Source Forest: Exchange 2010
Target Forest: Exchange 2010
AD Functional Level: Both running at 2008R2
You have been given a chance to work on a project for cross forest migration for your company. In this article i will elaborate the step that you need to perform in order to do cross forest migration.
1. Active Directory trust is in place between both the organization
2. Exchange connectors have been setup for email flow internally.
Once you have AD Trust and Exchange connectors in place then the following steps needs to be performed to migrate users and exchange mailboxes from source forest to target forest
1. Install ADMT on target Exchange domain joined machine.
2. Install Password Export Service on source domain controller if you want to migrate users accounts with password.
3. Run ADMT to migrate user account along with Password and SID history
4. Enable MRS Proxy on all CAS servers in source exchange. You can enable enable MRS Proxy by running the Cmdlet
Set-WebServicesVirtualDirectory –Identity “EWS (Default Web Site)” –MRSProxyEnabled $True
5. Once MRSProxy is enabled, increase the timeout settings to 20 minutes from 1 minute. Go to
C:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\ExchWeb\EWS\ and open Web.Config file in notepad. After changing this. Reset IIS service. Now the source exchange forest is ready.
6. Run ADMT to migrate users accounts along with SID history and password.
6.1 Run ADMT and Choose User Account Migration Wizard
6.2 Choose Source Domain, Source Domain Controller and Target Domain from the wizard.
6.3 Choose ‘Select users from domain’
6.4 Add required user accounts
6.5 Select Target OU. Note: All users selected above will be migrated to this OU, if different OUs are required they will need to be migrated in different batches with the relevant OU
6.6 Select Migrate passwords
6.7 Select Target Account State: ‘Target same as source’, uncheck ‘Disable source accounts’ and uncheck ‘’Days until source accounts expire’. Check ‘Migrate user SIDs to target domain’
6.8 The first time ADMT is run, the following prompt appears. Select Yes
6.9 Enter user name, password and domain
6.10 Select required User options
6.11 Select ‘Exclude specific object properties from migration’ – choose Mail, Mailnickname and msExch*
6.12 Select ‘Do not migrate source object if a conflict is detected in the target domain’
6.13 Click Finish
6.14 Verify that users where copied and no errors. If there are error View Log and resolve errors.
After migrating user account with SID and password history you can see that user account is now enabled in AD and SID is visible in user attributes.
Exchange migration is assuming that User account has been migrated following steps above.
Create tarhet Mail User with @source.com SMTP address in Exchange management console. Prepare-MoveRequest in the next section uses SMTP address as one of it matching parameters.
Run Prepare-MoveRequest script on target exchange. PS cmdlets are as below
Run Prepare-MoveRequest command for each mailbox that will be migrated.
.\Prepare-MoveRequest.PS1 –identity email@example.com –RemoteForestDomainController “DC.source.com” –RemoteForestCredential $RemoteCred –LocalForestDomainController “DC.target.com” –LocalForestCredential $LocalCred –UseLocalObject -Overwritelocalobject –Verbose
Add Secondary SMTP address in target Exchange
Secondary @target.com SMTP address is required New-MoveRequest script in the next section.
@target.com secondary SMTP address can be added manually, through script or by modifying target Address Policy to include Mail User and the target OU.
Run New-MoveRequest to move the user mailbox
Run the following command on target Exchange EMS to move the user mailbox.
New-MoveRequest –Identity firstname.lastname@example.org –Remote –RemoteHostName “Exchange.source.com” –RemoteCredential $RemoteCred –TargetDeliveryDomain target.COM –TargetDatabase “DB Name” –BadItemLimit ‘10’
Once the mailbox is moved to target exchange server. User’s need to
1. Reconfigure their mobile device (s).
2. They won’t be able to access their emails through Source Exchange OWA. They can access emails using target OWA URL.
3. Their primary smtp address will be changed to target.
4. User will get a prompt on their outlook that “The Microsoft Exchange Administrator has made a change that requires you to quit and restart your outlook”. Once user restart outlook their outlook profile will be redirected.