Edit: This post has been updated on 5/11/07 to change the wording around hybrid forest deployment.
Cross-org Mailbox Moves
Cross Org migrations are the ones where a mailbox needs to be moved from one Exchange Organization to another. Since there can only be one Exchange Organization per Forest, that means moving the mailbox between two different Forests.
Exchange Migration Wizard was used to perform this task in Exchange 2003. Exchange 2007 has incorporated Cross Org migrations into the server code base, so now Administrators can perform these moves by using the same task used for Intra Org migrations: Move-mailbox.
The following versions are supported for this kind of move:
Source Server:
Target Server:
Exchange Permission requirements:
Process Overview
Move-Mailbox in a Cross Org scenario can be divided in the following steps:
New functionality added for Exchange 2007
Pre-Validation and New and Improved Logging
As described in my previous post, move-mailbox has added a pre-validation feature that performs a series of checks before actually trying to move the mailbox. This feature saves time by identifying errors right away instead of waiting until they happen during an actual move.
Also, Exchange 2007 Move-mailbox improves greatly on logging available for Migration Wizard (event logs). We now have more comprehensive Event logs, a XML Report and a troubleshooting log. All logs are enabled by default and are located at <Exchange Root> \Logging\MigrationLogs\.
New Options available
A variety of new options are available to Administrators when moving mailboxes across Exchange Organizations. Here are a few examples that demonstrate their syntax:
$s = get-credential
get-mailbox -DomainController 'forestAdc1.extest.com' -Credential $s -database 'Server1\DatabaseA' | move-mailbox -TargetDatabase 'Server2\Database1' -Identity 'testMailbox1' -SourceForestGlobalCatalog 'forestA.extest.com' -GlobalCatalog 'forestB.extest.com' -DomainController 'forestBdc1.extest.com' -NTAccountOU 'OU=UsersOU, DC=forestB, DC=extest, DC=com' -MaxThreads 8 -SourceMailboxCleanupOptions DeleteSourceNTAccount -SourceForestCredential $s -TargetForestCredential $t -ReportFile "C:\Logs\migrationReport.xml"
get-mailbox -DomainController 'forestAdc1.extest.com' -Credential $s -database 'Server1\DatabaseA' | move-mailbox -TargetDatabase 'Server2\Database1' -Identity 'testMailbox1' -SourceForestGlobalCatalog 'forestA.extest.com' -GlobalCatalog 'forestB.extest.com' -DomainController 'forestBdc1.extest.com' -NTAccountOU 'OU=UsersOU, DC=forestB, DC=extest, DC=com' -PreserveMailboxSizeLimit -IgnorePolicyMatch -SourceMailboxCleanupOptions DeleteSourceMailbox -SourceForestCredential $s -TargetForestCredential $t
get-mailbox -DomainController 'forestAdc1.extest.com' -Credential $s -database 'Server1\DatabaseA' | move-mailbox -TargetDatabase 'Server2\Database1' -Identity 'testMailbox1' -SourceForestGlobalCatalog 'forestA.extest.com' -GlobalCatalog 'forestB.extest.com' -DomainController 'forestBdc1.extest.com' -AllowMerge -StartDate '01/10/06' -EndDate '01/11/06' -SubjectKeywords "Exchange" -RetryInterval 5 -RetryTimeout 90 -SourceForestCredential $s -TargetForestCredential $t
Deprecated Options
The following options present in Migration wizard are no longer supported:
Move Mailbox Cross Org and Active Directory Forests
Most of the Move Mailbox Cross Org scenarios are closely related to the Active Directory Forests involved in the migration. Before looking at the customer scenarios and at their respective move-mailbox syntax, let's go over the definition of the different Forests types and all the supported combinations among them.
Active Directory Forests Configurations
There are basically four types of Forests related to Cross Org migrations:
If we represent these types as blocks, we would have the following combinations:
Even though Move-Mailbox supports migrating content among all the four Forest types described above, By default, GALSync in MIIS does not synchronize recipients in both forests in a hybrid forest scenario. However, you can create a customized MIIS solution so that GALSync will synchronize recipients in both forests.
Customer scenarios for Cross Org mailbox move
These are the supported customer scenarios for Cross Org migrations:
This is a scenario where a company decides move some part of its business like a division, to separate forest, be it because the division will become an independent company or because it has different technical requirements. In this situation, the Administrator should use ADMT to move user's accounts from the source Forest to the target Forest and then use move-mailbox to move that same user's mailbox.
