إضغط لتفاصيل الإعلانات



Results 1 to 10 of 10
Share
  1. #1
    Join Date
    Nov 2007
    Location
    Arab world!
    Posts
    6,169
    Blog Entries
    4
    Rep Power
    10

    Question A question about migration to a new forest!

    Dear All,
    I have a case and i hope you can help me.

    I need your opinions and experience about this case:
    I have a forest that have two domains (AD) with server 2003 and three exchange servers (1 mailbox ,Hub and Cas) so i need to create a new forest with the following:

    1. PDC windows 2003 to use in migration (intend to upgrade it to 2008 after migration)
    2.Additional DC 2008
    3.2008 File and print server.
    4.Three exchange servers
    Two mailbox cluster exchange server 2007 CCR
    One HUB-CAS server
    5.ForeFront client sercurity.

    Please provide me detailed steps with no microsoft links as it's hard to apply and i need the solution from your experience.

    Also if i can use the same domain name i mean if the old domain is EgyEng.com also in the new forest will be EgyEng.com and any issues in the migration?
    So please let me know your experience in such case?
    Also the problems and issues that may apperar when use ADMT and ILM.

    Thanks,


  2. Facebook Comments - تعليقـك على الفيس بوك يسعدنا ويطور مجهوداتنـا


  3. Forum Ads:

  4. Forum Ads:

    اضفط هنا لمعرفة تفاصيل الإعلانات بالموقع


  5. Forum Ads:

    -->

  6. #2

    Default

    Hi Mohamed ,
    According to the post, I know that you wonder if you could migrate your current forest to new one with mailbox migration . If I misunderstand it, please feel free to let me know.
    From my experience in that, It is very easy process but you have to be careful through that.

    First I see that you will build new Server 2003 DC in the new forest, actually there is no need for it, and you can migrate directly using Servers 2008 as domain controllers.
    You will use ADMT to migrate user’s accounts, passwords and computers accounts.

    Some times you may face problems with migrating computer accounts so be careful with that, you do not want to waste your time in joining those computers again.

    Of course before any step, remember to have full backup of your DCs and Exchange database.

    According to new forest name, You MUST have a different name either than your current name ( Will explain why later )

    First I would recommend you to upgrade your forest-domain level to 2003 level in the old forest, then finish every thing in the new forest ( Building your forest, Setup DCs and build your mail servers ).



    Make sure that your new domain is up and functional and you do not have any problem with the replication, Check your Exchange configurations using EX PBA.

    Ensure that the old domain's domain level is at least 2000 native mode. Start configures DNS in the old domain to make sure that you can see the new domain, i.e. configure conditional forwarder for the old domain to the new one. And vice versa (from the new one create conditional forwarder to the old domain).

    Create two way external trust relationship between two domains (that is why you must have different domain name). After successfully creating the trust relationship, go to the domain controller of the old domain, and then open Active Directory Domains and Trusts. Verify that the trust relationship successfully created.

    Now, your preparation is done and you will start the migration process.

    • Add administrator account of the new domain to administrators group of old domain.
    • On the target domain create an OU named Migrated Objects.
    • Install Active Directory Migration Tool (ADMT) on the target domain.
    • Follow steps described in ADMT document to create password export key file, take care that you have to create some registry keys on the old DC.
      • Restart source Domain Controller, and then start the Password Export server services.
      • Add everyone group and anonymous group to pre-windows2000 combatable group on the target domain (remove after completing migration).
      • Migrate Users’ accounts.

    • Start users’ accounts migration as described in ADMT.
    • Start computers’ accounts migration as described in ADMT.


    Now you done with AD migration and start Exchange Migration
    http://msexchangeteam.com/archive/20...02/430289.aspx

    This is the best article I used with migration Exchange 2007 from one Exchange Organization to another.

    You can use your exchange backup to import mailboxes using PST, I will not recommend this silly way for you.

