Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » AD merge with exchange 2007 srv, can ADMT do it?
AD merge with exchange 2007 srv, can ADMT do it? [message #156343] Mon, 15 June 2009 15:35 Go to next message
pgartner  is currently offline pgartner  Canada
Messages: 16
Registered: August 2009
Junior Member
Our company (AC) was just bought out by T Company and I want to merge
our active directories and exchange 2007 servers

Our goal is to merge the AD, keeping the users experience (profiles,
shares, emails) unchanged as much as possible. Then move the mailboxes
from the AC.local’s exchange 2007 server to the intranet.t.ca ‘s
exchange 2007 server, after which we can repurpose the ac.local mail
server.

I started reading the ADMT v3.1 guide. I feel that I need to have
prior knowledge on all the terms that they use in that book to
understand what I need to do

From what I understand ADMT can take care of the users/workstation
accounts and profiles. I’m confused on what trusts I need and what SID
history or SID filtering I should choose?

How does ADMT handle the exchange 2007 server/mailbox? Do I handle it
like a fileserver and (hope) the mailboxes follow?


This is what our networks look like now:

Source Network AC
Active directory domain: ac.local
AD level: 2000 native
Email domain: ac.ca
Domain controllers: windows 2000, 2003 and 2008
Exchange 2007 [member] server (hub, cas, mailbox)

Target Network T
Active directory domain: intranet.t.ca
AD level: 2000 native
Email domain: T.ca
Domain controllers: windows 2000, 2003
Exchange 2007 [member] server (hub, cas, mailbox)

Thanks

Paul
Re: AD merge with exchange 2007 srv, can ADMT do it? [message #156351 is a reply to message #156343] Mon, 15 June 2009 16:42 Go to previous messageGo to next message
Andrei Ungureanu  is currently offline Andrei Ungureanu  Romania
Messages: 82
Registered: July 2009
Member
ADMT will do user and computer account migration. After that you will need
to move the mailboxes with the builtin exchange tools (yeap, in case you did
not knew that) and set the environment for coexistence until the migration
is complete.
The process too complex to be listed here. Do a search with google for
"Exchange cross forest migration" and you will find some documentations.
Start building a virtual environment and test the migration steps. It's not
an easy project and probably you will need the help of a MS partner.

Andrei Ungureanu
www.itboard.ro

"pgartner" <pgartner@ln-tech.com> wrote in message
news:5a27a855-045f-46ec-98c2-fea6f70047aa@s1g2000prd.googlegroups.com...
Our company (AC) was just bought out by T Company and I want to merge
our active directories and exchange 2007 servers

Our goal is to merge the AD, keeping the users experience (profiles,
shares, emails) unchanged as much as possible. Then move the mailboxes
from the AC.local’s exchange 2007 server to the intranet.t.ca ‘s
exchange 2007 server, after which we can repurpose the ac.local mail
server.

I started reading the ADMT v3.1 guide. I feel that I need to have
prior knowledge on all the terms that they use in that book to
understand what I need to do

From what I understand ADMT can take care of the users/workstation
accounts and profiles. I’m confused on what trusts I need and what SID
history or SID filtering I should choose?

How does ADMT handle the exchange 2007 server/mailbox? Do I handle it
like a fileserver and (hope) the mailboxes follow?


This is what our networks look like now:

Source Network AC
Active directory domain: ac.local
AD level: 2000 native
Email domain: ac.ca
Domain controllers: windows 2000, 2003 and 2008
Exchange 2007 [member] server (hub, cas, mailbox)

Target Network T
Active directory domain: intranet.t.ca
AD level: 2000 native
Email domain: T.ca
Domain controllers: windows 2000, 2003
Exchange 2007 [member] server (hub, cas, mailbox)

Thanks

Paul
Re: AD merge with exchange 2007 srv, can ADMT do it? [message #156356 is a reply to message #156343] Mon, 15 June 2009 19:55 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"pgartner" <pgartner@ln-tech.com> wrote in message
news:5a27a855-045f-46ec-98c2-fea6f70047aa@s1g2000prd.googlegroups.com...

