Hi - I've used several articles as guides to migrate test migration of mailboxes from one forest to another - Primarly guides on microsoft's website ( )and this one
I have Users in "Forest A" for "Company A" and users in "Forest B" for "Company B". Company A and Company B merged. Because Company A upgraded to Exchange 2010, the "New Company" would like "Company B" to use Exchange in "Forest A" but not specifically move all the users/workstations/etc. to "Forest A".
Summary: Cross-Forest Exchange Migration, Forest A has users and Exchange, Forest B has users and is getting rid of Exchange but wants to use Exchange in Forest A.
Currently: Forest A (Now Exchange 2010). Forest B (Exchange 2007).
I have successfully migrated users by: Using the Prepare Script to create the new disabled user, Using ADMT to copy passwords/GUID's from Forest B to Forest A, and Then performing a move-mailbox cmdlet.
I unchecked "Require user to change password" from the Domain Controller in "Forest B". The user can log onto their workstation, but as soon as they open their outlook, it asks for a username/password (and by doing outlook.exe /rpcdiag I can see they are trying to authenticate to the new server (yay!)).
Question: How can I make it so that they do not have to enter a username/password? I'm assuming I'm missing a credential or permission somewhere. When it's asking for the username/password, under the RPC Diag box it's authenticating to the following:
Server Type Status
EXCHANGE.forestA.local Mail Connecting
--- Directory Connecting
EXCHANGE.forestA.local Referral Connecting
EXCHANGE.forestA.local Mail Connecting
Additionally: If I try to log into outlook web access ( and I specify the username of FORESTB\username, with the correct password, it tells me that "The Active Directory resource couldn't be accessed. This may be because the Active Directory object doesn't exist or the object has become corrupted, or because you don't have the correct permissions."
The new user's "Logon name (user principal name)" in Exchange identifies username@forestb.local Which I believe is correct. And the email addresses pull over, username@companyB.com is in there.
Also - There is a 2-way transitive trust setup between forests. Users can authenticate when in proper groups through the trust.
Thank you in advance. Any help is greatly appreciated!
I have Users in "Forest A" for "Company A" and users in "Forest B" for "Company B". Company A and Company B merged. Because Company A upgraded to Exchange 2010, the "New Company" would like "Company B" to use Exchange in "Forest A" but not specifically move all the users/workstations/etc. to "Forest A".
Summary: Cross-Forest Exchange Migration, Forest A has users and Exchange, Forest B has users and is getting rid of Exchange but wants to use Exchange in Forest A.
Currently: Forest A (Now Exchange 2010). Forest B (Exchange 2007).
I have successfully migrated users by: Using the Prepare Script to create the new disabled user, Using ADMT to copy passwords/GUID's from Forest B to Forest A, and Then performing a move-mailbox cmdlet.
I unchecked "Require user to change password" from the Domain Controller in "Forest B". The user can log onto their workstation, but as soon as they open their outlook, it asks for a username/password (and by doing outlook.exe /rpcdiag I can see they are trying to authenticate to the new server (yay!)).
Question: How can I make it so that they do not have to enter a username/password? I'm assuming I'm missing a credential or permission somewhere. When it's asking for the username/password, under the RPC Diag box it's authenticating to the following:
Server Type Status
EXCHANGE.forestA.local Mail Connecting
--- Directory Connecting
EXCHANGE.forestA.local Referral Connecting
EXCHANGE.forestA.local Mail Connecting
Additionally: If I try to log into outlook web access ( and I specify the username of FORESTB\username, with the correct password, it tells me that "The Active Directory resource couldn't be accessed. This may be because the Active Directory object doesn't exist or the object has become corrupted, or because you don't have the correct permissions."
The new user's "Logon name (user principal name)" in Exchange identifies username@forestb.local Which I believe is correct. And the email addresses pull over, username@companyB.com is in there.
Also - There is a 2-way transitive trust setup between forests. Users can authenticate when in proper groups through the trust.
Thank you in advance. Any help is greatly appreciated!