    For more Information

    ADMT V 3.1 that support Windows Server 2008
    http://www.microsoft.com/downloads/d...displaylang=en

    ADMT v3.1 Guide: Migrating and Restructuring Active Directory Domains
    http://www.microsoft.com/downloads/d...displaylang=en

    Microsoft File Server Migration Toolkit 1.1

    http://www.microsoft.com/downloads/d...displaylang=en

  7. #3
    Join Date
    Nov 2007
    Location
    Arab world!
    Posts
    6,169
    Blog Entries
    4
    Rep Power
    10

    Default

    The link Now you done with AD migration and start Exchange Migration
    http://msexchangeteam.com/archive/20...02/430289.aspx


    I copy it as i found the site for that link is so slow

    Exchange 2007 Cross Org Mailbox Migration



    Edit: This post has been updated on 5/11/07 to change the wording around hybrid forest deployment.
    Cross-org Mailbox Moves
    Cross Org migrations are the ones where a mailbox needs to be moved from one Exchange Organization to another. Since there can only be one Exchange Organization per Forest, that means moving the mailbox between two different Forests.
    Exchange Migration Wizard was used to perform this task in Exchange 2003. Exchange 2007 has incorporated Cross Org migrations into the server code base, so now Administrators can perform these moves by using the same task used for Intra Org migrations: Move-mailbox.
    The following versions are supported for this kind of move:

    Source Server:
    • Exchange 2000 SP3 (or later)
    • Exchange 2003 SP1 (or later)
    • Exchange 2007
    Target Server:
    • Exchange 2003 SP1 (or later)
    • Exchange 2007
    Exchange Permission requirements:
    • Logon account for the user who is running Move-Mailbox needs to be a granted the "Exchange Recipient Administrators" role for Source and Target Forests and "Exchange Servers" role for both source and target Server. Permissions for legacy Exchange Servers remain the same as they were for Exchange 2003 Migration Wizard.
    Process Overview


    Move-Mailbox in a Cross Org scenario can be divided in the following steps:
    1. Open Server Connections

    • Connect to the source and target server - checks if credential and server version is valid
    1. Gather Source Information

    • Read source User Mailbox attributes
    • Check if source mailbox is a system mailbox (Fail if it is)
    • Check if source user does not have a mailbox (Fail if it does not)
    1. Gather Target information

    • Check mailbox size limit against target database limits
    • Check if we can match the source NT account in the target Forest (account match based on SMTP address, source objectSID and target sidHistory, and legacyExchangeDN). If match is found, this account will be email enabled.
    • Check if target mailbox exists (used to determine if merge is needed)
    • Check if source mailbox is a resource mailbox (If it is the target user must be disabled)
    1. Update Directory Information before Move

    • Lock access to source mailbox
    • Create the target mailbox
    • Lock target mailbox
    1. Move Mailbox Content

    • Move the mailbox content
    1. Update Directory Information after Move

    • Update mailbox location attributes on source and target user accounts
    • Unlock target mailbox
    1. Post-Migration Cleanup:

    • Remove Source mailbox / Remove AD User if cleanup parameter was used
    • Unlock Source mailbox if no cleanup was specified
    New functionality added for Exchange 2007
    Pre-Validation and New and Improved Logging

    As described in my previous post, move-mailbox has added a pre-validation feature that performs a series of checks before actually trying to move the mailbox. This feature saves time by identifying errors right away instead of waiting until they happen during an actual move.
    Also, Exchange 2007 Move-mailbox improves greatly on logging available for Migration Wizard (event logs). We now have more comprehensive Event logs, a XML Report and a troubleshooting log. All logs are enabled by default and are located at \Logging\MigrationLogs\.
    New Options available