PGartner,

How far have you got with establising a two way forest trust and testing
migrating a test user account and then moving the mailbox? How many users
are in each forest?

As for co-existence, that is possible, but to merge, that is not in teh
sense of the word. You can coexist the two forests with making specific
internal MX records for each other, or if not too many users, do the
migration over a weekend. However, it is complex as I mentioned, and time
consuming to move mailboxes (depending on how many users and how large their
mailboxes are), once you've performed the user account migration, as well as
the computer account migration using ADMT. There are third party tools that
can do the whole thing for you, as well, such as the Quest migration tools.
http://www.quest.com/migration/

Ace
Re: AD merge with exchange 2007 srv, can ADMT do it? [message #156359 is a reply to message #156351] Mon, 15 June 2009 19:24 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"Andrei Ungureanu" <myname@mydomain.local> wrote in message
news:eGSHYnf7JHA.5828@TK2MSFTNGP04.phx.gbl...
> ADMT will do user and computer account migration. After that you will need
> to move the mailboxes with the builtin exchange tools (yeap, in case you
> did not knew that) and set the environment for coexistence until the
> migration is complete.
> The process too complex to be listed here. Do a search with google for
> "Exchange cross forest migration" and you will find some documentations.
> Start building a virtual environment and test the migration steps. It's
> not an easy project and probably you will need the help of a MS partner.
>
> Andrei Ungureanu
> www.itboard.ro

I agree Andrei,

This is a complex process to list out. I just did one two months ago for a
150 user system. There is some preparation establishing trusts, the ADMT
process, SIDHistory to insure coexistence and they can use their old
profiles with their new user account, then cross-forest Exchange
permissions, then moving mailboxes. And that move mailbox tool, however nice
it is, is complex and took some testing with test accounts and tweaking
permissions, before getting it to work right. Then we PST'd the PFs, etc.

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSA Messaging, MCT
Microsoft Certified Trainer
aceman@mvps.RemoveThisPart.org

For urgent issues, you may want to contact Microsoft PSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

"Efficiency is doing things right; effectiveness is doing the right
things." - Peter F. Drucker
http://twitter.com/acefekay
Re: AD merge with exchange 2007 srv, can ADMT do it? [message #156400 is a reply to message #156356] Tue, 16 June 2009 11:46 Go to previous messageGo to next message
pgartner  is currently offline pgartner  Canada
Messages: 16
Registered: August 2009
Junior Member
On Jun 15, 7:55 pm, "Ace Fekay [Microsoft Certified Trainer]"
<ace...@mvps.RemoveThisPart.org> wrote:
> "pgartner" <pgart...@ln-tech.com> wrote in message
>
> news:5a27a855-045f-46ec-98c2-fea6f70047aa@s1g2000prd.googlegroups.com...
>
> PGartner,
>
> How far have you got with establising a two way forest trust and testing
> migrating a test user account and then moving the mailbox? How many users
> are in each forest?

i have setup and external 2-way trust so far, and sid filtering is
enable (the wizzard does that by default) i think i have to remove
that right?

do i need to remove the external trust and build a forest trust?

we currenty have about 100 users in a.local, abd about 500 in
intratnet.t.ca

i'm still in the r&d (reading and discution) stages, but i have
started to accuire HW to build a lab

i plan on taking 2 machines, set them up as DC's from a.local and
intranet.t.ca, completely disconnect them from the production network
and run my lab from there. i'm not sure how to handle/add exchange
servers into the lab? build new ones? take a pp2v image of the
production servers? any good advise you can share with me will be
greatly appriciated

>
> As for co-existence, that is possible, but to merge, that is not in teh
> sense of the word. You can coexist the two forests with making specific
> internal MX records for each other, or if not too many users, do the
> migration over a weekend. However, it is complex as I mentioned, and time
> consuming to move mailboxes (depending on how many users and how large their
> mailboxes are), once you've performed the user account migration, as well as
> the computer account migration using ADMT.

i envsion this as 2 steps, 1 being admt to the users, workstations and
fileservers, the 2nd being to use the exchange move-mailbox, with
about 35gb of mailboxes, we are already prepared to do this over a
weekend.

