Home > IT > Interforest Migration with ADMT 3.2 and Exchange 2010 interforest Migration

Interforest Migration with ADMT 3.2 and Exchange 2010 interforest Migration

Yesterday I had to migrate 25 users from our forest into a brand new forest and I was told to just create all the users on the new forest and export the mails to PST and import them into the new Exchange. But this is not me, I just wanted to migrate them as it is a while since I performed my last interforest migration.

So I prepared the target forest for migration by setting up the trust relationship between our forest and the target forest, delegated the rights on the remote forest for my administrative user and installed ADTM 3.2 on both forests as I was going to experiment migration from both forests.

Now, before you install ADMT 3,2 remember you will have to install SQL Express server. In my case I had the ADMT installed on Domain Controller instead of a member server. If this is your case also then do NOT install SQL Express 2008, just install SQL Express 2005 SP1 because the ADMT 3.2 will not work with SQL Express 2008 installed on the DC.

So first install SQL Express 2005 SP1 then install the ADMT.

Now, if you also plan on migrating the passwords and SID history from one forest to the other you will also need to further prepare the target and source domain for the migration. Please see this Technet article regarding preparation of the domain, and here is the Technet article regarding password migration domain preparation.

You will probably find many more guides on the internet on how to prepare the domain and groups and other small things.
After you install ADMT and you want to migrate also the Passwords then you will have to install also “Password Export Server”.

After you install PES you will have to create a KEY for password encryption. They key needs to be created on the TARGET domain and imported on the SOURCE domain.
So you will need to run this command on the TARGET domain :

admtkey /option:create /sourcedomain:<SourceDomain> /keyfile:<KeyFilePath> /keypassword:{<password>|*}

ADMTKEY example :

admtkey /option:create /sourcedomain:sourcedomain.local /keyfile:c: /keypassword:yourpassword

After you copy the key from the target domain to the source domain you will also have to IMPORT IT ! No article will tell you this. The PES key must be imported on the source domain by this command :

admt key /option:import /sourcedomain:sourcedomain.local /keyfile:key.pes

Only now START the “Password Export Server Service”.

If you are planing to migrate mailboxes as I did, DO NOT use ADMT to migrate them just yet. You will first need to use the Exchange 2010 Prepare-MoveRequest.ps1 script to prepare the source mailboxes for migration.

Open the Exchange Management console on the TARGET domain. Then add the Source Forest by right clicking the “Microsoft Exchange” and say “Add Exchange Forest”. Then add the remote (source exchange) forest.
Let’s say you want to migrate USER1 from S1 forest to T1 forest.

Open Exchange Management Shell on the T1 forest and type :

$LocalCredentials = Get-Credential

$RemoteCredentials = Get-Credential

Input the credentials for the local forest and remote forest.
.Prepare-MoveRequest.ps1 -Identity USER1 -RemoteForestDomainController dc1.sourcedomain.com -RemoteForestCredential $RemoteCredentials -LocalForestDomainController dc.targetdomain.local -LocalForestCredential $LocalCredentials -TargetMailUserOU “OU=YourTargetOU,DC=targetdomain,DC=local” -UseLocalObject

This will prepare USER1 mailbox for migration and prepare an USER1 object on the T1 forest.

Now you can migrate the USER1 from S1 to T1 by using ADMT 3.2 and MERGE objects, migrate SID history and EXCLUDE all this attributes from migration :


After migrating the user fire this command on the Target forest Exchange Management Shell :

New-MoveRequest -Identity “USER1” -RemoteLegacy -TargetDatabase “Mailbox” -RemoteGlobalCatalog “dc.sourcedomain.com” -RemoteCredential $Remote -TargetDeliveryDomain “targetdomain.local”

Now your mailbox will be migrated.

A very nice guide is presented here on the Exchange Team Blog. but not everything is lined out therefore I made this short guide.

If you have any questions please don’t hesitate to ask.

  1. Javeed Khan
    December 3, 2011 at 9:52 pm

    Clear and crisp information..

  2. Bryan Watt
    April 9, 2013 at 4:11 pm

    Can you still test migrate a user account like you can with just an AD migration and leave the user and the mailbox in the source for further testing? The source is Exchange 2007 and target is 2010.

  3. April 9, 2013 at 11:30 pm

    Yes, that is not a problem.

  4. Horacio D.
    July 20, 2014 at 6:41 pm

    Thanks for this post !!! very helpful !!!!

    One question: I follow your post on lab enviroment and every is fine about ADMT excludes, and I can perform the new-moverequest without problem (not invalid state). However there is a difrerence on the exclude attributes on your post and the other on your a refering (mail*).. I made the exclusions with the original post and I like to known if the asterisk is added on your post for some other reason ? or is necesary to add another attribute ??

    Thanks for your help !!!!



  5. July 20, 2014 at 8:46 pm

    “mail* ” should be in the exclusion list because there might be many attributes starting with “mail”

    • Horacio D.
      July 22, 2014 at 3:27 pm

      Thanks for your reply !!!!

      Regards !!!!

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: