Archive for October, 2011

Interforest Migration with ADMT 3.2 and Exchange 2010 interforest Migration

October 28, 2011 1 comment

Yesterday I had to migrate 25 users from our forest into a brand new forest and I was told to just create all the users on the new forest and export the mails to PST and import them into the new Exchange. But this is not me, I just wanted to migrate them as it is a while since I performed my last interforest migration.

So I prepared the target forest for migration by setting up the trust relationship between our forest and the target forest, delegated the rights on the remote forest for my administrative user and installed ADTM 3.2 on both forests as I was going to experiment migration from both forests.

Now, before you install ADMT 3,2 remember you will have to install SQL Express server. In my case I had the ADMT installed on Domain Controller instead of a member server. If this is your case also then do NOT install SQL Express 2008, just install SQL Express 2005 SP1 because the ADMT 3.2 will not work with SQL Express 2008 installed on the DC.

So first install SQL Express 2005 SP1 then install the ADMT.

Now, if you also plan on migrating the passwords and SID history from one forest to the other you will also need to further prepare the target and source domain for the migration. Please see this Technet article regarding preparation of the domain, and here is the Technet article regarding password migration domain preparation.

You will probably find many more guides on the internet on how to prepare the domain and groups and other small things.
After you install ADMT and you want to migrate also the Passwords then you will have to install also “Password Export Server”.

After you install PES you will have to create a KEY for password encryption. They key needs to be created on the TARGET domain and imported on the SOURCE domain.
So you will need to run this command on the TARGET domain :

admtkey /option:create /sourcedomain:<SourceDomain> /keyfile:<KeyFilePath> /keypassword:{<password>|*}

ADMTKEY example :

admtkey /option:create /sourcedomain:sourcedomain.local /keyfile:c:\ /keypassword:yourpassword

After you copy the key from the target domain to the source domain you will also have to IMPORT IT ! No article will tell you this. The PES key must be imported on the source domain by this command :

admt key /option:import /sourcedomain:sourcedomain.local /keyfile:key.pes

Only now START the “Password Export Server Service”.

If you are planing to migrate mailboxes as I did, DO NOT use ADMT to migrate them just yet. You will first need to use the Exchange 2010 Prepare-MoveRequest.ps1 script to prepare the source mailboxes for migration.

Open the Exchange Management console on the TARGET domain. Then add the Source Forest by right clicking the “Microsoft Exchange” and say “Add Exchange Forest”. Then add the remote (source exchange) forest.
Let’s say you want to migrate USER1 from S1 forest to T1 forest.

Open Exchange Management Shell on the T1 forest and type :

$LocalCredentials = Get-Credential

$RemoteCredentials = Get-Credential

Input the credentials for the local forest and remote forest.
.\Prepare-MoveRequest.ps1 -Identity USER1 -RemoteForestDomainController -RemoteForestCredential $RemoteCredentials -LocalForestDomainController dc.targetdomain.local -LocalForestCredential $LocalCredentials -TargetMailUserOU “OU=YourTargetOU,DC=targetdomain,DC=local” -UseLocalObject

This will prepare USER1 mailbox for migration and prepare an USER1 object on the T1 forest.

Now you can migrate the USER1 from S1 to T1 by using ADMT 3.2 and MERGE objects, migrate SID history and EXCLUDE all this attributes from migration :


After migrating the user fire this command on the Target forest Exchange Management Shell :

New-MoveRequest -Identity “USER1” -RemoteLegacy -TargetDatabase “Mailbox” -RemoteGlobalCatalog “” -RemoteCredential $Remote -TargetDeliveryDomain “targetdomain.local”

Now your mailbox will be migrated.

A very nice guide is presented here on the Exchange Team Blog. but not everything is lined out therefore I made this short guide.

If you have any questions please don’t hesitate to ask.