5.5 --> 2003 migration, No SID history
Exchange Server Forum Index Exchange Server
Discussion forums for Microsoft Exchange Server users.
Microsoft Outlook
 
 FAQFAQ   MemberlistMemberlist     RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 
 
Google
 
Web ExchangeServerHelp.com
5.5 --> 2003 migration, No SID history

 
Post new topic   Reply to topic    Exchange Server Forum Index -> Design
Author Message
Kevin O'Brien
Guest
Posted: Tue Oct 12, 2004 1:01 am    Post subject: 5.5 --> 2003 migration, No SID history Reply with quote
Hello,

I have a question I hope one of you can help me with. I have been asked to
perform an Exchange 5.5 to 2003 migration. Unfortunately the company has
already manually created all of the user accounts and they did not use a
migration tool to preserve sid history. I can not redo it because this was
done some time ago and the users are using all of these newly created
accounts. My question is does anybody know of a way to migrate the
mailboxes without sid history?

Thank you,

Kevin

Back to top
Colby Holland [MSFT]
Guest
Posted: Tue Oct 12, 2004 2:21 am    Post subject: Re: 5.5 --> 2003 migration, No SID history Reply with quote
You can delete the accounts they've already created, and just let the
recipient CA do the job for you after you set up the ADC. Then the new
disabled AD accounts will have their NT counterparts as an associated
external account. At some point down the line you can merge the two using
ADPlus, thus preserving SID history.

Colby

--
Please do not send e-mail directly to this alias. This alias is for
newsgroup purposes only.

This posting is provided "AS IS" with no warranties, and confers no rights.


"Kevin O'Brien" <kevin.obrien@henryschein.com> wrote in message
news:O6xda08rEHA.376@TK2MSFTNGP14.phx.gbl...
Quote:
Hello,

I have a question I hope one of you can help me with. I have been asked
to
perform an Exchange 5.5 to 2003 migration. Unfortunately the company has
already manually created all of the user accounts and they did not use a
migration tool to preserve sid history. I can not redo it because this
was
done some time ago and the users are using all of these newly created
accounts. My question is does anybody know of a way to migrate the
mailboxes without sid history?

Thank you,

Kevin

Back to top
Colby Holland [MSFT]
Guest
Posted: Tue Oct 12, 2004 2:28 am    Post subject: Re: 5.5 --> 2003 migration, No SID history Reply with quote
Sorry! Mistyped the name of that tool. It's not ADPlus. =) I meant to
write ADClean:

287995 XADM: Merging Disabled User and Enabled User by Using the ADClean
Tool
http://support.microsoft.com/?id=287995

Colby

--
Please do not send e-mail directly to this alias. This alias is for
newsgroup purposes only.

This posting is provided "AS IS" with no warranties, and confers no rights.


"Colby Holland [MSFT]" <colbyh@online.microsoft.com> wrote in message
news:uqffXh9rEHA.1388@TK2MSFTNGP09.phx.gbl...
Quote:
You can delete the accounts they've already created, and just let the
recipient CA do the job for you after you set up the ADC. Then the new
disabled AD accounts will have their NT counterparts as an associated
external account. At some point down the line you can merge the two using
ADPlus, thus preserving SID history.

Colby

--
Please do not send e-mail directly to this alias. This alias is for
newsgroup purposes only.

This posting is provided "AS IS" with no warranties, and confers no
rights.


"Kevin O'Brien" <kevin.obrien@henryschein.com> wrote in message
news:O6xda08rEHA.376@TK2MSFTNGP14.phx.gbl...
Hello,

I have a question I hope one of you can help me with. I have been asked
to
perform an Exchange 5.5 to 2003 migration. Unfortunately the company
has
already manually created all of the user accounts and they did not use a
migration tool to preserve sid history. I can not redo it because this
was
done some time ago and the users are using all of these newly created
accounts. My question is does anybody know of a way to migrate the
mailboxes without sid history?

Thank you,

Kevin





Back to top
Kevin O'Brien
Guest
Posted: Tue Oct 12, 2004 5:56 pm    Post subject: Re: 5.5 --> 2003 migration, No SID history Reply with quote
Hi Colby,

I can not delete the accounts they already created because the users have
been using these accounts for some time. If I deleted them they would lose
their rights to all their file shares and even the 5.5 mailbox that the
account is associated with as the primary NT account.

