Tag Archives: cross forest

LepideMigrator for Exchange (LME)

Exchange 2003, Exchange 2007, Exchange 2010, Exchange 20131 Comment

Exchange migration involves a lot of effort and time; it is one of the most complex migrations to perform. After doing tons of exchange migration, I realized that not every environment is the same and not every migration is the same. During an exchange migration, everyone’s mailbox will be moved from one version of Exchange to the latest version or to the other organization. With the upgrade of Exchange servers, it is important that client outlook version is also upgraded to the latest level or to the level of Exchange servers. Thus, in a way everyone has to undergo some kind of changes with learning, while adopting a new Exchange environment into the organization.

LepideMigrator for Exchange (LME) is the new latest Exchange migration tool from Lepide which helps in performing a migration from one Exchange Environment to another which is either located locally or another network or even in the Office 365 or Exchange hosted solution in the cloud environment. It supports different migration scenarios, like

· Exchange 2003 / 2007 and Exchange 2010

· Exchange 2003 / 2007 and Exchange 2013

· Exchange 2010 and Exchange 2013

· Migration from any Exchange Server to Office 365

· Public Folder Migration

· Intra-forest Exchange Migration

· Cross-forest Exchange Migration

Given below are a few interesting features of the products.

1. Innovative technique to migrate the large number of mailboxes from source Exchange server to the target which enhances the performance. It can be installed on multiple computers and increase migration volume depending on the requirement. We can also schedule the mailbox move by creating schedule jobs. It provides rich filtering options to filter unwanted email and migrate only necessary email to the target and can also provide the option to undo or rollback the mailbox migration, if necessary.

2. Exchange migration is a time-consuming process which needs a lot of effort and time. To reduce the migration efforts, we can sync the complete source mailbox to the target much ahead of time and just do an incremental sync only before the final cutover. This helps in avoiding any kind of data loss and outage to the users.

3. Report is very important for the migration and helps in tracking migration history and plan for the future migration. Notification helps administrator to notify the status of the migration status with email alerts for the job status, job completion, or job cancelation.

Migrations of the mailbox using LepideMigrator for Exchange is a very easy process and let’s understand on how easy it is to configure and to migrate a mailbox from one forest to another.

Given below is the Setup of my lab

1. Source forest Green.com

2. Target Forest blue.com

3. Creating DNS forwarding and trust between green.com and blue.com

Given below is a step-by-step instruction to perform cross forest migration.

1. Install LepideMigrator for Exchange at the source or target forest. In this scenario, the tool is installed on the source forest green.com. It is installed on the Windows 7 machine with outlook client installed

2. To perform the configuration, start the LepideMigrator for Exchange, Right click on All projects -> click on ‘Add Project’ -> provide the name to the Mailbox migration project

3. Then, create the new Job for the mailbox migration and provide the name for the same and click on ‘Next’

4. Connect to the source forest domain control by providing the IP address and administrator credentials. Then click on ‘Next’

5. Select all the necessary required users to migrate into the target domain and click on ‘Next’

6. Input the target domain controller IP address and the admin credentials. Make sure to specify ‘Different Domain’ for cross forest migration scenario and then click ‘Next’. You can also pull down ‘Migrate To’ to select the different options like same domain or office 365.

7. It also provides the filters to include or exclude the message based on date and folder. Click on ‘Next’ to continue

8. Here, we need to map the source mailbox with the target forest mailbox. It provides the option to map the source mailbox to target pre-created mailbox automatically. If not, we could provide the CSV file specifying the source and target mailbox mapping.

9. Another option could also be to create the target mailbox using the tool itself. Select all the source mailbox and click on message icon, then click on ‘Start’.

10. Once the target mailbox is created, then you could see the mapping done automatically for each of the source mailbox with the target. Click on ‘Next’ to continue.

11. Specify option to Skip the Bad item count or if you just want to do only the mailbox content synchronization, and then click on ‘Next’.

12. Specify the email address to receive various notifications for Job start, Job stop, Job completion, mailbox migration start / finish etc.

13. Notification configuration needs the SMTP address and other necessary configurations. Please provide the same and continue with the ‘Next’.

14. Specify the time duration to deny or permit the migration for the specific time period. It is important to make sure that migration is not done at the production hours, which could have the user performance impact. Click on ‘Next’ to continue.

