Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

Summary of Microsoft mailbox cross-forest migration project

2025-04-06 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Share

Shulou(Shulou.com)06/02 Report--

Customer requirements

Migrate the mailbox account installed to SubCom (UPN: subcom.com) of a.com Forest Branch to another b.com.cn mail server

Two-sided configuration:

A.com

Win2012 R2 2008R2 domain control

Exchange 2010 sp2

CAS 2 sets MAILBOX 2 sets

B.com.cn

Win2008 R2 2008R2 domain control

Exchange 2010 sp3

First of all, establish forest trust

Configure DNS forwarding on both sides

DNS forwarding is fine, but trust cannot be established. It is actually caused by the name of netibios. It is recommended to configure hosts on the two main DNS servers (domain control).

Format: ip hostname dns domain name

Restart the DNS service

Run ipconfig / flushdns

two。 Install ADMT 3.2on the b.com.cn domain control

2.1 forget the installation steps

Generally speaking, a single OU migrates from a single OU to a single OU, which retains the ou structure, but the workload is large, so it is necessary to build OU--- > graphical interface migration first, and a large number of ou and users have a very large workload.

2.2 Command line mode

Use the following command-- the specific meaning command admt user.

Admt user / sd:a.com / sdc:dc.a.com / so: "SourceParentOU/SubComou/" / td:b.com.cn / tdc:dc.b.com.cn / to: "TargetParentOU/SubComou" / pf:password.txt / mgs:yes / fgm:yes / co:ignore / d:recurse+maintain

In this way, users, groups and sub-ou under SubcomOU can be migrated at one time (SubComou is built in the destination forest first)

2.3 password issues

My password migration PES service destination domain key does not recognize 2012 of this time, so the password will not be migrated.

In addition, the destination domain b.com.cn is a complex password policy and an a.com simple password policy, so there is no migration.

In this way, the complex password generated by admt is rather messy. I think it is better to use the following script to modify a password and let the client modify it itself.

Get-aduser-searchbase "ou=SubComou,ou=Target ParentOU,dc=b,dc=com,dc=cn"-searchscope subtree-filter * | set-adaccountpassword-newpassword (convertto-securestring "P@ssw0rd2017"-asplaintext-force)

2.4 all the accounts migrated change their passwords for the first time.

The password is valid forever.

Dsquery user-limit 0 ou=SubComou,ou=TargetParentOU,dc=b,dc=com,dc=cn | dsmod user-pwdneverexpires yes

2.5 UPN issu

Can be modified later

PowerShell modifies UPN in batch

$OU='ou=SubComou,ou=TargetParentOU,dc=b,dc=com,dc=cn'

$NewUPN='@b.com.cn'

$Users=Get-ADUser-filter *-SearchBase $OU

ForEach ($User in $Users) {$UPN= ($User.UserPrincipalName) .split ('@') [0] + $NewUPN

Set-ADUser-Identity $User.SamAccountName-UserPrincipalName $UPN}

3. Mail attribute generated by user in destination forest

3.1 get user list (source a.com exchange)

Get-Mailbox-OrganizationalUnit "ou=SubComou,ou=SourceParentOU,dc=a,dc=com" | select sAMAccountName,WindowsEmailAddress | Export-Csv C:\ user\ TempUserList.csv

3.2 Enable mail attribut

Import-Csv C:\ TempUserList.csv | ForEach-Object {Enable-MailUser-Identity $_ .SamAccountName-ExternalEmailAddress $_ .WindowsEmailAddress}

4. Prepare for migration

In b.com.cn ems

$SourceCredential = Get-Credential a.com\ administrator (or administrative privileges)

Get-Mailbox-OrganizationalUnit "ou=SubComou,ou=SourceParentOU,dc=a,dc=com" | select DistinguishedName | Export-Csv C:\ user\ UserList.csv

Pay attention to the title and pay attention to "" (10 million)

Cd "C:\ Program Files\ Microsoft\ Exchange Server\ V14\ Scripts"

Import-Csv C:\ UserList.csv | ForEach-Object {.\ Prepare-MoveRequest.ps1-Identity $_ .DistinguishedName-RemoteForestDomainController dc.a.com-RemoteForestCredential $SourceCredential-UseLocalObject}

5. Migration (remote)

In b.com.cn ems

$RemoteCredentials=Get-Credential fosungroup\ starcapitaladmin

Import-Csv C:\ TempUserList.csv | ForEach-Object {New-MoveRequest-Identity $_ .WindowsEmailAddress-RemoteLegacy-TargetDatabase DB01-2017-11-RemoteGlobalCatalog 'dc.fosungroup.com'-RemoteCredential $RemoteCredentials-TargetDeliveryDomain' b.com.cn'}

Migrate in this way

6. Client issu

Smtp mode

Owa mode

Exchange mobile phone and client reconfiguration

It's almost over.

Summary: 1. Password pes key 2012 and 2008 problem password cannot migrate 2.admt graphics-command read manual 3.emc graphical interface migration cross-forest problem-version of sp2 and sp3 causes emc forest cannot be added-- > ems mode

Reference: http://www.exchangecn.com/exchange2010/20141130_522.html

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Servers

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report