If I could merge the SIDs that would be great. Can this ADClean merge the
NT 4.0 and Win2003 accounts?

Thank you,

Kevin



"Colby Holland [MSFT]" <colbyh@online.microsoft.com> wrote in message
news:#muwOl9rEHA.3900@TK2MSFTNGP10.phx.gbl...
Quote:
Sorry! Mistyped the name of that tool. It's not ADPlus. =) I meant to
write ADClean:

287995 XADM: Merging Disabled User and Enabled User by Using the ADClean
Tool
http://support.microsoft.com/?id=287995

Colby

--
Please do not send e-mail directly to this alias. This alias is for
newsgroup purposes only.

This posting is provided "AS IS" with no warranties, and confers no
rights.


"Colby Holland [MSFT]" <colbyh@online.microsoft.com> wrote in message
news:uqffXh9rEHA.1388@TK2MSFTNGP09.phx.gbl...
You can delete the accounts they've already created, and just let the
recipient CA do the job for you after you set up the ADC. Then the new
disabled AD accounts will have their NT counterparts as an associated
external account. At some point down the line you can merge the two
using
ADPlus, thus preserving SID history.

Colby

--
Please do not send e-mail directly to this alias. This alias is for
newsgroup purposes only.

This posting is provided "AS IS" with no warranties, and confers no
rights.


"Kevin O'Brien" <kevin.obrien@henryschein.com> wrote in message
news:O6xda08rEHA.376@TK2MSFTNGP14.phx.gbl...
Hello,

I have a question I hope one of you can help me with. I have been
asked
to
perform an Exchange 5.5 to 2003 migration. Unfortunately the company
has
already manually created all of the user accounts and they did not use
a
migration tool to preserve sid history. I can not redo it because this
was
done some time ago and the users are using all of these newly created
accounts. My question is does anybody know of a way to migrate the
mailboxes without sid history?

Thank you,

Kevin





Back to top
James Williams
Guest
Posted: Tue Oct 12, 2004 6:37 pm    Post subject: Re: 5.5 --> 2003 migration, No SID history Reply with quote
Hey Kevin. If you're going to get rid of 5.5 in the near-term future,
there may be an option for you:

----------------------------------
Prerequisites/Assumptions:
- On the Exchange stores, you need to set 'Keep deleted mailboxes for
(days)' to at least 7. Default value is 30.
- These steps involve some user account deletions, so be careful and
aware of what this process entails. Of course, use this documentation
at your own risk. No warranty, express or implied. Your mileage may vary.
----------------------------------

I would let the ADC replicate the old 5.5 users into a specific OU (I
usually make one called ADC). At this point, you should have 2 sets of
users and the one set of mailboxes migrated over.

Once you get to this step, you need to TURN 5.5 OFF. That way, you
don't get wierd replication issues. Verify your migration data, and get
5.5 decommissioned and out of the way before going any further. You
might also want to run a tape at this point of both AD and Exchange,
just to be super-safe. If you don't want to decom Exchange 5.5, turn it
off and complete the Exchange 2003 migration steps as if the 5.5 servers
had been decommissioned--that will give you the chance to reinstall
Exchange 2003 and try again if something goes horribly wrong.

Once you're in a pure AD environment, take the ADC-migrated users and
delete them. You should be prompted to mark the mailbox for
deletion--that's OK to do. Once you've deleted the ADC-generated user
accounts, go into Exchange System Manager, dig down into your store(s),
right-click on the mailboxes folder, and run the Cleanup Agent (you may
have to wait a minute or two to run the Cleanup Agent). What's going to
happen is that, because the AD user that owns the mailbox was deleted,
and the mailbox is set not to be deleted for 30 days, the mailboxes will
all show up with a little red X on them. If you right-click on these
mailboxes, you'll see the Reconnect and Purge options are now available.
Purge will delete the mailbox from the store DB, so don't do that.
Reconnect will allow you to specify a new user account to tie that
Exchange mailbox to.

If you have a ton of users, this will be a bear to finish. But it's the
only way I've found to be able to take an Exchange 2003 mailbox
belonging to SID A and successfully associate it to SID B.