15. Then schedule the migration depending on the requirement and click on ‘Next.

16. Finally, verify the summary details and click on ‘Finish’ to complete the Job creation.

17. It’s now the time to generate the license file and upload it to http://www.lepide.com/lepide-migration-for-exchange. It generates the generate activation file, download the import it to activate the same.

18. Once the license is activated, we are ready to start the mailbox migration by right clicking on the Job and select the option ‘Start Job’.

Report Console

1. Report console helps to generate the migration statistics report. It helps to analyze the migration details and also to track the status. This report has the complete statistics of the migration performed using the server. It has details of number of jobs, with the domain details and the Exchange version specifications.

To start the report console

2. Start the LepideMigrator for Exchange

3. Click on tool -> click on Report Console

4. Login with the account and password as ‘lepadmin’

5. To understand the details of each of the migration job, click on the Job name. It gets the detailed information with number of mailboxes, total folders, migrated messages and status. Below is the reference screen shot.

6. You could also generate some quick reports in html or pdf file using the options available in the bottom left corner of the LepideMigrator for Exchange tool.

Conclusion:

This migration could take some time depending upon factors like the size of the source mailbox, bandwidth, source and target server performance, etc. Migration using a ‘LepideMigrator for Exchange’ is much simpler to configure and manage than a native migration tool. It provides option to migrate the account with SID History and also copy the password from the source to target account, which is very important for the cross forest migration scenario. It also provides option to migrate public folders and also apply the settings like mailbox rights, send as permission, public folder administration rights send on behalf, message delivery restriction, and public folder client permission.

I believe, LepideMigrator for Exchange is a compressive tool to perform migration under various scenario. This tool has all the features to perform end to end migration.

You can find the detailed information about the tool at http://www.lepide.com/exchangemigrator/ and  also download the trial version from http://www.lepide.com/exchangemigrator/download.html

ADFS Claim based Authentication for SharePoint with Cross forest authentication

ADFSLeave a comment

 

Wonderful in-depth setup by step instruction to configure ADFS Claim based authentication for SharePoint with cross forest authentication by Jay Simcox from summit7systems.com

 

Part 1: The Beginning

Part 2: Installing and Configuring AD FS 3.0

Part 3: Configuring SharePoint 2013 for ADFS

Part 4: Troubleshooting

Part 5:Authentication Across Multiple Forest

Active Directory Cross Forest Migration from Active Directory 2003 to Active Directory 2008 – Part 1

Active Directory, Exchange 2007, Exchange 2010Leave a comment

When we say cross forest ad migration then the first thing which comes to the mind is Active Directory Migration Tool. It’s a free and very easy and powerful tool from Microsoft. Doesn’t look very fancy but does its task. There are various tools available in the market to perform cross forest migration but at we will talk about ADMT and its features and how we can use it. Before you work on ADMT in the production, you need to perform through understanding of the ADMT, test it in the lab and then it to the production.

Note: Not performing through testing can be distractive for the users. Users may lose password, lose share access and you will be in trouble.

ADMT features

1. It provide various wizards to migrate User accounts, computers accounts, service accounts, Group

2. Migrate Sid History which helps user to maintain the access to network share, application and other services even after the user been migrated to different forest

3. Migrate password form source forest to target forest.

                                                      

Red.com Green.com

Current Lab Setup

Red.com DomainGreen.com Domain
Domain controller (windows 2003) Domain controller(windows 2008)
following Software installed in Source domain controller
PES 3.1(Password Export Server)   		Domain member Server(windows 2003)
following Software installed
ADMT 3.0(Active directory migration tool)
.net Framework version 2.0
SQL 2005 with latest service pack

Installation of ADMT tool on the Domain member Server

Please follow the below process order to install prerequisites and ADMT. If you have domain member server is windows 2008 or Windows 2008 R2 then you can install the latest version of the ADMT 3.1 or 3.2 respectively. In my lab I have the domain member server as widows 2003 so I am forced to install ADMT 3.0

  1. Install Microsoft .NET Framework Version 2.0 Redistributable Package (x86)
  2. Install SQL 2005
  3. Install Latest SQL service pack
  4. Install ADMT tool and accept the default database selection (If SQL 2005 is not installed prior to installing ADMT tool then it will automatically install Microsoft SQL Server Desktop Edition)

DNS Configuration between forests

DNS Configuration is a one of the primary requirement to communicate between two forests

DNS can be configured in two ways, either by creating secondary zone or forwarders. Configuring forwarders is much easier then creating secondary zone. Secondary zone has a read-only copy of the particular domain but forwarders are just forward the request to the target domain. Response to the DNS request is much faster in secondary zone than forwarders

Let me show you show to create secondary zone.