This is the scenario where a company decides to consolidate mailboxes from various Forests into a single Forest. Administrators should first migrate users using ADMT and then use move-mailbox to move that same user's mailbox.
By separating the User Account Forest from the Mailbox Forest, Exchange and Windows administrators can be completely separated. In this scenario mailboxes should be migrated by move-mailbox, leaving the enabled user account on the source Forest. Therefore the cleanup option used should be delete source mailbox.
Another scenario for migrating from a Single Forest to a Resource Forest is that of a company that outsources email management but retains User Account management. Technical requirements should be similar to the previous scenario.
This is the opposite of the last two scenarios. If for some reason a company that had its mailboxes in a separate Forest decides to bring them to the User Forest, the easier solution would be to migrate all the external mailboxes back into the Login Account Forest. In this case however, the cleanup option should be to delete user account since the linked disabled user on the Resource Forest will not be needed anymore.
This is the case where an Exchange 2007 server is installed (in any Forest configuration) and mailboxes from a legacy server (Exchange 2000/2003) are moved to this server. Since this applies to any of the scenarios above, the cleanup option used should follow the requirements described earlier depending on the Forest configuration.
This is the case where mailboxes are moved among Exchange 2007 servers inside a company due to some logical or physical change. Like the previous scenario, this applies to any of the Forest configurations described above and therefore the cleanup option used should follow the requirements described earlier accordingly.
Other Examples for moving mailboxes between different Forests:
Get-mailbox -DomainController 'forestAdc1.extest.com' -Credential $s -database 'SourceServer1\SourceDB1' | move-mailbox -TargetDatabase 'TargetServer1\TargetDB1' -SourceForestGlobalCatalog 'forestA.extest.com' -GlobalCatalog 'forestB.extest.com' -DomainController 'forestBdc1.extest.com' -NTAccountOU 'OU=UsersOU, DC=forestB, DC=extest, DC=com' -SourceMailboxCleanupOptions DeleteSourceNTAccount -SourceForestCredential $s -TargetForestCredential $t
Get-mailbox -DomainController 'forestAdc1.extest.com' -Credential $s -database 'SourceServer1\SourceDB1' | move-mailbox -TargetDatabase 'TargetServer1\TargetDB1' -SourceForestGlobalCatalog 'forestA.extest.com' -GlobalCatalog 'forestB.extest.com' -DomainController 'forestBdc1.extest.com' -NTAccountOU 'OU=UsersOU, DC=forestB, DC=extest, DC=com' -SourceMailboxCleanupOptions DeleteSourceMailbox -SourceForestCredential $s -TargetForestCredential $t
Get-user -DomainController 'forestAdc1.extest.com' -Credential $s | where { $_.Department -ilike "Accounting" } | move-mailbox -TargetDatabase 'Server2\DB1' -SourceForestGlobalCatalog 'forestA.extest.com' -GlobalCatalog 'forestB.extest.com' -DomainController 'forestBdc1.extest.com' -NTAccountOU 'OU=UsersOU, DC=forestB, DC=extest, DC=com' -SourceMailboxCleanupOptions DeleteSourceNTAccount -SourceForestCredential $s -TargetForestCredential $t
Get-mailbox -DomainController 'forestAdc1.extest.com' -Credential $s -database 'Database1' | where {$_.StorageQuota -gt "500KB"} | move-mailbox -TargetDatabase 'Server2\DB1' -SourceForestGlobalCatalog 'forestA.extest.com' -GlobalCatalog 'forestB.extest.com' -DomainController 'forestBdc1.extest.com' -NTAccountOU 'OU=UsersOU, DC=forestB, DC=extest, DC=com' -SourceMailboxCleanupOptions DeleteSourceMailbox -SourceForestCredential $s -TargetForestCredential $t
Get-CASMailbox -DomainController 'forestAdc1.extest.com' -Credential $s | where {$_.MobileMailboxPolicy -ilike 'MobilePolicy1*'} | move-mailbox -TargetDatabase 'Server2\DB1' -SourceForestGlobalCatalog 'forestA.extest.com' -GlobalCatalog 'forestB.extest.com' -DomainController 'forestBdc1.extest.com' -NTAccountOU 'OU=UsersOU, DC=forestB, DC=extest, DC=com' -SourceMailboxCleanupOptions DeleteSourceMailbox -SourceForestCredential $s -TargetForestCredential $t
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.