admt issues 3

[jdahlheimer]

I have read many posts on this forum on this issue but none of them seem to answer my question quiet right. Anyway I have a windows server 2000 box with exchange 2003 running right now. I would like to migrate all the users and there email accounts over to a server 2003 with exchange 2003 box. I have done all the trusts adding administrators of both domains to each other. I even disable sid filtering but the problem is here. With admt. I have read this article

http://support.microsoft.com/?id=328871

that says to use admt to bring users and there sid over then use exchange migration to bring over there mail over. Well here is the log for admt after it gets done.


-------------------------start log file-----------------
[Settings Section]
Task: User Migration (36)
ADMT Console
User: MASONBROS\Administrator
Computer: mbccore.masonbros.local (MBCCORE)
Domain: masonbros.local (MASONBROS)
OS: Microsoft Windows Server 2003 R2 5.2 (3790) Service Pack 1
Source Domain
Name: dommason.local (DOMMASON)
DC: dellserver.dommason.local (DELLSERVER)
OS: Windows 2000 Server 5.0 (2195) Service Pack 4
OU:
Target Domain
Name: masonbros.local (MASONBROS)
DC: mbccore.masonbros.local (MBCCORE)
OS: Windows Server 2003 5.2 (3790) Service Pack 1
OU: LDAP://masonbros.local/CN=Users,DC=masonbros,DC=local
Intra-Forest: No
Password Option: Copy passwords, only for new objects = No
Password Export Server: dellserver.dommason.local
Migrate Security Identifiers: Yes
Update Rights: Yes
Translate Roaming Profiles: No
Fix group membership: Yes
Conflict Option: Merge, rights = Yes, members = Yes, move objects = Yes
Source Disable Option: Leave source account
Source Expiration: Do not expire source account
Target Disable Option: Set target same as source
Migrate groups: Yes
Update Migrated Objects: Yes
Migrate service accounts: Yes

[Object Migration Section]
2006-03-20 14:37:39 Starting Account Replicator.
2006-03-20 14:37:40 CN=test test - Created
2006-03-20 14:37:40 SID for DOMMASON\ttest added to the SID History of MASONBROS\ttest
2006-03-20 14:37:41 WRN1:7857 Could not copy following properties for 'CN=test test'.
2006-03-20 14:37:41 homeMDB = CN=Mailbox Store (DELLSERVER),CN=First Storage Group,CN=InformationStore,CN=DELLSERVER,CN=Servers,CN=First Administrative Group,CN=Administrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=dommason,DC=local A constraint violation occurred.
2006-03-20 14:37:41 showInAddressBook = CN=Default Global Address List,CN=All Global Address Lists,CN=Address Lists Container,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=dommason,DC=local, ... A constraint violation occurred.
2006-03-20 14:37:41 homeMTA = CN=Microsoft MTA,CN=DELLSERVER,CN=Servers,CN=First Administrative Group,CN=Administrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=dommason,DC=local A constraint violation occurred.
2006-03-20 14:37:41 WRN1:7873 Disabled the "user cannot change password" account option for account 'CN=test test'.
2006-03-20 14:37:41 CN=test test - Password Copied.
2006-03-20 14:37:41 WRN1:7874 Disabled the "password never expires" account option for account 'CN=test test'.
2006-03-20 14:37:41 Updated user rights for CN=test test
2006-03-20 14:37:41 Operation completed.

----------------------end log file---------------------

The error 7857 looks to me like it can't copy over the exchange attributes so the account doesn't have an exchange mail box so when I try to bring over the mail with exchange migrate there is no mail box to into and it errors. I think that is my main problem. That being said below is a list of some of the things I have tried and there failed results.

Create the account with exchange migrate will not work alone because it will not bring passwords over and the account is disabled. So then I used admt to overwrite the password and settings. It would overwrite the disabled part but would not overwrite the password. Admt errored saying copy of password did not complete because the source has not changed since last migration. Well yea I have not changed the source but I still want to overwrite what exchange migration changed.

I tried using admt first then using exchange migration with the change modify selection but it overwrites the password and disables the account.

I have tried to get exmerge to work. Tried using adc but didn't dig into enough to get it working.

Thanks for taking a look and let me know if I need to clarify or go more in depth on something.

 

[markdmac]

can you successfully migrate a user/password if you don't try to migrate Exchange?

If so I would do that. Then mail enable the accounts simply by selecting and right clicking to choose Exchange Tasks, Create mailbox.

Once you have that you can use Exmerge to export old mail and import on the new system.

You mention you "tried" to get Exmerge to work. What problems are you encountering?

