Migration Approach Query

Current Environment
Source = Account forest with external forest trust to Target forest.  No Exchange currently (was decommissioned)
Target = Resource forest containing linked mailboxes (Exchange 2010) and disabled AD accounts with AEA (linked master account) set
 
Planned "End State" Environment
Source = Domain/forest will be decommissioned
Target = Previously disabled resource accounts will be enabled and used to authenticate users.  Mailboxes will remain with users.  Users will be provided with new machines which are members of the target domain and login with target accounts using target mailboxes.
 
Planned Migration Steps
1. Perform migration of AD group object using migration sessions and import files
2. Perform migration of AD user objects using migration sessions and import files ensuring accounts are matched to the existing target disabled accounts.  Continue to leave source accounts enabled and target disabled.
*  At this point users are continuing to work as is without any interruption *
3. Perform AD processing of all objects leaving source account permissions in place
4. Perform Exchange processing of all mailboxes leaving source account permissions in place
*  Again, at this point users are continuing to work as is without any interruption *
5. Start migration of Batch 1 of the users
 (a) Enable batch 1 disabled accounts in target using Set-User -Identity 'mailbox name' -LinkedMasterAccount $null  as per KB35991
 (b) Provide batch 1 users with new machine in target domain
 (c) Batch 1 users login to new machine in target domain with target account, create Outlook profile etc
6. Start migration of Batch 2 and repeat previous steps
7. On completion of migration of all batches perform ADPW and EPW to remove source account and clean up
 
I would like to understand if my proposed timing of the ADPW and EPW processing is right and if possible is there any specific pointers around the configuration of the wizards?
 
Thanks  Mark
Parents
No Data
Reply
  • Thank you for the update.

    I actually ran ADPW with the default settings. I have reviewed the settings but I cannot see any option which will prevent it from updating the MSExchMasterAccountSid. Do you have any details about which setting I could select?

    If not I guess it would not be an issue if we only have a short migration period and we are aware that new delegations will only have the target sid stamped.

    I did locate an event in the ADPW logs:

    Replace msExchMasterAccountSid value from xxxx to xxxx of "Object DN"
Children
No Data