    A variety of new options are available to Administrators when moving mailboxes across Exchange Organizations. Here are a few examples that demonstrate their syntax:
    • Credentials example: Before going into move-mailbox examples, it is worth mentioning how the credentials variables are populated for the moves. Here is an example to add a credential to a variable called $s. After typing the command, a user and password dialog will pop up. You should enter the credential that will be used for the move, using the domain/user format for the user name:
    $s = get-credential
    • Example 1: The following command moves mailboxes in clone mode (specified by the NTAccountOU parameter) using specific Global Catalogs and target Domain controller (parameters SourceForestGlobalCatalog, GlobalCatalog and DomainController). Eight mailboxes will be moved simultaneous threads (-MaxThreads 8) and at the end the source NT account will be deleted (-SourceMailboxCleanupOptions DeleteSourceNTAccount).It also uses the -ReportFile parameter to specify the directory and file name for the migration XML report:
    get-mailbox -DomainController 'forestAdc1.extest.com' -Credential $s -database 'Server1\DatabaseA' | move-mailbox -TargetDatabase 'Server2\Database1' -Identity 'testMailbox1' -SourceForestGlobalCatalog 'forestA.extest.com' -GlobalCatalog 'forestB.extest.com' -DomainController 'forestBdc1.extest.com' -NTAccountOU 'OU=UsersOU, DC=forestB, DC=extest, DC=com' -MaxThreads 8 -SourceMailboxCleanupOptions DeleteSourceNTAccount -SourceForestCredential $s -TargetForestCredential $t -ReportFile "C:\Logs\migrationReport.xml"
    • Example 2: The following command moves mailboxes in clone mode (specified by the NTAccountOU parameter) using specific Global Catalogs and target Domain controller (parameters SourceForestGlobalCatalog, GlobalCatalog and DomainController). By using the PreserveMailboxSizeLimit option the command preserves the existent mailbox limits after moving them to the target database. It also uses the IgnorePolicyMatch option which will move the mailbox without trying to match Managed Folder, Unified message and ActiveSync policies and therefore losing these settings (move-mailbox by default will try to match source mailbox's existent policies to same named policies at the target Organization and fail the move if no match is found). Finally, the command deletes the source mailbox after the move is complete (by using -SourceMailboxCleanupOptions DeleteSourceMailbox) :
    get-mailbox -DomainController 'forestAdc1.extest.com' -Credential $s -database 'Server1\DatabaseA' | move-mailbox -TargetDatabase 'Server2\Database1' -Identity 'testMailbox1' -SourceForestGlobalCatalog 'forestA.extest.com' -GlobalCatalog 'forestB.extest.com' -DomainController 'forestBdc1.extest.com' -NTAccountOU 'OU=UsersOU, DC=forestB, DC=extest, DC=com' -PreserveMailboxSizeLimit -IgnorePolicyMatch -SourceMailboxCleanupOptions DeleteSourceMailbox -SourceForestCredential $s -TargetForestCredential $t
    • Example 3: This command moves mailboxes in merge mode (specified by the AllowMerge parameter) using specific Global Catalogs and target Domain controller (parameters SourceForestGlobalCatalog, GlobalCatalog and DomainController). We only want to merge content that matches the specified date interval (-StartDate and -EndDate) and that has the work "Exchange" as part of the message subject (-SubjectKeywords). We also increased the Interval and Timeout settings for lookup operations (-RetryInterval and -RetryTimeout). No cleanup option is used because this is a merge move:
    get-mailbox -DomainController 'forestAdc1.extest.com' -Credential $s -database 'Server1\DatabaseA' | move-mailbox -TargetDatabase 'Server2\Database1' -Identity 'testMailbox1' -SourceForestGlobalCatalog 'forestA.extest.com' -GlobalCatalog 'forestB.extest.com' -DomainController 'forestBdc1.extest.com' -AllowMerge -StartDate '01/10/06' -EndDate '01/11/06' -SubjectKeywords "Exchange" -RetryInterval 5 -RetryTimeout 90 -SourceForestCredential $s -TargetForestCredential $t
    Deprecated Options