I hope you find this post helpful.

Regards,

Mark

 

[jdahlheimer]

Yes I can successfully migrate a user but then I have to do that for all my users. That would not be the end of the world but then when exchange migrate runs it overwrites the passwords it doesn't give an option to use old password or don't overwrite password. So then I would have to go in and change all the passwords for all the users. Exmerge I don't remember the exact problem but I think it was along the same lines as it doesn't find the mailboxes. Any other ideas. Thanks.

 

[markdmac]

If you use Exmerge the user names just have to match the PST fiels. Passwords are not an issue at all with ExMerge. So you could migrate your users and passwords, then select them in mass and create mailboxes via AD Users & Computers which would not affect your passwords, then you import the PST files in mass to the new server.

I hope you find this post helpful.

Regards,

Mark

 

[jdahlheimer]

But then wouldn't I still have to create the mailboxes for each user manually? It wouldn't really bother me to do it once but when we get done with the new server our plan was to take the old box wipe it reinstall it and migrate the users back over to have a backup copy and we probably wouldn't do it if we have to do a lot of extra work. Thanks for all your help.

 

[markdmac]

You would need to define "manually" because it is a very easy step.

Select your newly imported users in ADUC. Right click and choose Exchange Tasks. Select Create Mailbox and all of the users get a mailbox and passwords are left as is.

You can then import data via ExMerge.

I am not sure on your last comment of having a backup. This is not a realistic plan. What are you hoping to do?

According to your post above you plan to setup a seperate domain and use ADMT to make copies of all user objects. This would require you to change domain memberships of all your computers in the event of a failure too.

Your better served with deploying that server as an additional DC or Exchange server in your domain and making sure you have a good backup, especially an ASR from NTBackup.

I hope you find this post helpful.

Regards,

Mark

 

[jdahlheimer]

Don't you have to select each user seperatly and add the mailbox. Since I only have 70 users this would be a small task but if you had 1000 users this would be a danting task. But is there a way to select all users? Perhaps I am missing something your trying to tell me.

I probably should not have even mentioned the backup but it was just a thought. I meant that if we were to wipe and reinstall the old server then migrate back just so we have a copy of the users and their mailboxes at the time we migrated. So if the main box went down we could basically plug in the old box and they should be able to continue to login in and send and receive emails even though the data would be out of date they could still operate. The old box would be configured exactly like the new box so they would not be able to coexist but one could replace the other. Perhaps I am not being to clear but hopefully you get the gist of what I am trying to say.

As for the switching of domains I thought admt could migrate computers from one domain to another. If this didn't work then we were going to name the new server and domain the same in hopes that we can just unplug one and plug in the other. Perhaps you have some expertise on if this works or not

You are probably right about the ASR and NTbackup but since I don't know what they are I will have to research these. And having the old server be a second domain controller was a thought but we would still like to wipe it and reinstall with 2003 before deploying it as a second dc. This is probably why I should not have even gotten into my plans of backup because we have not really made up our mind about it.

Thanks for all your great help so far.

 

[jdahlheimer]

I answered my own question you can select multiple users which will work great for me. But for the sake of arugment lets say you have 1000 users with 100 groups and other in AD you would still have to sift through all those users to make sure you had them all selected. The chance of making a mistake this way seems pretty high especially with me. If you miss a user or something then the mail doesn't get brought over. Seems like there should be a better way but perhaps there is not. Maybe I will make one . If you have any further input I always appreciate it. Thanks.

 

[jdahlheimer]

Here's anther question for you when I go into AD after migrating my users. I select all that I want exchange mailboxes for click exchange tasks create mailboxes. It errors saying mail boxes already exist. But yet when I try to run exchange migration or exmerge it can't find the mailboxes. Wierd it gets better. So I removed all exchange attributes and that completed successfully then created an exchange mail box. This also completed successfully. Still the tools won't find the mail boxes. But if I log on and access the mailbox through outlook then the tools will find it. I think its because the exchange system manager does not register the mailbox until it is logged into. Anyway around this. Thanks.

 

[markdmac]

jdahlheimer I will attempt t answer your questions in as organized a manner as I can.

1. Regarding a backup plan, if the purpose of this mirror domain is for disaster recovery (DR) then you are only addressing the issue partly. You would need to do this frequently on an ongoing basis to keep users and passwords synchronized, plus you would not have the full Exchange information. If you migrate the computers then yes you would be able to switch back and forth between the two, however outlook profiles would then need to be modified on each workstation. It sounds like you are just starting this migration so at the end of this thread I will make a suggestion for an easier way for you to do all of this.

