Archive for the ‘exchange 2007’ Category

Where Did Everybody Go ?……

Friday, July 17th, 2009

When creating dynamic distribution groups (DDG) on Exchange server 2007 (distribution lists (DL) where the members are derived from an ldap query) you need to specify the active directory container where the query is to be applied !!

Failure to specify this will result in the query scope being set to the default ‘domainname/users’ container (not a problem if this is where your users happen to be, mine do not !!). The problem was that the power shell command to get the members of a DDG was working fine for me, but the exchange management console was not (the console was right).

I created a ‘test’ DDG and set it to include all users who had a mailbox. I then sent it an email and……nothing happened. I used message tracking to find where my message was going and saw

EventID : Expand, RecipientCount : 0   Since there are no recipients, the Expand Event within the Routing task was not followed by a transfer or delivery

When exchange was expanding the DDG to get the members there were none :o(

It was around this time I spotted an available parameter for DDG, -RecipientContainer. The recipient container was currently set to ‘domainname/users’ which is not where my user objects are located, they are in ‘domainname/our stuff/user/<dept>’ where each <dept> is a departmental subfolder (allows me a lot of control for group policy objects !).

I adjusted the DDG –recipientcontainer to ‘domainname/our stuff’ and presto, the list bursts into action and everyone gets an email. The ldap query seems to be recursive as all users in all sub containers were affected.

So for exchange DDG’s it not just what you make, but where you point it too that matter :oO

msexch

Tags:
Posted in exchange 2007, microsoft | No Comments »

Migrate Exchange Server Without Using .PST Files

Friday, May 22nd, 2009

I recently started to work for a new company. I have to say I love my new roll, these guys are pretty cool in terms of technology and agility.

They are predominantly based on Microsoft technologies, but there is the odd *nix box or VM in there as well, and all the comms stuff is Cisco thankfully, so I can hit the ground running there :o)

So, my first task on joining…….”migrate us off the old exchange 2003 server onto the new exchange 2007 server”. Easy I though, can use the console to do that, should only take a couple of days. “Oh, the servers are in completely separate forests though, there is a trust between them if it helps ?……”

Ah, not so simple now then. From my knowledge of exchange server 2007 (which is limited at best, I don’t know anyone else using anything beyond version 2003) the gui is no longer an option to move mailboxes. I’m gonna have to learn the exchange power shell command line tool.

The tool in question is the ‘move-mailbox’ cmd applet and takes an absolute dump truck of arguments to make it work. Googling returned hundreds of hits for what seemed to be the exact scenario that I was facing. So here’s what I started with

Permissions required to move mailboxes across forests are listed on technet :

http://technet.microsoft.com/en-us/library/aa997599.aspx

down near the bottom. Essentially you need the following on the source and target locations

  • Exchange Server Admin
  • Exchange Recipient Admin
  • Local Admin

Having added myself to those groups (and pretty much all the other ones that looked like they had authority to do stuff) I started attempting to move mailboxes

The first step was to define the source and target credentials to be used. These can be allocated to variables using the ‘get-credential’ cmd applet. when you run the ‘get-credential’ cmd applet it presents you with a popup dialog box where you can enter username and password. You need the prefix the logon name with the domain name and make sure you are using a logon id with the permissions mentioned above, so

$SrcID = get-credential and $DstID = get-credential both result in

get-credential

Now I had $SrcID and $DstID prepared ready to use. Next I tried to move a mailbox

move-mailbox -targetdatabase "\\" -identity  -ntaccount  -globalcatalog  -sourceforestglobalcatalog  -sourceforestcredentials $SrcID -targetforestcredentials $DstID

I ran the above with the correct values and a new mailbox appeared on the target server that seemed to be an exact copy of the source mailbox albeit with a randomly generated alias name ?

Then another problem came to light. All users mailboxes were already setup on the new server and their active directory accounts were already associated with their Exchange 2003 mailboxes. And, some of the new Exchange 2007 mailboxes already seemed to have content in them so I could not just attempt to re-associate their user object with the copied mailbox :o(

I hoped that as the copied Exchange 2003 mailbox and the new Exchange 207 user mailbox were now both on the same server in the same forest and domain there would be some tool I could use to merge the mailboxes together into one…….but no such luck

Further research revealed an ‘-allowmerge’ parameter that sounded like it would do exactly what I wanted, merge the contents of x2 mailboxes together. So I retried the command with this additional parameter

move-mailbox -targetdatabase "\\" -identity  -allowmerge -globalcatalog  -sourceforestglobalcatalog  -sourceforestcredentials $SrcID -targetforestcredentials $DstID

This however resulted in the same result. A new copy of the source 2003 mailbox on the target 2007 server that I could not merge with the original user mailbox. So I went back to Google and found that when attempting to merge mailboxes, the applet looks for certain matching criteria. This post

http://blogs.msdn.com/anthonw/archive/2007/07/05/moving-mailboxes-cross-organizations-in-exchange-2007.aspx

mentioned about matching SID’s across domains and using the admt tool to migrate users. It sounded complicated and I didn’t fancy breaking the active directory of my new employers quite this soon into the job. Hunting around a little more I found this blog entry from the exchange server team

http://msexchangeteam.com/archive/2006/11/02/430289.aspx

which states:

“Check if we can match the source NT account in the target Forest (account match based on SMTP address, source objectSID and target sidHistory, and legacyExchangeDN). If match is found, this account will be email enabled.”

So….it looks like we can match the source and target mailboxes based on an smtp address…..so I added a dummy smtp address user@migration.projto the source and target mailbox and re-ran the above command and……hey presto, the content of the source mailbox was pushed into the existing user mailbox on the exchange 2007 server. Everything cames across, mail, contacts, calendar appointments….

The only outstanding issue I have is that the old mailserver had the x3 meeting rooms available as resource objects. As these objects no longer exist on the new mail server, everyone who had re-occurring apointments booked against those objects now has orphaned appointment they do not seem able to delete or cancel. I will look at purging these orphaned items when I get a chance to study it more thoroughly

So, the mail migration is now all but complete for all x45+ users with an excess of 80GB+ of mail content……..and not a single .pst file in sight :o)

Tags: , , , ,
Posted in exchange 2007 | No Comments »