom domain.

d. Delete the GALsync contact in the Corp domain OU GalSync\FromILM for the user you are migrating. If you don’t it merges with the contact producing john doe1734633. Then you will need to rename it to take out the random numbers and set the contact to apply email address policy and set corp as the external address.

.\Prepare-MoveRequest.Ps1 -Identity "CN=Alexander Htet,OU=reston,DC=ipcfcdom,DC=inphonic,DC=com" -RemoteForestDomainController "" -RemoteForestCredential $Remote -LocalForestDomainController "eqdcp01.corp.dom" -LocalForestCredential $Local -TargetMailUserOU "OU=FromILM,OU=GALSync,DC=corp,DC=dom" -UseLocalObject –overwritelocalobject

New-MoveRequest -Identity "CN=alexander htet,OU=FromILM,OU=GALSync,DC=corp,DC=dom" -RemoteLegacy -TargetDatabase "mdb04 tier2" -baditemlimit 100 -acceptlargedataloss -RemoteGlobalCatalog "" -RemoteCredential $Remote -TargetDeliveryDomain "corp.dom" -SuspendWhenReadyToComplete

Ignore Warning Message

WARNING: When an item can't be read from the source database or it can't be written to the destination database, it

will be considered corrupted. By specifying a non-zero BadItemLimit, you are requesting Exchange not copy such items to

the destination mailbox. At move completion, these corrupted items will not be available at the destination mailbox.

e. To check the status of the mailbox move, launch Exchange Management Console

f. Expand Recipient Configuration  Move Requests. Double click the user to get the stats on progress

2. Migrate the user account to corp.dom using ADMT

a. Log into the ADMT server EQDCP03.CORP.DOM with svcadmt account

b. Launch Active Directory Migration Tool on desktop

c. Action menu, user account migration Wizard

d. 1. Welcome page, next

e. 2. Domain selection, click next. All fields should be pre-populated

f. Source: DC: fcrs05 Target: Corp.dom DC: Eqdcp01

g. Select Users from Domain

h. Add and find the user to be migrated

i. Target OU choose destination OU

j. Password Options, Migrate Passwords

k. Password Migration Source DC: fcrs05

l. Enable Target Accounts. Migrate user SIDS to target domain

m. Enter ipcfcdom\svcadmt credentials

n. Fix users group memberships

o. Object Property Exclusion, leave blank

p. Migrate and merge conflicting objects. Move merged objects to the specified Organization unit

q. Finish

3. Migrate the user profile using ADMT

a. Action menu, security Translation Wizard

b. Welcome page, next

c. Previously migrated objects

d. Domain selection, click next. All fields should be pre-populated

e. Select computers from domain

f. Add and find computer to be migrated. Domain selected should be ipcfcdom

g. Translate Objects, User profiles.

h. Security Translation Options, Add

i. Finish.

j. Log in corp.dom ADUC. Locate the migrated account and uncheck “user must change password at next logon”

After a few seconds the Active Directory Migration Tool Agent Dialog menu will pop up. Select the radio button “Run pre-check and agent operation” and click start. If you get the following error below it means the corp\svcadmt is not local admin on the client machine.

Unable to determine the local path for ADMIN share on the machine "desktop". rc=-2147024891

When the Agent Operation changes from Running to Successful, click Close.

4. Migrate the computer to corp.dom using ADMT

a. Action menu, computer migration Wizard

b. Welcome page, next

c. Domain selection, click next. All fields should be pre-populated

d. Select computers from domain

e. Add. Location should be ipcfcdom

f. Target OU = Automatic Updates, Non Production, Infrastructure, Infrastucture Clients...

g. Translate Objects, unselect all.

h. Minutes before computers restart = 1

i. Object Property Exclusion, skip

j. Conflict Management. Migrate and merge conflicting objects. Move merged objects to the specified target Organizational Unit

k. Finish. Close. After a few seconds the Active Directory Migration Tool Agent Dialog menu will pop up. Select the radio button

l. Run pre-check and agent operation and click start. Ater status changes to completed you can click close.

5. Post User Configuration

a. When the computer has rebooted, ensure that user logs into corp.dom domain as the computer will still default to ipcfcdom.

b. Delete the "Closest GC” registry key. Search the registry for this key and delete it

c. Launch Outlook. You do not need to create a new profile. You will receive warning message that Outlook must restart due to administrative changes. Ignore the message and continue with Outlook.