    The following options present in Migration wizard are no longer supported:
    • Creating new enabled user accounts: This option was removed because we found that most customers were already using ADMT to migrate their user accounts instead of creating a new account during migration and adding detailed information later. Move-mailbox is still able to create mailbox enabled disabled user accounts (used in the Resource Forest configuration).
    • Graphic interface: Currently the only way to perform a Cross Org migration is by using the move-mailbox task from an Exchange Management Shell. An EMC wizard is planned for later versions.
    • Support for Exchange 5.5 servers: Exchange 5.5 mailboxes need to be migrated to Exchange 2000/2003 first and then to Exchange 2007.
    Move Mailbox Cross Org and Active Directory Forests

    Most of the Move Mailbox Cross Org scenarios are closely related to the Active Directory Forests involved in the migration. Before looking at the customer scenarios and at their respective move-mailbox syntax, let's go over the definition of the different Forests types and all the supported combinations among them.
    Active Directory Forests Configurations


    There are basically four types of Forests related to Cross Org migrations:
    • Single Exchange Forest: A single forest that has Exchange installed and it is not connected to any other Active Directory forest.
    • User Forest: Forest that contains only User Accounts. An Exchange server is not installed in this forest. It can be connected to other Active Directory Forests but it does not require any synchronization.
    • Exchange Forest: Forest that contains mailboxes and user accounts (enabled or disabled) and contacts. This type of configuration is actually divided in two distinct types: In a Single Forest and Cross Forest set up, user accounts are always enabled and mailbox enabled. In Resource Forest, the mailboxes are attached to disabled user accounts in one Forest and associated to user accounts in the user forest.
    • Hybrid Forest: This is a Forest configuration that are each a mix of User and Exchange Forests. That is, each may contain a combination of enabled and disabled User Accounts that are either mail enabled or mailbox enabled. This configuration is different than a Resource Forest because both Forests have mailboxes, and is also different than a classic Cross Org configuration because you might find mail enabled users and disabled mailbox enabled users in the same Forest.
    If we represent these types as blocks, we would have the following combinations:

    Even though Move-Mailbox supports migrating content among all the four Forest types described above, By default, GALSync in MIIS does not synchronize recipients in both forests in a hybrid forest scenario. However, you can create a customized MIIS solution so that GALSync will synchronize recipients in both forests.
    Customer scenarios for Cross Org mailbox move

    These are the supported customer scenarios for Cross Org migrations:
    1. Company Divestiture (Single Forest to Cross Forest)
    This is a scenario where a company decides move some part of its business like a division, to separate forest, be it because the division will become an independent company or because it has different technical requirements. In this situation, the Administrator should use ADMT to move user's accounts from the source Forest to the target Forest and then use move-mailbox to move that same user's mailbox.
    1. Company Merger/Acquisition (Cross Forest to Single Forest)
    This is the scenario where a company decides to consolidate mailboxes from various Forests into a single Forest. Administrators should first migrate users using ADMT and then use move-mailbox to move that same user's mailbox.
    1. Split Windows\Exchange Administration (Single Forest to Resource Forest)
    By separating the User Account Forest from the Mailbox Forest, Exchange and Windows administrators can be completely separated. In this scenario mailboxes should be migrated by move-mailbox, leaving the enabled user account on the source Forest. Therefore the cleanup option used should be delete source mailbox.
    1. Host External Company (Single Forest to Resource Forest)
    Another scenario for migrating from a Single Forest to a Resource Forest is that of a company that outsources email management but retains User Account management. Technical requirements should be similar to the previous scenario.
    1. Bring Email Management in House (Resource to Single Forest)
    This is the opposite of the last two scenarios. If for some reason a company that had its mailboxes in a separate Forest decides to bring them to the User Forest, the easier solution would be to migrate all the external mailboxes back into the Login Account Forest. In this case however, the cleanup option should be to delete user account since the linked disabled user on the Resource Forest will not be needed anymore.
    1. Upgrade Exchange Server
    This is the case where an Exchange 2007 server is installed (in any Forest configuration) and mailboxes from a legacy server (Exchange 2000/2003) are moved to this server. Since this applies to any of the scenarios above, the cleanup option used should follow the requirements described earlier depending on the Forest configuration.
    1. Re-Alignment due to organizational or physical location changes
    This is the case where mailboxes are moved among Exchange 2007 servers inside a company due to some logical or physical change. Like the previous scenario, this applies to any of the Forest configurations described above and therefore the cleanup option used should follow the requirements described earlier accordingly.



