Migrating Exchange Without Trusts

One of the more common questions we see is "Can we migrate Exchange without any trusts in the environment?"

The answer to that is "YES" however there are some hurdles.  Here are 3 of them:

  • If you have any Windows clusters running Exchange then the console software must be installed in the domain that has the cluster.  With most migrations going from Exchange 2010 to Exchange 2010, 2013, 2016 this is less of a concern since Microsoft moved to the DAG model.
  • In the Migration Manager Console click Tools | Options, and on the License property page in the Net use connections area verify the specified account has access rights to the License Server.
  • Users will have to specify the target security account using CPUU (Client Profile Updating Utility) when they are switched to the target server. Because there are no trusts, their source accounts will not have permissions for the target mailboxes.

To configure the Client Profile Updating Utility to process the Microsoft Outlook profiles if trust relationships are not established between the source and target domains, perform the following steps:

  1. Run the EMWProf Configuration Wizard and follow the wizard's steps.
  2. On the Select Action page, select the Update option and select either of the following:
    1. Select Run EMWProf under Administrative account and click the Settings button. Then specify credentials for two accounts: one for the source mailbox and another for the target mailbox.
    2. Select the Prompt for credentials option in order to force EMWProf to prompt the credentials when logging on to either of mailboxes.

While we do recommend getting a trust in place, it's important to know the drawbacks to a trustless migration.