After performing a Cross Org mailbox migration, administrators need to enable mail redirection from the source to the target forest. Even though GALSync remains the recommended tool for this purpose, the initial synchronization process can take some time which means that messages queued during the move and messages sent from users in the source forest before the contacts objects were created will NDR.
To address this issue, Exchange 2007 added to Move-mailbox a parameter called SourceMailboxCleanupOptions to determine what "source cleanup" will be done after the move.
For RTM, this parameter accepts 2 options:
- DeleteSourceMailbox: Deletes mailbox attributes from source user
- DeleteSourceNTAccount: Deletes source user AD object
These two options don't address completely the issue but allow easier scripting than we had in the Exchange 2003 days. To fully support our additional cleanup needs we have added 2 new options for this parameter in SP1:
- CreateSourceContact: Deletes source user AD object and creates a contact on the source forest that points to the mailbox just moved to the target forest
- MailEnableSourceAccount: Deletes mailbox attributes from source user and mail enables the source user so it points to the mailbox just moved to the target forest
Workaround for Exchange 2007 RTM: A cross org migration cleanup script
As I mentioned above, our RTM version has an improved but incomplete "cleanup" functionality. To help our customers to perform these cleanup options before Service Pack 1 is released, I have created a PowerShell script that provides similar functionality: It creates a mail enabled contact (when the option to delete the source user is used) or it can mail enable the user account (when the option to delete the source mailbox attributes is used).
It is worth noticing that this script has some limitations when compared to our SP1 move-mailbox task:
- It has to be executed from the source Forest
- Logging is not as detailed as the actual move-mailbox native log
- Since the script needs to be executed from the source Forest it will not work when the source Forest does not have a Exchange 2007 server installed
Here is an overview of the steps performed by the script:
- Pre-validates CSV and parameters
- Store data about mailboxes that will be moved to be used later
- Try to move all mailboxes. Check whether task was successful. If not, stop execution
- Use the newly moved mailbox primary SMTP address as the External email address
- If creating a contact:
- Creates contact object and uses mailbox display name as contact name
- Use mailbox alias as alias if creating contact
- Copy proxies from moved mailbox as secondary proxies
- Try to add target mailbox SMTP to proxy collection (it is necessary if address was calculated for a Ti target server)
- Add target mailbox LegDN as X500 to proxy collection
Here is an example of a mailbox migration using the script:
Step 1 – Create variables that hold credentials for source and target Forests
$source = get-credential
$target = get-credential
Step 2 – Create a csv file that contains information about the mailboxes you want to migrate (for example, mailboxes that have contain Paul in identity)
get-mailbox Paul* | export-csv C:\users.csv
Step 3 – Call script passing all necessary information:
C:\migrationCleanup>.\migrationCleanup.ps1 -SourceGlobalCatalog sourceServer.SourceDomain.com -SourceDomainController sourceServer.SourceDomain.com -DomainController targetServer.TargetDomain.com -GlobalCatalog targetServer.TargetDomain.com -NTAccountOU 'CN=Users,DC= TargetDomain ,DC=com' -ContactsOU "Users" -UsersFile "C:\users.csv" -TargetDatabase " targetServer \Mailbox Database" -SourceMailboxCleanupOptions DeleteSourceMailbox -SourceForestCredential $source -TargetForestCredential $target -TargetSMTPDomain "TargetDomain.com"
In this example, I had the following server configuration:
|
-SourceGlobalCatalog
|
sourceServer.SourceDomain.com
|
|
-SourceDomainController
|
sourceServer.SourceDomain.com
|
|
-DomainController
|
targetServer.TargetDomain.com
|
|
-GlobalCatalog
|
targetServer.TargetDomain.com
|
|
-NTAccountOU
|
'CN=Users,DC=FRICIB-dom,DC=extest,DC=microsoft,DC=com'
|
|
-ContactsOU
|
"Users"
|
|
-UsersFile
|
"C:\users.csv"
|
|
-TargetDatabase
|
" targetServer\Mailbox Database"
|
|
-SourceMailboxCleanupOptions
|
DeleteSourceMailbox
|
|
-SourceForestCredential
|
$source
|
|
-TargetForestCredential
|
$target
|
|
-TargetSMTPDomain
|
"TargetDomain.com"
|
Most parameters work the same way they do in move-mailbox. The exceptions are –ContactsOU, which determines where your source contact will be created and the parameter –TargetSMTPDomain, which is used when moving mailboxes to legacy Exchange servers. In these cases, the target SMTP address is stamped in the target mailbox by the RUS, which means it might not be present right away. Since we need that target address to be used as the –ExternalEmailAddress of the newly created source mail contact or mail enabled user, we will use the –TargetSMTPDomain parameter along with the alias of the source mailbox as a substitute for it.
Besides the limitations mentioned earlier (and all the optimizations I know you will come up with), this script should work just fine and allow you to avoid the large majority of NDRs for email sent during and after a Cross Org mailbox move.
You can get the migration cleanup script as an attachment to this blog post.
- Paul MacKnight