2. An ASR is an Automated System Recovery. This is a new feature that was added into NTBackup on WIndows 2003. It is a combo tape/floppy that backs up a server and allows you to completely restore the system partition (not data partition) from a dead server by just booting up from the floppy. This is a HUGE advantage over the previous model of having to first install an OS to access the tape backups to restore.

3. Yes, there is another way. You can script the creation of mailboxes. IF you had between 100-1000+ users that would be the way to go.

4. The problem you are seeing is that the mailboxes have not yet been initialized. Sending an email to them will quickly and easily initialize the mailbox.

OK, so now lets look at your end goal here. I take it the problem is you have an old server you just want to refresh is that right? It also sounds like this server is both a DC and Exchange Server. Working with that assumption, here is what I think is your best solution.

[red]MIGRATION PLAN[/red]

1.Start with a full backup.
2.Install the new server as a DC in the existing domain. Make it a Global Catalog. Wait 15 minutes for AD to transfer over.
3.Migrate DHCP and WINS from the old server to this server.
4.Transfer the 5 FSMO roles to the new server.
5.Install Exchange as a second Exchange server in the exisitng Exchange environment. You can now use Move Mailbox wizard to move the mailboxes to the new server. Move public folders to the new server. (look up public folder replication for how to do this) Install Exchange SP2.
6.Change SMTP mail from the outside to be directed to the new server.
7.Wait a day, allow users to connect to mail on the new server. By having BOTH Exchange servers running you will NOT need to change local profiles. The Exchange servers will point the local profile to the new server for you.
8.Remove Exchange from the old server.
9.Run DCPROMO on old server to make it a member server. Remove from domain and reload as desired. Bring back into domain and make a DC/GC.
10.To be able to manage Exchange properties you will need to install Exchange tools and Exchange SP2 on the server (even if it is no longer an Exchange Server).


I hope you find this post helpful.

Regards,

Mark

 

[jdahlheimer]

Your the man. Thanks a million that sounds like a much better plan than mine.

 

[markdmac]

You are welcome.

Before beginning make sure you VERIFY your backup by restoring a file or two.

I did not say above to migrate user data since you do not specify that it is used as a file server, so migrate data or any other services as needed.

I hope you find this post helpful.

Regards,

Mark

 

[jdahlheimer]

I'm a little fuzzy on this part where the profiles are suppose to switch over. I have done all the steps and successfully migrated my mailbox over. Everything looks good. But I went to restart my computer and then checked my exchange profile and it still says that it is looking at the old server. Even though I am getting my mail properly and everything. I think it might be because exchange on the new server still looks at the old server as the dc. Did I miss a step or does this conversion take more time. Thanks.

 

[markdmac]

Using ADMT to move a computer will allow the exisiting profile to be used in either domain. The local profile will NOT change the Exchange Server int he user profile. You will need to either do this by hand or edit it via script.

LMK if you want me to post code I wrote to do this.

A third option is to edit the profile while performing an update/reinstall of Outlook via AD. If you have NOT been patching the client Office install, then this is the best solution as it kills 2 birds with one stone. I have an FAQ on how to do this. faq96-4996

I hope you find this post helpful.

Regards,

Mark

 

[jdahlheimer]

I might try AD and the script would be nice. But in your step 7 above you said that the exchange servers will point the profiles to the new server. If you could clarify this a little that would be great. If this is not going to happen please post the script. Thanks.

 

[jdahlheimer]

I guess I should have clarified we are not using admt we used turned it into a gc and ad changed over itself did all the roles then installed exchange and just moved my mailbox.

 

[markdmac]

If you installed the second Exchange box in the same Exchange site as the other server and did a Move Mailbox, then opening Outlook on the client should automatically point the profile to the new server so long as the old server is still up and running Exchange.

I hope you find this post helpful.

Regards,

Mark

 

[jdahlheimer]

Would it still do this even though the new server is still looking at the old server as the dc. I went through and moved all the roles but I don't remember making the new server the dc. I turned the new one into a gc and made the old so that it is not a gc anymore. Anything I can do to diagnose this. Thanks for your patience and perseverance you've been a great help.

 

[markdmac]

You can't make a server a GC unless it is a DC, soyou have to have done that. I would make the old server back to being a GC until the network settles down.

If you go into Exchange Admin on the new server do you see both servers there? Same question for the old server.

I hope you find this post helpful.

Regards,

Mark

 

[jdahlheimer]

Made the old back into a gc and both servers can see each other from exchange administrator.