    Other Examples for moving mailboxes between different Forests:
    • Migrate all mailboxes from a database and delete Source users:
    Get-mailbox -DomainController 'forestAdc1.extest.com' -Credential $s -database 'SourceServer1\SourceDB1' | move-mailbox -TargetDatabase 'TargetServer1\TargetDB1' -SourceForestGlobalCatalog 'forestA.extest.com' -GlobalCatalog 'forestB.extest.com' -DomainController 'forestBdc1.extest.com' -NTAccountOU 'OU=UsersOU, DC=forestB, DC=extest, DC=com' -SourceMailboxCleanupOptions DeleteSourceNTAccount -SourceForestCredential $s -TargetForestCredential $t
    • Migrate all mailboxes from a database and delete Source mailboxes:
    Get-mailbox -DomainController 'forestAdc1.extest.com' -Credential $s -database 'SourceServer1\SourceDB1' | move-mailbox -TargetDatabase 'TargetServer1\TargetDB1' -SourceForestGlobalCatalog 'forestA.extest.com' -GlobalCatalog 'forestB.extest.com' -DomainController 'forestBdc1.extest.com' -NTAccountOU 'OU=UsersOU, DC=forestB, DC=extest, DC=com' -SourceMailboxCleanupOptions DeleteSourceMailbox -SourceForestCredential $s -TargetForestCredential $t
    • Migrate mailboxes of that belong to Accounting department and delete Source users:
    Get-user -DomainController 'forestAdc1.extest.com' -Credential $s | where { $_.Department -ilike "Accounting" } | move-mailbox -TargetDatabase 'Server2\DB1' -SourceForestGlobalCatalog 'forestA.extest.com' -GlobalCatalog 'forestB.extest.com' -DomainController 'forestBdc1.extest.com' -NTAccountOU 'OU=UsersOU, DC=forestB, DC=extest, DC=com' -SourceMailboxCleanupOptions DeleteSourceNTAccount -SourceForestCredential $s -TargetForestCredential $t
    • Migrate mailboxes with storage limit smaller than 500KB and delete Source mailbox:
    Get-mailbox -DomainController 'forestAdc1.extest.com' -Credential $s -database 'Database1' | where {$_.StorageQuota -gt "500KB"} | move-mailbox -TargetDatabase 'Server2\DB1' -SourceForestGlobalCatalog 'forestA.extest.com' -GlobalCatalog 'forestB.extest.com' -DomainController 'forestBdc1.extest.com' -NTAccountOU 'OU=UsersOU, DC=forestB, DC=extest, DC=com' -SourceMailboxCleanupOptions DeleteSourceMailbox -SourceForestCredential $s -TargetForestCredential $t
    • Migrate mailboxes that are assigned to "MobilePolicy1" and delete Source users:
    Get-CASMailbox -DomainController 'forestAdc1.extest.com' -Credential $s | where {$_.MobileMailboxPolicy -ilike 'MobilePolicy1*'} | move-mailbox -TargetDatabase 'Server2\DB1' -SourceForestGlobalCatalog 'forestA.extest.com' -GlobalCatalog 'forestB.extest.com' -DomainController 'forestBdc1.extest.com' -NTAccountOU 'OU=UsersOU, DC=forestB, DC=extest, DC=com' -SourceMailboxCleanupOptions DeleteSourceMailbox -SourceForestCredential $s -TargetForestCredential $t

  8. Forum Ads:

  9. #4
    Join Date
    Nov 2007
    Location
    Arab world!
    Posts
    6,169
    Blog Entries
    4
    Rep Power
    10

    Default

    Thank you so much Mohamed for that great response.
    I didn't read the Exchange migration yet but i read something about the ILM that i'll use it for migration.
    Let me know your experience point in the exchange migration if there is any tricks ot issues.