Best of luck on this Kevin. I don't envy your position, but you should
be able to get around this problem.

(j)
James


Kevin O'Brien wrote:
Quote:
Hello,

I have a question I hope one of you can help me with. I have been asked to
perform an Exchange 5.5 to 2003 migration. Unfortunately the company has
already manually created all of the user accounts and they did not use a
migration tool to preserve sid history. I can not redo it because this was
done some time ago and the users are using all of these newly created
accounts. My question is does anybody know of a way to migrate the
mailboxes without sid history?

Thank you,

Kevin

Back to top
Colby Holland [MSFT]
Guest
Posted: Tue Oct 12, 2004 7:22 pm    Post subject: Re: 5.5 --> 2003 migration, No SID history Reply with quote
Ha! Well, sorry...

I didn't realize you'd already gotten that far. Then yes, you can just
merge the accounts using ADClean. =) Good luck.

Regards,
Colby

--
Please do not send e-mail directly to this alias. This alias is for
newsgroup purposes only.

This posting is provided "AS IS" with no warranties, and confers no rights.


"Kevin O'Brien" <kevin.obrien@henryschein.com> wrote in message
news:OytN$rFsEHA.2684@TK2MSFTNGP12.phx.gbl...
Quote:
Hi Colby,

I can not delete the accounts they already created because the users have
been using these accounts for some time. If I deleted them they would
lose
their rights to all their file shares and even the 5.5 mailbox that the
account is associated with as the primary NT account.

If I could merge the SIDs that would be great. Can this ADClean merge the
NT 4.0 and Win2003 accounts?

Thank you,

Kevin



"Colby Holland [MSFT]" <colbyh@online.microsoft.com> wrote in message
news:#muwOl9rEHA.3900@TK2MSFTNGP10.phx.gbl...
Sorry! Mistyped the name of that tool. It's not ADPlus. =) I meant to
write ADClean:

287995 XADM: Merging Disabled User and Enabled User by Using the ADClean
Tool
http://support.microsoft.com/?id=287995

Colby

--
Please do not send e-mail directly to this alias. This alias is for
newsgroup purposes only.

This posting is provided "AS IS" with no warranties, and confers no
rights.


"Colby Holland [MSFT]" <colbyh@online.microsoft.com> wrote in message
news:uqffXh9rEHA.1388@TK2MSFTNGP09.phx.gbl...
You can delete the accounts they've already created, and just let the
recipient CA do the job for you after you set up the ADC. Then the new
disabled AD accounts will have their NT counterparts as an associated
external account. At some point down the line you can merge the two
using
ADPlus, thus preserving SID history.

Colby

--
Please do not send e-mail directly to this alias. This alias is for
newsgroup purposes only.

This posting is provided "AS IS" with no warranties, and confers no
rights.


"Kevin O'Brien" <kevin.obrien@henryschein.com> wrote in message
news:O6xda08rEHA.376@TK2MSFTNGP14.phx.gbl...
Hello,

I have a question I hope one of you can help me with. I have been
asked
to
perform an Exchange 5.5 to 2003 migration. Unfortunately the company
has
already manually created all of the user accounts and they did not use
a
migration tool to preserve sid history. I can not redo it because
this
was
done some time ago and the users are using all of these newly created
accounts. My question is does anybody know of a way to migrate the
mailboxes without sid history?

Thank you,

Kevin







Back to top
Kevin O'Brien
Guest
Posted: Tue Oct 12, 2004 7:37 pm    Post subject: Re: 5.5 --> 2003 migration, No SID history Reply with quote
Hi James,

This sounds good and should work. I have been using exchange 2000/2003 here
for the past two years so I know exactly what you are talking about and it
should work. I was hoping to not put up an ADC connector.

Right now I am think I am leaning towards using Exmerge to export all of the
5.5. mailboxes to pst's and then importing them to 2003. I believe it will
be the cleanest way. If I run into problems with that method then I will
probably look at using ADC to migrate the accounts and then use ADClean to
then migrate the account settings from the newly created, disabled user to
the existing 2003 account.

Thank you James and Colby for your help.

