Prepare Mailboxes for Cross-Forest Move Requests
[Dieses Thema ist in Bearbeitung.]
Letztes Änderungsdatum des Themas: 2010-01-28
Exchange 2010 supports remote mailbox moves via the New-MoveRequest cmdlet. This topic describes the prerequisites for moving a mailbox from one Exchange forest to another Exchange 2010 forest.
Hinweis
Exchange 2010 doesn't support moving an Exchange 2000 mailbox.
In order to run the New-MoveRequest cmdlet to move a mailbox from an Exchange 2003, Exchange 2007 and Exchange 2010 forest to another Exchange 2010 forest, the Exchange 2010 target forest must contain a valid mail enabled user with a specified set of Active Directory attributes.
Hinweis
If there is at least one Exchange 2010 Client Access server deployed in the forest, the forest is considered an Exchange 2010 forest.
For more information about remote mailbox moves and remote legacy moves, see Grundlegendes zu Verschiebungsanforderungen.
You can create the mail-enabled user with the required attributes in the target forest via a variety of Active Directory tools.
If you have deployed Identity Lifecycle Manager for cross-forest GAL synchronization, the recommended approach is to do this via ILM 2007 FP1 SP1. See KB 977791 (ILM 2007 FP1 SP1) to download the feature pack. We have created sample code that you can use to learn how to customize ILM to synchronize the source mailbox user and target mail user.
If you created the target mail user using an Active Directory tool other than ILM/MIIS, then you need to call the Update-Recipient <identity> cmdlet to run the Address List service to generate the LegacyExchangeDN for the target mail user. We have created a sample Powershell script that reads from and writes to Active Directory and calls the Update-Recipient cmdlet.
After creating the target mail user, you can then run New-MoveRequest to move the mailbox to the target Exchange 2010 forest.
For more information on remote move requests, see the following topics:
- Erstellen einer Remote-Legacyverschiebungsanforderung, wenn eine der Gesamtstrukturen nicht über Exchange 2010 verfügt
- Erstellen einer Remoteverschiebungsanforderung mit Exchange 2010 in beiden Gesamtstrukturen
- New-MoveRequest
What Do You Want To Do?
- Learn about the list of Active Directory user attributes required for a mailbox move request
- Use a Powershell script to configure Active Directory attributes
- Use ILM sample code to configure Active Directory attributes
List of Active Directory user attributes required for a mailbox move
In order to support online move mailbox, the mail user object in the target Exchange 2010 forest must have the following Active Directory attributes.
Mandatory Attributes
The table below lists the minimum set of attributes that need to be configured in ILM on the target mail user for New-MoveRequest to function correctly.
Mail User's attributes and required values
Mail User's Active Directory attribute | Required value |
---|---|
displayName |
Copy the corresponding attribute of the source mailbox or generate a new value |
Directly copy the corresponding attribute of the source mailbox |
|
mailNickname |
Copy the corresponding attribute of the source mailbox or generate a new value. |
msExchArchiveGUID and msExchArchiveName |
Directly copy the corresponding attribute of the source mailbox. Attributes are only available if the source mailbox is E2010. |
msExchMailboxGUID |
Directly copy the corresponding attribute of the source mailbox. |
msExchRecipientDisplayType |
-2147483642 (decimal) //equivalent to 0x80000006 (hex) |
msExchRecipientTypeDetails |
128 (decimal) /0x80 (hex) |
msExchUserCulture |
Directly copy the corresponding attribute of the source mailbox. |
msExchVersion |
44220983382016 (decimal) |
cn |
Copy the corresponding attribute of the source mailbox or generate a new value. |
proxyAddresses |
Copy source mailbox’s proxyAddresses attribute. Additionally, copy source mailbox’s LegacyExchangeDN as an X500 address in the proxyAddresses attribute of the target mail user.