> There are third party tools that
> can do the whole thing for you, as well, such as the Quest migration tools.http://www.quest.com/migration/

I looked a quest's tools, but they are for BIG migration, 15,000 user.


Thanks

Paul
Re: AD merge with exchange 2007 srv, can ADMT do it? [message #156401 is a reply to message #156359] Tue, 16 June 2009 11:55 Go to previous messageGo to next message
pgartner  is currently offline pgartner  Canada
Messages: 16
Registered: August 2009
Junior Member
On Jun 15, 7:24 pm, "Ace Fekay [Microsoft Certified Trainer]"
<ace...@mvps.RemoveThisPart.org> wrote:
> "Andrei Ungureanu" <myn...@mydomain.local> wrote in message
>
> news:eGSHYnf7JHA.5828@TK2MSFTNGP04.phx.gbl...
>
> > ADMT will do user and computer account migration. After that you will need
> > to move the mailboxes with the builtin exchange tools (yeap, in case you
> > did not knew that) and set the environment for coexistence until the
> > migration is complete.
> > The process too complex to be listed here. Do a search with google  for
> > "Exchange cross forest migration" and you will find some documentations..
> > Start building a virtual environment and test the migration steps.

i saw posts on intra-forest mailbox moves already, i was wasn't sure
if that i what i needed. the ADMT book does not talk much about the
exchange part. i was hoping that it would treat exchange just like any
other member server,,,, wishful thinking i guess


>
> This is a complex process to list out. I just did one two months ago for a
> 150 user system. There is some preparation establishing trusts, the ADMT
> process, SIDHistory to insure coexistence and they can use their old
> profiles with their new user account, then cross-forest Exchange
> permissions, then moving mailboxes. And that move mailbox tool, however nice
> it is, is complex and took some testing with test accounts and tweaking
> permissions, before getting it to work right.

> Then we PST'd the PFs, etc.

sounds like it is exactly what i need to do.. do you have notes/web
links, list of gotchas?


Thanks Paul
Re: AD merge with exchange 2007 srv, can ADMT do it? [message #156407 is a reply to message #156401] Tue, 16 June 2009 13:22 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"pgartner" <pgartner@ln-tech.com> wrote in message
news:0bd1110f-b8f1-4d46-8be2-99540c87c78a@w9g2000pro.googlegroups.com...
On Jun 15, 7:24 pm, "Ace Fekay [Microsoft Certified Trainer]"
<ace...@mvps.RemoveThisPart.org> wrote:
> "Andrei Ungureanu" <myn...@mydomain.local> wrote in message
>
> news:eGSHYnf7JHA.5828@TK2MSFTNGP04.phx.gbl...
>
> > ADMT will do user and computer account migration. After that you will
> > need
> > to move the mailboxes with the builtin exchange tools (yeap, in case you
> > did not knew that) and set the environment for coexistence until the
> > migration is complete.
> > The process too complex to be listed here. Do a search with google for
> > "Exchange cross forest migration" and you will find some documentations.
> > Start building a virtual environment and test the migration steps.

i saw posts on intra-forest mailbox moves already, i was wasn't sure
if that i what i needed. the ADMT book does not talk much about the
exchange part. i was hoping that it would treat exchange just like any
other member server,,,, wishful thinking i guess


>
> This is a complex process to list out. I just did one two months ago for a
> 150 user system. There is some preparation establishing trusts, the ADMT
> process, SIDHistory to insure coexistence and they can use their old
> profiles with their new user account, then cross-forest Exchange
> permissions, then moving mailboxes. And that move mailbox tool, however
> nice
> it is, is complex and took some testing with test accounts and tweaking
> permissions, before getting it to work right.