  1. Login to Green.com Domain controller
  2. Access DNS Manager
  3. Right click on the forward lookup zone and select New zone and click on Next

Figure 1. Creating new Zone

   4. Select Secondary zone and click on Next

Figure 2. Creating new Secondary Zone

   5. Provide the target domain name and click on Next

Figure 3. Providing DNS Zone name

6. Provide red.com DNS server IP address and click on Next and click on finish to complete the configuration

Figure 4. Configuring with Master DNS server of red.com

7. Need to follow the above same process (1 to 6) on the red.com DNS server to create the secondary zone for green.com domain

Cross forest trust configuration

1. Connect to the Target domain controller (green.com) and access Active directory domain and trusts from the Administrative tools

2. Right click on Active directory Domain and trusts and click on properties.

Figure 5. Starting with Trust configuration

3. Select the Trust Tab and click on new Trust and select next on welcome screen

Figure 6. Trusts tab to start the new trust configuration between forests

4. Provide the trust name with the source domain red.com and click on next

Figure 7. Domain name which you wanted to trust

5. Select external trust, as you cannot create cross forest trust between AD 2003 and AD 2008 and click on next

Figure 8. Configuring External trust

6. Select “two way” trust and click on next

Figure 9. Selecting Two-way trust option

7. Select the option “both this domain and the specified domain”

Figure 10. Option to select trust on both from red.com and green.com

8. Input the source (red.com) account which has administrative privileges and click on next

Figure 11. Passing account having administrative privileges on red.com

9. Select “Domain-Wide authentication” for red.com and click on next

Figure 12. Selecting Domain-wide authentication on outgoing trust for local domain

10. Domain wide authentication for the local domain and click on next

Figure 13. Selecting Domain-wide authentication on outgoing trust for specified remote domain

11. Select “yes, confirm the outgoing trust”

Figure 14. Confirmation to create outgoing trust

12. Select “Yes, confirm the incoming trust” and next and click on finish the configuration.

Figure 15. Confirmation to create incoming trust

13. Successfully created outgoing and incoming external trust between both the forest

Figure 16. Successful status of external trust creation.

 

 

I hope you like this part of the article will soon come up the other parts of the articles.

Microsoft Exchange 2003 to Exchange 2010 Cross Forest migration in Brief

Exchange 20074 Comments

I wanted to write this article from a very long time and unfortunately I could not make it up. Today I decided to write this in just few lines and come back with in-depth details. Migration from One platform to other is not easy and it needs lots of planning , efforts and times. Things can go wrong at every step but just don’t give up, don’t give up, don’t give up…

  • Prepare new AD forest and Install exchange 2010 in the new forest. Exchange 2010 can also be a different organization due to merger and acquisition. 
  • Migration cannot happen over night and its important that we make necessary configuration that users from both the forest are able to send and receive emails and they are able to see Global Address book of each other and more importantly free busy information is synchronized.  

  • Configure mail flow between exchange 2003 and exchange 2010 using SMTP connectors for exchange 2003 and Send and receive connectors for exchange 2010

  • Configure FIM 2010 or ILM 2007 for GAL synchronization between exchange 2003 and exchange 2010

  • Configure Inter org replication tool to share free busy information between exchange 2003 to Exchange 2010

  • GAL sync will create Mail Enabled contacts(MEU) in the target forest,  for each mailboxes in the source forest. With Custom code, FIM/ILM can also create mail enabled users(MEU) in the target forest instead of mail enabled user

  • If only Mail enabled users are created using FIM/ILM then you can use Prepare- MoveRequest.ps1

  • Prepare-MoveRequest.ps1 will convert the mail enabled contacts to mail enabled users and it will also disable the user and it will copy the follow attributes to the destination mail enabled user – legacyExchangeDN, mail, mailnickname, msExchmailboxGuid, proxyAddresses, X500, targetAddress, userAccountControl, userprincipalName

  • Prepare a server for installation of ADMT(Active directory migration tool).  This tool will help to get the SID History and export the password of source account to destination

  • SID History is to maintain the access of users resources on the target domain and Password export server will help in exporting the password form source account to the destination account

  • I think you are all set now to move the mailbox from the exchange 2003 to exchange 2010 using the Powershell cmdlet

I think this the quick summary process of migration from exchange 2003 to exchange 2010. I am very eager to write this complete article in details. I will come back soon on this soon 🙂