Hinweis:
The proxyAddresses of the source mailbox user must contain a SMTP address that matches the authoritative domain of the target forest. This will allow New-MoveRequest to properly select the targetAddress of the source mail enabled user (converted from the source mailbox user after mailbox move request is complete) to ensure that mail routing is still functional.
|
sAMAccountName |
Copy the corresponding attribute of the source mailbox or generate a new value. Need to ensure that it is unique within the target forest domain that the target mail user belongs to. |
targetAddress |
Set to a SMTP address in the proxyAddresses attribute of the source mailbox. This SMTP address must belong to the authoritative domain of the source forest. |
userAccountControl |
Constant: 514 //equivalent to 0x202, ACCOUNTDISABLE | NORMAL_ACCOUNT. |
userPrincipalName |
Copy the corresponding attribute of the source mailbox or generate a new value. Since the mail user is logon disabled, this userPrincipalName is not used. |
Optional Attributes
Configuring the following attributes are not mandatory for New-MoveRequest to function correctly, but synchronizing them provide a better end-to-end user experience after moving the mailbox. Since the GAL in the target forest will display this target mail user, you should set the following GAL related attributes.
GAL properties
Mail User's Active Directory attributes | Description |
---|---|
c |
Directly copy the corresponding attribute of the source mailbox |
co |
Directly copy the corresponding attribute of the source mailbox |
countryCode |
Directly copy the corresponding attribute of the source mailbox |
company |
Directly copy the corresponding attribute of the source mailbox |
department |
Directly copy the corresponding attribute of the source mailbox |
facsimileTelephoneNumber |
Directly copy the corresponding attribute of the source mailbox |
givenName |
Directly copy the corresponding attribute of the source mailbox |
homePhone |
Directly copy the corresponding attribute of the source mailbox |
info |
Directly copy the corresponding attribute of the source mailbox |
initials |
Directly copy the corresponding attribute of the source mailbox |
l |
Directly copy the corresponding attribute of the source mailbox |
mobile |
Directly copy the corresponding attribute of the source mailbox |
msExchAssistantName |
Directly copy the corresponding attribute of the source mailbox |
msExchHideFromAddressLists |
Directly copy the corresponding attribute of the source mailbox |
otherHomePhone |
Directly copy the corresponding attribute of the source mailbox |
otherTelephone |
Directly copy the corresponding attribute of the source mailbox |
pager |
Directly copy the corresponding attribute of the source mailbox |
physicalDeliveryOfficeName |
Directly copy the corresponding attribute of the source mailbox |
postalCode |
Directly copy the corresponding attribute of the source mailbox |
sn |
Directly copy the corresponding attribute of the source mailbox |
st |
Directly copy the corresponding attribute of the source mailbox |
streetAddress |
Directly copy the corresponding attribute of the source mailbox |
telephoneAssistant |
Directly copy the corresponding attribute of the source mailbox |
telephoneNumber |
Directly copy the corresponding attribute of the source mailbox |
title |
Directly copy the corresponding attribute of the source mailbox |
Linked Attributes
A linked attribute is an Active Directory attribute that references other Active Directory objects in the local forest. You can't directly copy the linked attribute values from a mailbox in the source forest to a mail user in the target forest. You must find the Active Directory objects in the source forest that the source mailbox attribute refers to. You must find the corresponding Active Directory objects in the target forest for the above-mentioned Active Directory object in the source forest. And then, set the target mail user’s attribute to refer to the Active Directory objects in the target forest.
Linked attributes
Mail User's Active Directory attributes | Description |
---|---|
altRecipient (and it's backlinks) |
Correspond to the source mailbox’s altRecipient attribute. |
deliverAndRedirect |
Directly copy the corresponding attribute of the source mailbox. This attribute is a boolean value that should be set along with altRecipient. |
Manager (and it's backlinks) |
Correspond to the source mailbox’s manager attribute. |
MemberOf (backlinks) |
This is the back link of group member attribute. |
publicDelegates (and it's backlinks) |
Correspond to the source mailbox’s publicDelegates attribute. |
Linked Mailbox
If you want to move a mailbox to an Exchange 2010 resource forest, the mailbox in the resource forest is a linked mailbox. In this scenario, you will need to create a linked mail user in the (target) resource forest. To create a linked mail user, you need to set the following attributes.
Linked mailbox attributes
Mail User's Active Directory attributes | Description |
---|---|
msExchMasterAccountHistory |
Directly copy the corresponding attribute of the source mailbox. |
msExchMasterAccountSid |
If the source mailbox has msExchMasterAccountSid, then copy it. Otherwise, copy the source mailbox’s objectSid. |
msExchRecipientDisplayType |
Constant:-1073741818 (decimal) //equivalent to *unsigned* 0xC0000006. |
Hinweis
A linked mailbox can only be created if there is forest trust between the source forest and target forest.