    You said that in computer accounts i should take care about it so let me know what is the problems may i face. I have 300 users so i don't want to be fired .

    What is EX PBA?

    Thank you for your help my friend!.
    Regards,

  10. #5

    Default

    Hi Mohamed,
    from your post I understand that you are planing to use ILM, I suppose that you mean Identity life Manager if I am wrong please correct me.

    I do not think that there is need for ILM, if you have specific need for it please sahre it with me.

    EX PBA is standing for The Microsoft Exchange Best Practices Analyze, The Exchange Best Practices Analyzer programmatically collects settings and values from data repositories such as Active Directory, registry, metabase and performance monitor. Once collected, a set of comprehensive ‘best practice’ rules are applied to the topology.
    Administrators running this tool will get a detailed report listing the recommendations that can be made to the environment to achieve greater performance, scalability and uptime.

    The problems with users or computers migration mostly because of problem with old domain AD database, I faced many migration with corrupted AD, but do not worry most of the time it goes fine after solving AD problems, Check if your old domain has any problem with the replication and solve any problem before the migration.


    According to Exchange migration
    - first migrate your users accounts to a new AD forest (with SID history)
    - Then run Move-Mailbox (this will create the mailbox for the user, migrate the Outlook Rules, does not have to change Outlook Profile (using Outlook 2007). But this also migrate all the emails, calendar and so on.)

    http://technet.microsoft.com/en-us/l.../bb124797.aspx
    http://technet.microsoft.com/en-us/l.../aa997599.aspx

    http://msexchangeteam.com/archive/20...27/429522.aspx

    You can use export and import for mailboxes, Although Move-mailbox will finish the job but there was a time that after migration the users the old DC failed to continue the migration process, I used import mailbox to import files exported from Exchange 2003 database using EX Merge
    Last edited by mohamadoz; 12-01-2009 at 09:25 PM.

  11. Forum Ads:

  12. #6
    Join Date
    Nov 2007
    Location
    Arab world!
    Posts
    6,169
    Blog Entries
    4
    Rep Power
    10

    Default

    Dear Mohamed,
    Sorry for late answer, Yea it's ILM and the purpose is to share the GAL between the two forests till finishing the migration and moving the office (That's as TAM needs ).

    By the way the old site is already upgraded to exchange 2007

    One other related question, What are the examples of replication problem and how you will test it before migration? Just to try to replicate something or what?.


    Thank you so much for your efforts MOHAMED!

    Regards,

  13. #7

    Default

    From previous posts I can see that the number of users 300 users, I would not recommend ILM as it add another complexity level to your migration, but anyway you can go on with it.

    About replication you should check your replication state using ( replmon or repadmin ) and check all domain controllers for any replication errors or even DNS errors.
    Make sure that your PDC is accessible during the migration process and does n ot have any errors, Check the availability of other FSMO roles during the process.

  14. #8
    Join Date
    Nov 2007
    Location
    Arab world!
    Posts
    6,169
    Blog Entries
    4
    Rep Power
    10

  15. #9

  16. #10
    Join Date
    Nov 2007
    Location
    Arab world!
    Posts
    6,169
    Blog Entries
    4
    Rep Power
    10

Similar Threads

  1. Replies: 3
    Last Post: 24-04-2009, 12:41 AM
  2. Replies: 0
    Last Post: 14-02-2009, 10:04 PM
  3. Replies: 0
    Last Post: 14-02-2009, 10:03 PM
  4. Replies: 0
    Last Post: 14-02-2009, 10:01 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

أقسام المنتدى

الروابط النصية

تابع جروبنا على الفيس بوك

صفحة Egypt Engineers على الفيس بوك

تابعنا على linkedin

جروبنا على الياهو جروب