About Me

My photo
These are blogs for John Weber. One of my joys in life is helping others get ahead in life. Content here will be focused on that from this date forward. John was a Skype for Business MVP (2015-2018) - before that, a Lync Server MVP (2010-2014). I used to write a variety of articles (https://tsoorad.blogspot.com) on technical issues with a smattering of other interests. I have a variety of certifications dating back to Novell CNE and working up through the Microsoft MCP stack to MCITP multiple times. FWIW, I am on my third career - ex-USMC, retired US Army. I have a fancy MBA. The opinions expressed on this blog are mine and mine alone.


Cross-forest E2010 user moves

The Issue

Recently, I had to migrate/move users from E2003 to E2010 cross-forest.  FIM took care of the basic user objects (MEU’s) in the new forest, so I developed the following.  It would seem that this process, while hinted at in various websites, blogs, and articles, was always sort of vague – and in my case the permissions referenced were not enough to complete the tasks.  The source object modifications failed.  As I was doing the moves with a domain admin/org admin in the target, I had no issues there.

The Solution

csv format

# remember to not have a trailing line feed after the last entry

# - it causes the script to loop on a blank line

# - you can also remove the database field and e2010 will distribute mailboxes automatically among the available databases






Perms needed

# The various texts indicate much less perms (recipient admin and local admin to the server) than I show here.

# These work much better!

Target: Domain Admin and Exchange Org Administrator

Source: Domain Admin and e2003 Full Admin

--- script follows ---

$SourceCredentials = Get-Credential

$TargetCredentials = Get-Credential

set-location "D:\program files\microsoft\exchange server\v14\Scripts"

import-csv d:\migrationcsvfiles\testusers.csv | foreach {.\Prepare-MoveRequest.ps1 -Identity $_.identity -RemoteForestDomainController whateveritis.domain.com -RemoteForestCredential $sourceCredentials -LocalForestDomainController whateveritis.domain.com -LocalForestCredential $targetCredentials -UseLocalObject}

# I noticed some random AD GUID errors when running both lines at once, so I started  the top four lines, then did not copy in the line return after the new-moverequest and things stop erroring. YMMV.

import-csv d:\migrationcsvfiles\testusers.csv | foreach {New-MoveRequest -Identity $_.identity -RemoteLegacy -TargetDatabase $_.database -RemoteGlobalCatalog whateveritis.domain.com -RemoteCredential $sourceCredentials -DomainController whateveritis.domain.com -TargetDeliveryDomain "domain.com"}


No comments:

test 02 Feb

this is a test it’s only a test this should be a picture