6. Set the migrated user’s account extensionattribute15 to “migrated” so Galsync will not create contact for this user in the corp.dom domain. Failure to do this will create a contact for an already existing user in corp.dom causing email issues.

a. Log in dcexcasp01.corp.dom

b. Type adsiedit.msc in the run box

c. Expand Default Naming Contact and highlight the OU where the user resides.

d. Right click the user and properties. Search for extensionattribute15 and type in “migrated” without the quotes

7. Migrate the user’s SharePoint Account. You will need DB owner rights to SP DB.

a. Log into the SharePoint server DCSPAPPS01

b. Launch cmd

c. STSADM -o migrateuser –oldlogin ipcfcdom\user -newlogin corp\user –ignoresidhistory


You should receive “operation completed successfully”

Update the display name. After migrating the SharePoint account, the display name changes from John Doe to corp\jdoe. To change it back to the friendly name:

1. Log into SharePoint Server DCSPAPP01

2. Launch Powershell

3. Enter the following lines one at a time

a. [Reflection.Assembly]::Load("Microsoft.SharePoint, Version=, Culture=Neutral, PublicKeyToken=71e9bce111e9429c")

b. $site = New-Object -TypeName Microsoft.SharePoint.SPSite -ArgumentList

c. $user = $site.RootWeb.SiteUsers["corp\jdoe"]

d. $user.Name = "John Doe"

e. $user.Update()

After you migrate John Doe, and you’re ready to migrate a second user, you only need to type in lines C,D,E. You can copy and paste all 3 lines into powershell rather than entering in one at a time.

8. Migrate the user’s ResolveIT Account. You will need ResolveIT Sysadmin rights.

e. Log into the

f. Go to administration  System –Users  User Management

g. Click edit user. UserID enter bsmith and click find

h. Scroll down under the menu heading “Mandatory fields for all users”

i. Change the authentication Method to Primary (LDAP/Exchange/Active Directory)

j. Scroll down and click save

Manually Migrate User Profile Using Reg Hack

1. Log into machine with admin rights and launch regedit and naviate to

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList

2. Highlight the SID that corresponds to the Corp user. You can locate it by highlighting each SID entry and looking at the ProfileImagePath string value example C:\Users\bsmith.CORP.

3. Edit this entry to equal the profile path of the original ipcfcdom profile path.


ProfileImagePath = C:\Users\bsmith.CORP


ProfileImagePath = C:\Users\bsmith.ipcfcdom


Blogger Stephen Lembert said...

Exchange corruption can be resolved using EDB recovery tools. But apart from corruption there are other times as well when EDB to PST Conversion is equired. Stellar Phoenix EDB to PST Converter is one such remarkable tool that can perform online and offline conversion.

11:36 PM  
Anonymous John said...

There are various scenarios that require one to perform EDB to PST conversion. EDB to PST Converter with just a few clicks. Simply add EDB file to Source and convert one or more mailboxes from EDB to PST and save to desired location. Allows one to access mailboxes directly with Outlook after converting it to PST file.
For more details

5:41 AM  
Anonymous EDB to PST Converter said...

Thanks for sharing this helpful resource. There are also some third party applications which help to repair and recover the damaged Exchange database file and the recovered database can be mount directly on the server like I read that it supports all versions of MS Exchange server and provides two options. User can save the recovered database file either into .edb OR can export Exchange mailboxes in individual .pst files(which can be imported into MS Outlook).

9:16 AM  
Anonymous James Brian said...

Corrupted items in mailboxes is a big challenge in moving mailboxes from one forest to another or from one version to another version of MS Exchange Server. If a mailbox has too many corrupted items, the move request could not be completed. To make the moving process simple and easy, here are useful tips and methods: Effective Methods for EDB to PST Conversion


11:51 PM  
Blogger Gabriel said...

Hi everyone, I have a problem regarding the point 6, where I'm suppossed to modify in adsiedit the extensionattribute15 with the word "migrated" so the FIM won't create a duplicate contact... my problem is that nevertheless I had edited the attribute, the FIM still create the duplicate contact.....

any ideas where should I start troubleshooting this issue???

Thank you a lot

7:35 AM  
Anonymous Horvátországi apartmanok said...

I've enjoyed reading your posts,some very good news and important information. thanks

7:52 AM  
Blogger Robert Johnson said...

One of the most globally used edb to pst converter software which is used and recommended by most of technician. Easy to Use and perform conversion process with in few minutes. We recommended to use the free trial version first. In trial version you can see the preview of converted mailboxes.

2:16 AM  
Anonymous Anonymous said...

hello Gabriel, I am experiencing the same issue. Where you able to get around this?

3:09 PM  
Blogger Tom Brown said...

Great article, thanks for sharing useful tips to created to perform cross forest mailbox moves migrating from between exchange server. I found the good resource from that provides the automate facilitate to cross-forest Exchange Migration and apply real-time synchronization between two Exchange Servers in order to maintain coexistence and allows migration from any Exchange Server to Office 365

4:24 AM  

Post a Comment

<< Home

xml:lang="en" lang="en"> MS Exchange Tips: Exchange 2007 to Exchange 2010 Cross Forest Migration Job Aid