> Then we PST'd the PFs, etc.

sounds like it is exactly what i need to do.. do you have notes/web
links, list of gotchas?


Thanks Paul

Hi Paul,

I don't have a specific step by step procedure compiled at this time. I have
numerous notes on it but they are in various notepad docs, emails, etc, and
they are not compiled into one specific doc. I usually do put together step
by step docs such as this, to help folks in the newsgroups, but I haven't
yet with this procedure because besides being scattered and the procedure
having many facets, my notes are customer specific with domain names, user
accounts, passwords, etc, that it will take me some time to go through to
compile it into one doc, and I do apologize I am short on time to do
anything with this at this point. I am assisting with a startup company at
this point that is consuming most of my time. It's one of the things I've
been planning to do, but I just haven't got around to it.

Also, I believe you have a misconception about ADMT. ADMT is SOLEY to
migrate user accounts, group accounts, and computer accounts, with numerous
other features such as security translation for accounts and using the
SIDHistory option to allow new accounts in the new domain to access
resources in the old domain, among other things. It has NOTHING to do with
Exchange. You migrate the accounts first, because the user account must
exist first, then you perform an interforest mailbox move to the newly
created user account.

My suggestion is to read up and study ADMT to understand how it works and
what it does. I also suggest to migrate a test user account that is mailbox
enabled and see how it works for you. If it works for the one, it will work
for all of them.

Say for example, if you successfully migrated a user account, but having
difficulty with the movemailbox portion and have gone through as much as you
can do to get it to work, you can call Microsoft PSS and they will be glad
to assist you with a step by step and pretty much do it for you for the one
charge.

Here are some notes on ADMT and Exchange migration, but nothing specific as
to a step by step.

============================================================ ==========================================
ADMT to migrate into a new forest/domain:

ADMT Webcast:
http://support.microsoft.com/?kbid=325393

For 2003:
ADMT v3 Migration Guide
http://www.microsoft.com/downloads/details.aspx?familyid=D99 EF770-3BBB-4B9E-A8BC-01E9F7EF7342&displaylang=en

Active Directory Migration Tool v3.0
http://www.microsoft.com/downloads/details.aspx?familyid=6F8 6937B-533A-466D-A8E8-AFF85AD3D212&displaylang=en

Perform the Migration using ADMT (for Windows 2003 but can use it as a
guideline for 2008)
http://www.petri.co.il/active_directory_migration_tool_usage _w2k_windows_2003.htm


For 2008:

ADMT v3.1 Guide: Migrating and Restructuring Active Directory Domains
http://www.microsoft.com/downloads/details.aspx?familyid=6D7 10919-1BA5-41CA-B2F3-C11BCB4857AF&displaylang=en

Active Directory Migration Tool version 3.1
http://www.microsoft.com/downloads/details.aspx?familyid=AE2 79D01-7DCA-413C-A9D2-B42DFB746059&displaylang=en

Password Export Server version 3.1 (x86)
http://www.microsoft.com/downloads/details.aspx?familyid=F0D 03C3C-4757-40FD-8306-68079BA9C773&displaylang=en

Password Export Server version 3.1 (x64)
http://www.microsoft.com/downloads/details.aspx?familyid=5B4 E5C61-1C00-4DA7-9C0D-130200AED21A&displaylang=en

Domain Migration Cookbook - Index and Cover:
http://www.microsoft.com/technet/prodtechnol/windows2000serv /deploy/cookbook/cookintr.mspx

ADMT requires a two way trust between the forests - Create a trust between
the two forests
http://technet.microsoft.com/en-us/library/cc780479.aspx


If Exchange is involved:

If Exchange 2003 is involved, you can use the Exmerge tool.

If Exchange 2007 is involved, you would need to use the MoveMailbox method
from the source org to the target org after migrating user accounts.

