Chat now with support
Chat with Support

Reference Materials for Migration 8.15 - Tips and Tricks

Introduction Environment Assessment, Planning, and Testing Basic Migration Steps Considerations for Active Directory Migration and Resource Update Considerations for Exchange Migration Preferred Settings for the Directory Synchronization Agent Directory Synchronization Agent Placement Indexing Service Attributes Full Directory Resynchronization Conclusion Environment Preparation Checklist Exchange Migration without Trusts Active Directory Migration without Trusts

Step 12. Clean Up Service Attributes Used for Migration

Cleanup of service attributes used by the Directory Synchronization Agent during migration and synchronization can be performed by using the Active Directory Cleanup Utility for Quest Migration Manager, which is included in the Migration Manager for Active Directory Resource Kit.

Step 13. Decommission the Migrated Environments

This is the last step of the migration process. If all previous steps were successful, you can switch off your source domain controllers and re-use the freed-up hardware.

CAUTION:  Do not switch off or demote your source domain controllers if there are servers (Exchange, SQL, or other servers running specific applications and services) that are still members of the source domain. Perform decommissioning only when you are sure that there are no member servers or workstations currently accessed by users left in the source domain.

Exchange Migration

In multi-forest Active Directory deployments, users from several forests might have mailboxes in one Exchange organization. This deployment type is sometimes referred to as Exchange Resource Forest or Multiple Forests/Single Org.

CAUTION:  If you are performing calendar synchronization on Microsoft Exchange 2007, make sure that the Public Folder database exists in your Exchange 2007 environment.

The main characteristic of such deployments is that users have mailboxes that are not in the forest in which they get authenticated. Thus, security directory is separate from the Exchange directory.

Migration Manager supports migration and deployment of such configurations. The product will migrate the Exchange org in such a way that users get switched to the new messaging system while remaining in their existing forest from a security perspective.

However, this scenario described below can be used also when Active Directory migration has already been completed; that is, Active Directory objects and resources have already been migrated from the source to the target forest by means of the other migration tools, such as Microsoft Active Directory Migration Tool (ADMT), and all users already log on to the target domain. In this case also, only Exchange data must be migrated from the source to the target Exchange organization.

The Exchange Migration scenario is shown schematically in the figure below:

Figure 2: Overview of the Exchange migration process.

To migrate Exchange data, complete the following steps:

  1. Establish directory synchronization between the source and target domains. Configure the Directory Synchronization Agent to create disabled and mailbox-enabled user accounts in the target domain. Directory synchronization ensures that account properties and Global Address Lists (GALs) are identical in the source and target organizations. Directory synchronization also sets mail redirection so that mail is delivered to the mailbox currently used by the end user, regardless of which organization the mail is sent from.
  2. Start public folder and calendar synchronization. Establishing public folder synchronization ensures that changes made in one organization get replicated to the other, so users can share the same public folder space. Migration Manager also allows you to set calendar synchronization independently of mailbox migration. That way you can ensure that calendar information is also available for any user in any organization.
  3. Establish free/busy synchronization (optional). Free/busy synchronization enables users to schedule common activities. Migration Manager can synchronize free/busy information independently from other data and thus make sure that the information gets updated as close to real-time as possible.
  4. Synchronize mailbox data. When mailbox synchronization is launched, Migration Manager starts transferring the source mailboxes' content to the target mailboxes and synchronizing mailbox permissions.
  5. Switch to the new Exchange mailboxes. When a mailbox is switched, Migration Manager sets redirection to the opposite direction: all new mail sent to the old (source) mailbox is automatically forwarded to the new mailbox in the target organization. Migration Manager also marks the mailbox in a way that initiates the Outlook profile update at the user’s next logon.
  6. Update Outlook profiles. Migration Manager is shipped with the Profile Updating Utility (EMWProf), which handles Outlook profile update. After update the profile points to the target Exchange server and user mailbox. The majority of the properties stored in a profile are also get updated.
  7. Change the mail exchanger or alias records. Switch incoming SMTP traffic to the target Exchange bridgehead server when about 50 percent of the users have had their mailboxes switched to the target in order to optimize routing.
  8. Stop and uninstall the synchronization agents. When all mailboxes are migrated and switched, you can stop the synchronization. The following agents should be stopped and uninstalled:
    • Directory Synchronization Agents

    • Mailbox Synchronization Agents

    • Synchronization Agents

    • Public Folder Synchronization Agents

    • Free/Busy Synchronization Agents (if they were used)

  9. Clean up the additional SMTP addresses and service attributes. Clean up the additional SMTP addresses set for redirection purposes and the custom attributes of the target objects used during Exchange migration.

  10. Decommission the migrated environments.

Step 1. Establish Directory Synchronization

Step 1. Establish Directory Synchronization_EX

You always need to establish directory synchronization when you migrate user mailboxes from one Exchange organization to another. Configure the Directory Synchronization Agent to create disabled and mailbox-enabled user accounts in the target domain.

The initial directory synchronization creates new user accounts in the target domain and a mailbox for each user corresponding to a source mailbox. This should be completed for all source mailboxes you want to migrate to the new Exchange organization before any other activity is started, for the following reasons:

  • Directory synchronization is required to maintain a common Global Address List (GAL) for source and target Exchange organizations.
  • Synchronization of client permissions for mailbox folders and public folders depends upon the existence of mailbox-enabled users in the target domain.
  • Mailbox and calendar synchronization require that each source user has a corresponding mailbox in the target Exchange organization.

When the Directory Synchronization Agent creates a disabled account in the target domain that corresponds to the source user account, it automatically sets the source user account as the Associated External Account (i.e., the SID of the source user is added to the msExchMasterAccountSID property of the target user). This ensures that source users will be able to access all target Exchange resources with the old (source) accounts.

If security accounts have been created in the target domain prior to Exchange migration (Active Directory migration has been completed previously), you should configure the Directory Synchronization Agent to search for the matching objects in the target domain for each source object within the specified synchronization scope. The following matching rules can be used:

  • Account name – If the sAMAccountName attributes of the source and target object are the same, the objects will be matched.
  • SIDHistory – If the SIDHistory attribute of an object from one directory contains the SID of an object from another, the objects will be matched.
  • E-mail – This matching rule can be used if target objects were created mail-enabled. This is, for example, if Quest Collaboration Services was used and stub mail-enabled accounts were created by that product in the target domain. For mail-enabled objects, if source and target object have the same primary SMTP address, the objects will be matched.

All three matching rules are turned on by default. We recommend you select only those rules that are relevant for your previous migration and switch off the other rules that do not apply to your situation. For example, if you have migrated accounts and added SIDHistory to the target accounts, use the SIDHistory matching rule. If you have migrated accounts without SIDHistory but did not change the account names (source and target accounts have the same names), use matching by account name.

Directory synchronization sets mail redirection so that mail is delivered to the mailbox currently used by the end user, regardless of which organization the mail is sent from. The additional SMTP addresses are used for redirection. These addresses are generated upon the template you specify when you configure directory synchronization, and are automatically added to the source and target mailboxes.

Directory synchronization also ensures that account properties and Global Address Lists are identical in the source and target organizations.

Once the initial synchronization is completed, you can proceed to Step 2. However, directory synchronization should continue to run until the last user is migrated to the target Exchange organization. This ensures that changes made by the administrators in the source or target directory are automatically propagated to the other directory.

For more information about directory synchronization, see the Directory Synchronization topic.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating