|
|
|
date: Tue, 25 Mar 2008 19:15:23 +0100,
group: microsoft.public.exchange2000.admin
back
InterOrg 5.5 - 2003 Migration
I'm working on a migration project from an Exchange 5.5 organization to an
Exchange 2003 one. The two organizations are not linked in any way, and are
associated to different Windows domains.
The scenario:
- Domain A (NT)
- Domain B (Active Directory 2003)
- Exchange Org A (5.5, linked to domain A)
- Exchange Org B (2003, linked to domain B)
- Domain A and domain B are trusted
- User accounts in domain A have already been migrated to domain B with SID
history
- Every user in domain B has a mailbox in Org A and another one in Org B,
and they are both in use.
- There are lots of public folders, shared mailboxes and distribution lists
in Org A
We're planning on using ExMerge or the Exchange Migration Wizard to move the
mailboxes, and the Inter-Org Replication Tool (also known as ExchSync) to
replicate the public folders.
The problems:
- How can we migrate the distribution lists? We've tried the Active
Directory Connector, but it creates them in domain B as contacts instead of
distribution groups.
- ACLs on shared mailboxes: both ExMerge and the EMW don't migrate them,
they only migrate the mailbox *contents*. We need to migrate permissions
too. We've tried ADC here too, but it looks like it doesn't migrate this
kind of informations in an inter-org scenario.
- ACLs on public folders: same as above, ExchSync doesn't migrate them, only
the hierarchy (and not at top level) and the folder contents.
I think we can handle the DLs with a directory export and some scripting,
but we're totally lost on migrating ACLs; there are hundreds of shared
mailboxes and public folders, and it would be *really* a pain to have to set
them manually. Every permission is given to user accounts (or groups) in
domain B, because accounts from domain A have already been migrated, but we
just don't know how to replicate them in Org B.
Any help would be really appreciated, and third-party tools are welcome if
they can do the job.
Massimo
date: Tue, 25 Mar 2008 19:15:23 +0100
author: Massimo
Re: InterOrg 5.5 - 2003 Migration
Inline below.
--
Ed Crowley
MVP - Exchange
"Protecting the world from PSTs and brick backups!"
"Massimo" wrote in message
news:ehapyQqjIHA.2268@TK2MSFTNGP02.phx.gbl...
> I'm working on a migration project from an Exchange 5.5 organization to an
> Exchange 2003 one. The two organizations are not linked in any way, and
> are associated to different Windows domains.
>
> The scenario:
>
> - Domain A (NT)
> - Domain B (Active Directory 2003)
> - Exchange Org A (5.5, linked to domain A)
> - Exchange Org B (2003, linked to domain B)
> - Domain A and domain B are trusted
> - User accounts in domain A have already been migrated to domain B with
> SID history
> - Every user in domain B has a mailbox in Org A and another one in Org B,
> and they are both in use.
> - There are lots of public folders, shared mailboxes and distribution
> lists in Org A
>
> We're planning on using ExMerge or the Exchange Migration Wizard to move
> the mailboxes, and the Inter-Org Replication Tool (also known as ExchSync)
> to replicate the public folders.
>
> The problems:
>
> - How can we migrate the distribution lists? We've tried the Active
> Directory Connector, but it creates them in domain B as contacts instead
> of distribution groups.
You could use IIS or some other directory synchronization tool. If you were
to purchase the Quest Migration Manager 8.0 suite, you'd also have a
solution, and it'd likely result in a migration that's less painful on your
users. However, since you've already started the process, creating your
accounts, whatever tool you try to use at this time is likely going to cause
some problems. Tools work well when you start your process with them, but
often give you grief in myriad little ways when you try to use them in a
process that's been completed halfway.
> - ACLs on shared mailboxes: both ExMerge and the EMW don't migrate them,
> they only migrate the mailbox *contents*. We need to migrate permissions
> too. We've tried ADC here too, but it looks like it doesn't migrate this
> kind of informations in an inter-org scenario.
See Quest above.
> - ACLs on public folders: same as above, ExchSync doesn't migrate them,
> only the hierarchy (and not at top level) and the folder contents.
See Quest above.
> I think we can handle the DLs with a directory export and some scripting,
It's certainly doable with scripting; I've scripted distribution list and
group synchronization more than once in my career. But it's time-consuming
to develop something like that from scratch.
> but we're totally lost on migrating ACLs; there are hundreds of shared
> mailboxes and public folders, and it would be *really* a pain to have to
> set them manually.
This is also scriptable, but it would be complex as well. Some of this will
be solved for you temporarily if you use SID history, at least until you
decide to get rid of the old SIDs.
> Every permission is given to user accounts (or groups) in domain B,
> because accounts from domain A have already been migrated, but we just
> don't know how to replicate them in Org B.
>
> Any help would be really appreciated, and third-party tools are welcome if
> they can do the job.
>
>
> Massimo
>
date: Tue, 25 Mar 2008 15:18:26 -0700
author: Ed Crowley [MVP]
|
|