If the source object is disabled and the msExchMasterAccountSid is set to self (resource mailbox, shared mailbox) do not stamp anything on the target user. RecipientDisplayType should be set to non ACL-able (second bit).
If the source object is disabled and the msExchMasterAccountSid is not set this is an invalid mailbox.
If the source object is enabled and the msExchMasterAccountSid is set, this is an invalid mailbox.
Resource Mailbox
If you want to move a resource mailbox to an E2010 forest, you will need to set the following attributes in the table on the target mail user.
Resource mailbox attributes
Mail User's Active Directory attributes | Description |
---|---|
msExchRecipientDisplayType |
If source mailbox is a conference room: Constant: -2147481850 (decimal) //equivalent to *unsigned* 0x80000706. If source mailbox is an equipment mailbox: Constant: -2147481594 (decimal) //equivalent to *unsigned* 0x80000806. |
msExchResourceCapacity |
Directly copy the corresponding attribute of the source mailbox. |
msExchResourceDisplay |
Directly copy the corresponding attribute of the source mailbox. |
msExchResourceMetaData |
Directly copy the corresponding attribute of the source mailbox. |
msExchResourceSearchProperties |
Directly copy the corresponding attribute of the source mailbox. |
Additional Attributes
The Exchange 2007 Move-Mailbox cmdlet also copied the following attributes when moving a mailbox. You can optionally copy these attribute if needed:
Resource mailbox attributes
Mail User's Active Directory attributes | Description |
---|---|
comment |
Directly copy the corresponding attribute of the source mailbox. |
deletedItemFlags |
Directly copy the corresponding attribute of the source mailbox. |
delivContLength |
Directly copy the corresponding attribute of the source mailbox. |
departmentNumber |
Directly copy the corresponding attribute of the source mailbox. |
description |
Directly copy the corresponding attribute of the source mailbox. |
division |
Directly copy the corresponding attribute of the source mailbox. |
employeeID |
Directly copy the corresponding attribute of the source mailbox. |
employeeNumber |
Directly copy the corresponding attribute of the source mailbox. |
employeeType |
Directly copy the corresponding attribute of the source mailbox. |
extensionAttribute1-15 |
Directly copy the corresponding attribute of the source mailbox. |
homePostalAddress |
Directly copy the corresponding attribute of the source mailbox. |
internationalISDNNumber |
Directly copy the corresponding attribute of the source mailbox. |
ipPhone |
Directly copy the corresponding attribute of the source mailbox. |
language |
Directly copy the corresponding attribute of the source mailbox. |
lmPwdHistory |
Directly copy the corresponding attribute of the source mailbox. |
localeID |
Directly copy the corresponding attribute of the source mailbox. |
mAPIRecipient |
Directly copy the corresponding attribute of the source mailbox. |
middleName |
Directly copy the corresponding attribute of the source mailbox. |
msDS-PhoneticCompanyName |
Directly copy the corresponding attribute of the source mailbox. |
msDS-PhoneticDepartment |
Directly copy the corresponding attribute of the source mailbox. |
msDS-PhoneticDisplayName |
Directly copy the corresponding attribute of the source mailbox. |
msDS-PhoneticFirstName |
Directly copy the corresponding attribute of the source mailbox. |
msDS-PhoneticLastName |
Directly copy the corresponding attribute of the source mailbox. |
msExchBlockedSendersHash |
Directly copy the corresponding attribute of the source mailbox. |
msExchELCExpirySuspensionEnd |
Directly copy the corresponding attribute of the source mailbox. |
msExchELCExpirySuspensionStart |
Directly copy the corresponding attribute of the source mailbox. |
msExchELCMailboxFlags |
Directly copy the corresponding attribute of the source mailbox. |
msExchExternalOOFOptions |
Directly copy the corresponding attribute of the source mailbox. |
msExchMessageHygieneFlags |
Directly copy the corresponding attribute of the source mailbox. |
msExchMessageHygieneSCLDeleteThreshold |
Directly copy the corresponding attribute of the source mailbox. |
msExchMessageHygieneSCLJunkThreshold |