Kevin



"James Williams" <itenginerd@nospam.earthlink.nospam.net> wrote in message
news:OsIshCGsEHA.3712@TK2MSFTNGP15.phx.gbl...
Quote:
Hey Kevin. If you're going to get rid of 5.5 in the near-term future,
there may be an option for you:

----------------------------------
Prerequisites/Assumptions:
- On the Exchange stores, you need to set 'Keep deleted mailboxes for
(days)' to at least 7. Default value is 30.
- These steps involve some user account deletions, so be careful and
aware of what this process entails. Of course, use this documentation
at your own risk. No warranty, express or implied. Your mileage may
vary.
----------------------------------

I would let the ADC replicate the old 5.5 users into a specific OU (I
usually make one called ADC). At this point, you should have 2 sets of
users and the one set of mailboxes migrated over.

Once you get to this step, you need to TURN 5.5 OFF. That way, you
don't get wierd replication issues. Verify your migration data, and get
5.5 decommissioned and out of the way before going any further. You
might also want to run a tape at this point of both AD and Exchange,
just to be super-safe. If you don't want to decom Exchange 5.5, turn it
off and complete the Exchange 2003 migration steps as if the 5.5 servers
had been decommissioned--that will give you the chance to reinstall
Exchange 2003 and try again if something goes horribly wrong.

Once you're in a pure AD environment, take the ADC-migrated users and
delete them. You should be prompted to mark the mailbox for
deletion--that's OK to do. Once you've deleted the ADC-generated user
accounts, go into Exchange System Manager, dig down into your store(s),
right-click on the mailboxes folder, and run the Cleanup Agent (you may
have to wait a minute or two to run the Cleanup Agent). What's going to
happen is that, because the AD user that owns the mailbox was deleted,
and the mailbox is set not to be deleted for 30 days, the mailboxes will
all show up with a little red X on them. If you right-click on these
mailboxes, you'll see the Reconnect and Purge options are now available.
Purge will delete the mailbox from the store DB, so don't do that.
Reconnect will allow you to specify a new user account to tie that
Exchange mailbox to.

If you have a ton of users, this will be a bear to finish. But it's the
only way I've found to be able to take an Exchange 2003 mailbox
belonging to SID A and successfully associate it to SID B.

Best of luck on this Kevin. I don't envy your position, but you should
be able to get around this problem.

(j)
James


Kevin O'Brien wrote:
Hello,

I have a question I hope one of you can help me with. I have been asked
to
perform an Exchange 5.5 to 2003 migration. Unfortunately the company
has
already manually created all of the user accounts and they did not use a
migration tool to preserve sid history. I can not redo it because this
was
done some time ago and the users are using all of these newly created
accounts. My question is does anybody know of a way to migrate the
mailboxes without sid history?

Thank you,

Kevin

Back to top
Benoit Boudeville
Guest
Posted: Sun Oct 17, 2004 5:37 am    Post subject: Re: 5.5 --> 2003 migration, No SID history Reply with quote
You can use Quest Migrator to rebuild sidHistory, otherwise a VScript can do
it too since it's just an attribute to set.

Don't forget to remove sidHistory after you are done.

"Kevin O'Brien" wrote:

Quote:
Hi Colby,

I can not delete the accounts they already created because the users have
been using these accounts for some time. If I deleted them they would lose
their rights to all their file shares and even the 5.5 mailbox that the
account is associated with as the primary NT account.

If I could merge the SIDs that would be great. Can this ADClean merge the
NT 4.0 and Win2003 accounts?

Thank you,

Kevin



"Colby Holland [MSFT]" <colbyh@online.microsoft.com> wrote in message
news:#muwOl9rEHA.3900@TK2MSFTNGP10.phx.gbl...
Sorry! Mistyped the name of that tool. It's not ADPlus. =) I meant to
write ADClean:

287995 XADM: Merging Disabled User and Enabled User by Using the ADClean
Tool
http://support.microsoft.com/?id=287995

Colby

--
Please do not send e-mail directly to this alias. This alias is for
newsgroup purposes only.

This posting is provided "AS IS" with no warranties, and confers no
rights.


