Customer questions relating to Exchange resource forests are becoming more and more common for our technical team. Organizations want to consolidate their existing Exchange environments to a single Active Directory (AD) forest runningExchange 2010
, while leaving their user accounts in their old AD domains.
Merging multiple AD forests into a single forest is a VERY
complex undertaking, which requires transitioning workstations, laptops, servers, printers and all applications that interact within that AD environment. So it’s no wonder that customers shy away from that migration project
and go with a brand new build-out of an Exchange resource forest to run their messaging environment in a more centralized, consolidated infrastructure.
This may become an even more common method to deploy Exchange 2013
when it is released. However, there are some serious challenges related to linking active user accounts from one AD environment to a separate Exchange AD forest and successfully migrating all the email data intact.
In this article, I’m going to discuss the different steps that MUST be performed to do this manually and describe how our E2E Complete software automates this entire process.
There are several key steps that have to be addressed during this resource forest migration process to ensure a successful transition with minimal impact to the user community. Binary Tree specializes in email migrations, and we have helped both small and enterprise customers through their transition to an Exchange 2010 resource forest. The sequential process steps I will cover in this blog article include the following:
- Create a Matching Mail-Enabled Account in the Target AD Forest (resource forest)
- Perform Cross-Forest (inter-org) Mailbox Migration from Source to Target
- Capture and Store ALL Exchange Account Attributes on the Target Account
- Disable the Account in the Target AD Forest (resource forest)
- Disable the Mailbox on the Target Account (which literally breaks the connection from AD with this new mailbox and leaves it in an orphan state)
- Link the Source AD Account to the Target Mailbox in new resource forest
- Re-stamp All Exchange Email Account Attributes back to the Target Account, such as the Source Legacy Exchange Distinguished Name (DN) which is needed for Outlook delegates, plus proxy addresses, etc.)
- Provide Roll-Back Process to Migrate User Mailboxes Back to Original Source (just in case you need to use it)
As you can see from the list items above this process is NOT something easily performed by an inexperienced administrator. Let me go into a little more detail on each of these steps and you will understand why using an automated migration management solution like E2E Complete will save you a lot of headaches.
Step 1: Create the Matching Mail-Enabled Accounts in the Target AD Forest (resource forest)
The first step in this process is to create mail enabled AD accounts in the target AD forest. This can be performed by using Microsoft’s ADMT tool, in conjunction with the “Prepare-Move” request in PowerShell. The free AD sync tool from Binary Tree
also provides this functionality and you don’t have to run any additional PowerShell commands to transition the necessary AD attributes from the source to target account.
Step 2: Perform a Cross-Forest (inter-org) Mailbox Move from Source to Target
The second step in this process is to migrate the existing mailboxes to the target environment and configure mail routing for each user. Once again you can do this manually by writing some complicated PowerShell scripts and then run them by hand. Or you can use the automated migration management product, E2E Complete
, from Binary Tree. This software product is easy to install and it provides a full scheduling engine to perform mailbox migrations Cross-Forest with total control over error handling, reporting, tracking and user communications.
Step 3: Capture and Store ALL Exchange Account Attributes on Target Account
The next step is very critical as you don’t want to lose the Exchange attributes for your user accounts. You will need to manually export those and store them in a separate file, or spreadsheet, so you can apply them later when you re-link the new mailbox to the source AD account. The E2E Complete product automatically gathers and maintains these attributes in its central database so they can be re-applied by the system automatically in Step 7 below.
Step 4: Disable the Account in the Target AD Forest (resource forest)
Now you have to disable the AD account in the target forest so that you can link the old source AD account to this new one. And this is yet another PowerShell script that you will have to write and run/monitor manually. Once again the E2E Complete product will perform this function automatically as part of the total migration process for a resource forest.
Step 5: Disable the Mailbox on the Target Account (which literally breaks the connection from AD with this new mailbox and leaves it in an orphan state)
There is one last step before you can link the two accounts (source and resource forest target). You must disable the Exchange mailbox in the target resource forest. This is where the existing AD attributes are completely lost and the mailbox is left in an orphaned state. You can perform this manually through the Exchange Management Console (EMC) or by writing a PowerShell script. If you use the E2E solution this will be handled for you automatically as part of the process steps.
Step 6: Link the Source AD Account to the Target Mailbox (in resource forest)
Now for the last couple steps which include the linking of the source AD account to the new account mailbox in the target resource forest. And yes, you guessed right, this is another PowerShell script that you will have to create and run manually. Here’s an example of the syntax you will need to write for each and every account:
Connect-Mailbox -Identity '816b9463-0d0c-4801-8454-0d1708586742' -Database "Mailbox Database 0517452211" -LinkedMasterAccount 'SamSmith@E2E.dom' -LinkedDomainController 'E2E-DC1b.DOM1.E2E.dom' -LinkedCredential $SourceADCred
The E2E Complete product will manage the linking of the source AD account with the new mailbox in the resource forest automatically.
Step 7: Re-stamp All Exchange Email Account Attributes back to the Target Account (such as the Sources Legacy Exchange DN --- needed for outlook delegates, proxy addresses, etc.)
Lastly, you will need to re-stamp all of those Exchange account attributes that were stored during Step 3 above. This is crucial, as you don’t want to break the Delegate access settings within their accounts and, among other things, you need to retain all proxy SMTP addresses that are related to their email account within Exchange. Once again the E2E Complete product will perform this function automatically as part of the total migration process for a resource forest.
Step 8: Provide Roll-Back Process to Migrate User Mailboxes Back to Original Source, (just in case you need to use it)
And step 8 is really about a safety net in case anything goes wrong during the process. You will need to write manual PowerShell scripts to do the reverse operations and transition the mailbox back to the original source environment in case of any issues during the migration process. With the E2E Complete product you simply need to select the user mailbox within the tracking system and right-click to move them back to the originating source Exchange server.
As you can see, it is a lengthy and complex process to migrate your Exchange environment to a new resource forest and link your source AD accounts which remain in your old directories. Performing all those steps manually with homegrown PowerShell scripts is a significant and complicated undertaking that lends itself to mistakes. To automate and simplify these tasks, plus take out the possibility of human error on your migration project, you should try out the best in class migration product from Binary Tree. Our E2E Complete
product will help you streamline your migration processing and speed the project to an early completion.