Directly copy the corresponding attribute of the source mailbox. |
msExchMessageHygieneSCLQuarantineThreshold |
Directly copy the corresponding attribute of the source mailbox. |
msExchMessageHygieneSCLRejectThreshold |
Directly copy the corresponding attribute of the source mailbox. |
msExchMDBRulesQuota |
Directly copy the corresponding attribute of the source mailbox. |
msExchPoliciesExcluded |
Directly copy the corresponding attribute of the source mailbox. |
msExchSafeRecipientsHash |
Directly copy the corresponding attribute of the source mailbox. |
msExchSafeSendersHash |
Directly copy the corresponding attribute of the source mailbox. |
msExchUMSpokenName |
Directly copy the corresponding attribute of the source mailbox. |
otherFacsimileTelephoneNumber |
Directly copy the corresponding attribute of the source mailbox. |
otherIpPhone |
Directly copy the corresponding attribute of the source mailbox. |
otherMobile |
Directly copy the corresponding attribute of the source mailbox. |
otherPager |
Directly copy the corresponding attribute of the source mailbox. |
preferredDeliveryMethod |
Directly copy the corresponding attribute of the source mailbox. |
personalPager |
Directly copy the corresponding attribute of the source mailbox. |
personalTitle |
Directly copy the corresponding attribute of the source mailbox. |
photo |
Directly copy the corresponding attribute of the source mailbox. |
pOPCharacterSet |
Directly copy the corresponding attribute of the source mailbox. |
pOPContentFormat |
Directly copy the corresponding attribute of the source mailbox. |
postalAddress |
Directly copy the corresponding attribute of the source mailbox. |
postOfficeBox |
Directly copy the corresponding attribute of the source mailbox. |
primaryInternationalISDNNumber |
Directly copy the corresponding attribute of the source mailbox. |
primaryTelexNumber |
Directly copy the corresponding attribute of the source mailbox. |
showInAdvancedViewOnly |
Directly copy the corresponding attribute of the source mailbox. |
street |
Directly copy the corresponding attribute of the source mailbox. |
terminalServer |
Directly copy the corresponding attribute of the source mailbox. |
textEncodedORAddress |
Directly copy the corresponding attribute of the source mailbox. |
thumbnailLogo |
Directly copy the corresponding attribute of the source mailbox. |
thumbnailPhoto |
Directly copy the corresponding attribute of the source mailbox. |
url |
Directly copy the corresponding attribute of the source mailbox. |
userCert |
Directly copy the corresponding attribute of the source mailbox. |
userCertificate |
Directly copy the corresponding attribute of the source mailbox. |
userSMIMECertificate |
Directly copy the corresponding attribute of the source mailbox. |
wWWHomePage |
Directly copy the corresponding attribute of the source mailbox. |
Use a Sample Script Example to Configure Active Directory Attributes
You can download the sample remote Powershell script from the Prepare for Online M ailbox Move download page. For more information on using the sample script, see Prepare Mailboxes for Cross-Forest Moves Using the PrepareMoveRequest.ps1 script in the Shell.
Use ILM Sample Code to Configure Active Directory Attributes
One prescriptive way to set the above mentioned Active Directory attributes is using ILM 2007 FP1 SP1. See KB 97 7 791 (ILM 2007 FP1 SP1) to download the feature pack.
Hinweis
ILM 2007 has been updated. You must select whether the local forest is Exchange 2007 or Exchange 2010.
For Exchange 2010, you need to provide the Remote Powershell connection URI. Enter the URI of an Exchange 2010 Client Access server to make sure the Remote Powershell connection is functioning. The Exchange 2010 RPS URI should be in the following format: http://CAS_Server_FQDN/Powershell.
Provision GalSync Management Agent for Exchange 2010
Additionally, the credential that you use to make the Remote Powershell connection must have the appropriate RBAC permission to call Update-Recipient cmdlet. You can download the sample code from the Prepare for On l ine Mailbox Move download page. For more information on using the sample code, see Prepare Mailboxes for Cross-Forest Moves Using Sample Code.