Recently we were approached by a long-time client who was merging with another company, and they had mutually decided to keep the other company’s internal domain, which would force our client to migrate to their domain. They also wanted to upgrade from Exchange 2003 to Exchange 2007 at the same time, which proved lucky for us as I will explain later. In this post there are links to articles to help planning for a migration of this level easier.
The first part that will need to be done is to set up a trust between the two domains, this is required for the migration. This will most likely take two steps: Configuring a site-to-site VPN between the two sites, and then configuring the two-way trust within Active Directory.
After that, we installed our new Exchange 2007 server on the domain to be migrated to. This being the first 2007 Exchange server in the environment, it obviously required extending the Active Directory Schema to support Exchange 2007.
Next, use the Active Directory Migration Tool (ADMT) to migrate users and computers to the new domain. The way that we pursued this was to install the ADMT on a domain controller in their old domain and run the tool entering credentials for the new domain as we went. What I found doing this was that it was best to migrate users first keeping the SID of the user, because when you move the computers it actually resets permissions on the computer that it is migrating looking for the user SID in the new domain and assigning permissions appropriately based on what they were in the old domain. Migrating users essentially exports all user information for the specified users in the old domain and imports it into the new domain wherever you would like it to end up. Migrating Computers actually downloads a small client to the computer to be migrated, which then resets all of the permissions and adds it to the new domain. Be careful of firewalls and antivirus software, as this can seriously ruin your day if not disabled during this migration. The process took anywhere from 15 minutes to 1 hour per workstation, but all workstations can be done simultaneously. There is more information in the link below.
Then we backed up all Group Policy Objects in the domain to be migrated from, imported them into the domain to be migrated to, and applied them to the OU containing the users for the location we were supporting.
Now we were on to the fun part, migrating user’s mailboxes across domains. It is lucky that the organization wanted to move to Exchange 2007 at the same time, as it is possible to migrate directly from the Exchange server in the domain to be migrated from to the Exchange server in the domain to be migrated to by using the Exchange Management Shell. If we would have been going from Exchange 2003 to Exchange 2003 we would have been forced to use a much less easy method. Below is the script that I used to migrate this company, which will prompt for a source domain username/password, as well as a destination username/password. It won’t work for everyone, so below that is a link to the usage of the Move-Mailbox command.
$SourceCredential = Get-Credential
$TargetCredential = Get-Credential
Move-Mailbox -TargetDatabase "<new exchange server>First Storage GroupMailbox Database" -Confirm:$False -Identity Support.Response -GlobalCatalog <domain controller in destination domain> -SourceForestGlobalCatalog <domain controller in previous domain> -NTAccountOU "OU=<OU where migrated users are>,DC=<destination domain>,DC=<root>" -SourceForestCredential $SourceCredential -TargetForestCredential $TargetCredential