Migrating active directory and exchange

[Fritz]

I need to find the least painless way to migrate active directory with about
20,000 users and an Exchange server to a new set of servers at a new
location. What's the best way to do this? I need to test the procedure
before the actual move?

Thank you!

 

[Meinolf Weber]

Hello Fritz,

Will you also change the domain name and install new version of windows?
What Operating system do you use now?

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

 

[Paul Bergson [MVP-DS]]

If you are building a new forest you can use the Active Directory Migration
Toolkit, that is free from Microsoft. This requires you to build a trust
between the source and destination forest.

ADMT
http://support.microsoft.com/default.aspx?scid=kb;en-us;326480

Download
http://www.microsoft.com/downloads/...7B-533A-466D-A8E8-AFF85AD3D212&displaylang=en

Webcast
http://support.microsoft.com/?kbid=325393

Trusts

To start would have to establish dns connectivity both ways, usually the
easiest thing to do would be to create secondary's of each others primary.
http://expertanswercenter.techtarget.com/eac/knowledgebaseAnswer/0,295199,sid63_gci1104911,00.html

Once established you can then go and create your external trust, I wouldn't
create a forest trust this established a two trust.

Creating an External Trust
http://technet2.microsoft.com/Windo...746e-4453-b879-804259aafdd31033.mspx?mfr=true

You would then look at running exmerge if you are looking at moving
mailboxes across

Download ExMerge
http://www.microsoft.com/downloads/...ec-dcdf-47dc-96da-1c12d67327d5&DisplayLang=en

ExMerge Details
http://support.microsoft.com/kb/174197


--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Fritz]

Hi Meinolf,
No, I don't have to chang ethe domain name and the OS is Windows Server 2003
on both ends.

Thank you!

 

[Fritz]

Hi Paul,
Building the trust between the forests can be problematic. Is there a way
to do this by backing up the data in one forest and restoring it another
(I'm greatly simplifying the process here, of course)?

Thank you!

 

[Paul Bergson [MVP-DS]]

No

You could run something like csvde to export user id's and then import them,
but then you will lose all of your security credentials.

http://www.ss64.com/nt/csvde.html

--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Fritz]

That's not going to work for me.
What do you think of the following procedure?
VPN in to the old site with a prospective DC in the new site, add the VPN'ed
system as a DC in the old AD (configure AD DNS and WINS and make it a GC),
wait for AD data to fully propagate to the new DC, disconnect the VPN, seize
the old DC's from AD and take it from there?

Thank you!

 

[Paul Bergson [MVP-DS]]

Are you trying to carve out a dc from the system? Basically a company is
divesting itself of a division, etc... Yes you can do this but there are
inherent dangers. For one Microsoft will NOT support it, if the two should
ever talk again, Microsoft would tell you to rebuild both from scratch. I
have done this before, but I understood that the two can NEVER talk to one
another again. This is an absolute must. It would be best if you could
post what exactly you want to accomplish.

--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Fritz]

The old site is being phased out completely. Instead of doing proper
demotion of the old DC's, etc. first... I would like to have a way of
testing everything at the new site before the actual cut-over date. So the
short answer is: the two sites will never talk to each other again.

Here's the full story:
We're ditching one hosting service in favor of another. Both the new and
the old site have 4 servers in them (App/Web server, Exchange server, SQL
server and a dedicated DC's - one of the other systems doubles as a backup
DC). We need to migrate the 4 machines by a specific date. I would like to
have pretty much everything (except SQL data and Exchange mail, obviously)
transferred over before the cut over data. The AD data won't change until
then so I can take care of that first. Once that's done, I'll make a backup
of Exchange and restore it at the new site. I have that procedure almost
working in a test environment (still working out a few kinks) with RUS not
generating e-mail addresses for the restored mailbox recipients. The web
server and SQL migration will follow.

 

[Paul Bergson [MVP-DS]]

Well I have an article on creating a test domain from your production that
would pretty much cover everything you would need to know.

See if this helps (Create a Test AD Domain)
http://www.pbbergs.com/windows/articles.htm


--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Fritz]

Thank you!

Well I have an article on creating a test domain from your production that
would pretty much cover everything you would need to know.

See if this helps (Create a Test AD Domain)
http://www.pbbergs.com/windows/articles.htm


--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no
rights.

 

[Denio]

"Fritz" <[email protected]> écrivait

Hi,

You can use an third part software as Ideal Migration that allows you to
migrate all your objects without creating a trust relationship between the
two domains.
Go to http://pointdev.com/en/ideal-migration/index.php for more details.
Don't hesitate to ask the tecchnical support about your project.

Regards.