"Colby Holland [MSFT]" <colbyh@online.microsoft.com> wrote in message
news:uqffXh9rEHA.1388@TK2MSFTNGP09.phx.gbl...
You can delete the accounts they've already created, and just let the
recipient CA do the job for you after you set up the ADC. Then the new
disabled AD accounts will have their NT counterparts as an associated
external account. At some point down the line you can merge the two
using
ADPlus, thus preserving SID history.

Colby

--
Please do not send e-mail directly to this alias. This alias is for
newsgroup purposes only.

This posting is provided "AS IS" with no warranties, and confers no
rights.


"Kevin O'Brien" <kevin.obrien@henryschein.com> wrote in message
news:O6xda08rEHA.376@TK2MSFTNGP14.phx.gbl...
Hello,

I have a question I hope one of you can help me with. I have been
asked
to
perform an Exchange 5.5 to 2003 migration. Unfortunately the company
has
already manually created all of the user accounts and they did not use
a
migration tool to preserve sid history. I can not redo it because this
was
done some time ago and the users are using all of these newly created
accounts. My question is does anybody know of a way to migrate the
mailboxes without sid history?

Thank you,

Kevin








Back to top
Kevin O'Brien
Guest
Posted: Thu Oct 21, 2004 6:45 pm    Post subject: Re: 5.5 --> 2003 migration, No SID history Reply with quote
Hi Benoit,

Why would I have to remove the sid history when I am done? If I rebuilt it
with Quest Migrator or VBScript does it add to what I have or replace?

Thank you,
Kevin



"Benoit Boudeville" <BenoitBoudeville@discussions.microsoft.com> wrote in
message news:AC8D8978-EF46-41A0-8819-8CC6157FC60B@microsoft.com...
Quote:

You can use Quest Migrator to rebuild sidHistory, otherwise a VScript can
do
it too since it's just an attribute to set.

Don't forget to remove sidHistory after you are done.

"Kevin O'Brien" wrote:

Hi Colby,

I can not delete the accounts they already created because the users
have
been using these accounts for some time. If I deleted them they would
lose
their rights to all their file shares and even the 5.5 mailbox that the
account is associated with as the primary NT account.

If I could merge the SIDs that would be great. Can this ADClean merge
the
NT 4.0 and Win2003 accounts?

Thank you,

Kevin



"Colby Holland [MSFT]" <colbyh@online.microsoft.com> wrote in message
news:#muwOl9rEHA.3900@TK2MSFTNGP10.phx.gbl...
Sorry! Mistyped the name of that tool. It's not ADPlus. =) I meant
to
write ADClean:

287995 XADM: Merging Disabled User and Enabled User by Using the
ADClean
Tool
http://support.microsoft.com/?id=287995

Colby

--
Please do not send e-mail directly to this alias. This alias is for
newsgroup purposes only.

This posting is provided "AS IS" with no warranties, and confers no
rights.


"Colby Holland [MSFT]" <colbyh@online.microsoft.com> wrote in message
news:uqffXh9rEHA.1388@TK2MSFTNGP09.phx.gbl...
You can delete the accounts they've already created, and just let
the
recipient CA do the job for you after you set up the ADC. Then the
new
disabled AD accounts will have their NT counterparts as an
associated
external account. At some point down the line you can merge the two
using
ADPlus, thus preserving SID history.

Colby

--
Please do not send e-mail directly to this alias. This alias is for
newsgroup purposes only.

This posting is provided "AS IS" with no warranties, and confers no
rights.


"Kevin O'Brien" <kevin.obrien@henryschein.com> wrote in message
news:O6xda08rEHA.376@TK2MSFTNGP14.phx.gbl...
Hello,

I have a question I hope one of you can help me with. I have been
asked
to
perform an Exchange 5.5 to 2003 migration. Unfortunately the
company
has
already manually created all of the user accounts and they did not
use
a
migration tool to preserve sid history. I can not redo it because
this
was
done some time ago and the users are using all of these newly
created
accounts. My question is does anybody know of a way to migrate the
mailboxes without sid history?

Thank you,

Kevin








Back to top
 
Post new topic   Reply to topic    Exchange Server Forum Index -> Design All times are GMT
Page 1 of 1

 
 You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum




Windows Server Dedicated Servers
New Topics Powered by phpBB