I’ve come across quite a few Exchange migrations lately during mergers and acquisitions where the source domain had a bunch of users and instead of using ADMT (Active Directory Migration Tool) to migrate the user with SIDHistory they simply just manually created all the users in the destination domain (without mailboxes) and started using them. Then a few months down the road they start to think of how to migrate Exchange and the mailboxes. Well, since SIDHistory was not migrated using ADMT, neither Exchange 2007 Move-Mailbox nor Exchange 2010 New-MoveRequest can match the source mailbox with any target domain account. So are you out of luck?
Luckily – no.
There are more attributes it will match on and that is:
- source legacyExchangeDN will match an destination x500: value in proxyAddresses
- source SMTP: or smtp: in proxyAddresses will match destination smtp: or SMTP: in proxyAddresses
- …and of course source objectSID will match destination SIDHistory.
To make it more clear, check out this example. In the source (this case Windows 2003 AD/Exchange 2003), the account looked like this when using adsiedit.msc:
For example 1 above, you simply take the legacyExchangeDN from the user in the source domain:
/o=Org/ou=First Administrative Group/cn=Recipients/cn=miguser6
Go to the user in the destination domain and use for example ADUC (with View -> Advanced Features) and Attribute Editor tab. Go to proxyAddresses and add a value starting with x500:<legacyExchangeDN>:
For example 2, just add the smtp: or SMTP: to the proxyAddress.
Tip: If you’re just testing away, add the -ValidateOnly (-WhatIf for E2010) parameter to check if it can match. Example results when running E2007:
StatusMessage: This mailbox can be moved to the target database.
If it can’t find a match:
Error occurred in the step: Approving object. No matched target NT account is found. To create an NT account in target forest, parameter NTAccountOU is required.