This is a weak overview of the mailbox move:
http://itknowledgeexchange.techtarget.com/itanswers/inter-fo rest-exchange-migration-from-exchange-2003-to-exchange-2007/

How to Move a Mailbox Across Forests
http://technet.microsoft.com/en-us/library/aa997145.aspx

AD and Exchange Consolidation
http://itknowledgeexchange.techtarget.com/itanswers/ad-and-e xchange-consolidation/

Inter-Forest Migration/Consolidation
http://forums.techarena.in/active-directory/1135548.htm

Deciding to Consolidate Exchange Messaging Systems
http://technet.microsoft.com/hi-in/library/bb124206(en-us,EXCHG.65).aspx

Server Consolidation Recommendations
http://technet.microsoft.com/hi-in/library/aa998499(en-us,EXCHG.65).aspx

If using the Quest tools (recommended), read this for an idea of what to
expect, time per GB, etc
Thread: QMM throughput question
http://migration.inside.quest.com/thread.jspa?messageID=2724 3
============================================================ ==========================================

Ace
Re: AD merge with exchange 2007 srv, can ADMT do it? [message #156411 is a reply to message #156400] Tue, 16 June 2009 13:25 Go to previous message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"pgartner" <pgartner@ln-tech.com> wrote in message
news:c7efa02e-9fdd-4c1c-b583-f37f1954b334@z20g2000prh.googlegroups.com...
On Jun 15, 7:55 pm, "Ace Fekay [Microsoft Certified Trainer]"
<ace...@mvps.RemoveThisPart.org> wrote:
> "pgartner" <pgart...@ln-tech.com> wrote in message
>
> news:5a27a855-045f-46ec-98c2-fea6f70047aa@s1g2000prd.googlegroups.com...
>
> PGartner,
>
> How far have you got with establising a two way forest trust and testing
> migrating a test user account and then moving the mailbox? How many users
> are in each forest?

i have setup and external 2-way trust so far, and sid filtering is
enable (the wizzard does that by default) i think i have to remove
that right?

do i need to remove the external trust and build a forest trust?

we currenty have about 100 users in a.local, abd about 500 in
intratnet.t.ca

i'm still in the r&d (reading and discution) stages, but i have
started to accuire HW to build a lab

i plan on taking 2 machines, set them up as DC's from a.local and
intranet.t.ca, completely disconnect them from the production network
and run my lab from there. i'm not sure how to handle/add exchange
servers into the lab? build new ones? take a pp2v image of the
production servers? any good advise you can share with me will be
greatly appriciated

>
> As for co-existence, that is possible, but to merge, that is not in teh
> sense of the word. You can coexist the two forests with making specific
> internal MX records for each other, or if not too many users, do the
> migration over a weekend. However, it is complex as I mentioned, and time
> consuming to move mailboxes (depending on how many users and how large
> their
> mailboxes are), once you've performed the user account migration, as well
> as
> the computer account migration using ADMT.

i envsion this as 2 steps, 1 being admt to the users, workstations and
fileservers, the 2nd being to use the exchange move-mailbox, with
about 35gb of mailboxes, we are already prepared to do this over a
weekend.

> There are third party tools that
> can do the whole thing for you, as well, such as the Quest migration
> tools.http://www.quest.com/migration/

I looked a quest's tools, but they are for BIG migration, 15,000 user.


Thanks

Paul


Hi again, Paul,

Yes, it is a two step process. ADMT first, then mailboxes. Exchange 2007
must be installed in the new forest before you can do it. And yes, a forest
trust is advised without SID filtering. And glad to hear you are testing it.

Please see my other post, too.

Ace
Previous Topic:Re: windows 2008 and windows nt
Next Topic:How to Restrict Access MsPaint
Goto Forum:
  


Current Time: Wed Oct 18 01:45:42 EDT 2017

Total time taken to generate the page: 0.03669 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software