Prepare Mailboxes for Cross-Forest Move Requests

[Dieses Thema ist in Bearbeitung.]

Letztes Änderungsdatum des Themas: 2010-01-28

Exchange 2010 supports remote mailbox moves via the New-MoveRequest cmdlet. This topic describes the prerequisites for moving a mailbox from one Exchange forest to another Exchange 2010 forest.

In order to run the New-MoveRequest cmdlet to move a mailbox from an Exchange 2003, Exchange 2007 and Exchange 2010 forest to another Exchange 2010 forest, the Exchange 2010 target forest must contain a valid mail enabled user with a specified set of Active Directory attributes. 

For more information about remote mailbox moves and remote legacy moves, see Grundlegendes zu Verschiebungsanforderungen.

You can create the mail-enabled user with the required attributes in the target forest via a variety of Active Directory tools.

If you have deployed Identity Lifecycle Manager for cross-forest GAL synchronization, the recommended approach is to do this via ILM 2007 FP1 SP1. See KB 977791 (ILM 2007 FP1 SP1) to download the feature pack. We have created sample code that you can use to learn how to customize ILM to synchronize the source mailbox user and target mail user.

If you created the target mail user using an Active Directory tool other than ILM/MIIS, then you need to call the Update-Recipient <identity> cmdlet to run the Address List service to generate the LegacyExchangeDN for the target mail user. We have created a sample Powershell script that reads from and writes to Active Directory and calls the Update-Recipient cmdlet.

After creating the target mail user, you can then run New-MoveRequest to move the mailbox to the target Exchange 2010 forest.

For more information on remote move requests, see the following topics:

• Erstellen einer Remote-Legacyverschiebungsanforderung, wenn eine der Gesamtstrukturen nicht über Exchange 2010 verfügt
• Erstellen einer Remoteverschiebungsanforderung mit Exchange 2010 in beiden Gesamtstrukturen
• New-MoveRequest

What Do You Want To Do?

• Learn about the list of Active Directory user attributes required for a mailbox move request
• Use a Powershell script to configure Active Directory attributes
• Use ILM sample code to configure Active Directory attributes

List of Active Directory user attributes required for a mailbox move

In order to support online move mailbox, the mail user object in the target Exchange 2010 forest must have the following Active Directory attributes.

Mandatory Attributes

The table below lists the minimum set of attributes that need to be configured in ILM on the target mail user for New-MoveRequest to function correctly.

Mail User's attributes and required values

Mail User's Active Directory attribute	Required value
displayName	Copy the corresponding attribute of the source mailbox or generate a new value
Mail	Directly copy the corresponding attribute of the source mailbox
mailNickname	Copy the corresponding attribute of the source mailbox or generate a new value.
msExchArchiveGUID and msExchArchiveName	Directly copy the corresponding attribute of the source mailbox. Attributes are only available if the source mailbox is E2010.
msExchMailboxGUID	Directly copy the corresponding attribute of the source mailbox.
msExchRecipientDisplayType	-2147483642 (decimal) //equivalent to 0x80000006 (hex)
msExchRecipientTypeDetails	128 (decimal) /0x80 (hex)
msExchUserCulture	Directly copy the corresponding attribute of the source mailbox.
msExchVersion	44220983382016 (decimal)
cn	Copy the corresponding attribute of the source mailbox or generate a new value.
proxyAddresses	Copy source mailbox’s proxyAddresses attribute. Additionally, copy source mailbox’s LegacyExchangeDN as an X500 address in the proxyAddresses attribute of the target mail user. Hinweis: The proxyAddresses of the source mailbox user must contain a SMTP address that matches the authoritative domain of the target forest. This will allow New-MoveRequest to properly select the targetAddress of the source mail enabled user (converted from the source mailbox user after mailbox move request is complete) to ensure that mail routing is still functional.
sAMAccountName	Copy the corresponding attribute of the source mailbox or generate a new value. Need to ensure that it is unique within the target forest domain that the target mail user belongs to.
targetAddress	Set to a SMTP address in the proxyAddresses attribute of the source mailbox. This SMTP address must belong to the authoritative domain of the source forest.
userAccountControl	Constant: 514 //equivalent to 0x202, ACCOUNTDISABLE | NORMAL_ACCOUNT.
userPrincipalName	Copy the corresponding attribute of the source mailbox or generate a new value. Since the mail user is logon disabled, this userPrincipalName is not used.

Optional Attributes

Configuring the following attributes are not mandatory for New-MoveRequest to function correctly, but synchronizing them provide a better end-to-end user experience after moving the mailbox. Since the GAL in the target forest will display this target mail user, you should set the following GAL related attributes.

GAL properties

Linked Attributes

A linked attribute is an Active Directory attribute that references other Active Directory objects in the local forest. You can't directly copy the linked attribute values from a mailbox in the source forest to a mail user in the target forest. You must find the Active Directory objects in the source forest that the source mailbox attribute refers to. You must find the corresponding Active Directory objects in the target forest for the above-mentioned Active Directory object in the source forest. And then, set the target mail user’s attribute to refer to the Active Directory objects in the target forest.

Linked attributes

Linked Mailbox

If you want to move a mailbox to an Exchange 2010 resource forest, the mailbox in the resource forest is a linked mailbox. In this scenario, you will need to create a linked mail user in the (target) resource forest. To create a linked mail user, you need to set the following attributes.

Linked mailbox attributes

If the source object is disabled and the msExchMasterAccountSid is set to self (resource mailbox, shared mailbox) do not stamp anything on the target user. RecipientDisplayType should be set to non ACL-able (second bit).

If the source object is disabled and the msExchMasterAccountSid is not set this is an invalid mailbox.

If the source object is enabled and the msExchMasterAccountSid is set, this is an invalid mailbox.

Resource Mailbox

If you want to move a resource mailbox to an E2010 forest, you will need to set the following attributes in the table on the target mail user.

Resource mailbox attributes

Additional Attributes

The Exchange 2007 Move-Mailbox cmdlet also copied the following attributes when moving a mailbox. You can optionally copy these attribute if needed:

Resource mailbox attributes

Use a Sample Script Example to Configure Active Directory Attributes

You can download the sample remote Powershell script from the Prepare for Online M ailbox Move download page. For more information on using the sample script, see Prepare Mailboxes for Cross-Forest Moves Using the PrepareMoveRequest.ps1 script in the Shell.

Use ILM Sample Code to Configure Active Directory Attributes

One prescriptive way to set the above mentioned Active Directory attributes is using ILM 2007 FP1 SP1. See KB 97 7 791 (ILM 2007 FP1 SP1) to download the feature pack.

For Exchange 2010, you need to provide the Remote Powershell connection URI. Enter the URI of an Exchange 2010 Client Access server to make sure the Remote Powershell connection is functioning. The Exchange 2010 RPS URI should be in the following format: http://CAS_Server_FQDN/Powershell.

Provision GalSync Management Agent for Exchange 2010

Additionally, the credential that you use to make the Remote Powershell connection must have the appropriate RBAC permission to call Update-Recipient cmdlet. You can download the sample code from the Prepare for On l ine Mailbox Move download page. For more information on using the sample code, see Prepare Mailboxes for Cross-Forest Moves Using Sample Code.