Resolution
Exchange Migrator 2.x
symptom
Migrated mailboxes are not replicated back to the 5.5 directory when using the Microsoft Active Directory Connector (ADC) in an Intra-Org migration.
symptom
I migrated my Exchange 5.5 mailboxes to Windows 2000 Active Directory, but now the mailbox data won't replicate back to the Exchange 5.5. mailboxes.
cause
The Active Directory Connector (ADC) synchronizes objects based on the primary SID of the Primary NT Account associated with the source Exchange 5.5 mailbox. It then populates the msExchADCGlobalNames attributes of the source Exchange 5.5 mailbox and the target Active Directory object with the respective object's path. This tells ADC that these objects should be mapped to each other during subsequent synchronizations.
Typically the replication issue occurs in an Intra-Org migration where the Primary NT Account of the source Exchange 5.5 mailbox is the same as the target Active Directory account which is to become the target mailbox. Seeing that it is trying to replicate an Exchange 2000 mailbox and the corresponding source object is an Exchange 5.5 mailbox, ADC does not replicate this object.
By default, when Exchange Migrator merges on an existing AD account in a Exchange 5.5 to Exchange 2000/2003 Intra-Org migration, Exchange Migrator clears the ADC-populated properties of the target object, including the msExchADCGlobalNames and the msExchMasterAccountSid properties. Clearing these values for the target object helps disconnect the existing ADC connection to this object and allow the newly-created target mailbox to replicate back to the Exchange 5.5 directory. This process is successful only when the Primary NT Account of the source mailbox is a different account than the target AD account.
fix
You can resolve this problem by implementing a Mailbox PostProcess script to clear the primary NT account (Assoc-NT-Account) and the ADC Global Name (msExchADCGlobalNames) attribute from the hidden Exchange 5.5 mailbox.
To clear the values for these properties:
- In the Exchange Migrator Specify Migration Options wizard scripting window, select the following options:
- I will write VBScripts
- Include IADs pointers to objects - Copy and paste the following script in to the Mailbox PostProcess window.
*************************************************
CONST ADS_PROPERTY_CLEAR = 1
'Only use this line if your Primary-NT-Account on the 5.5 mailbox
'is the target domain Active Directory user account
sourceIADS.putEX ADS_PROPERTY_CLEAR "Assoc-NT-Account", 0
'Use these next two lines for all migrations
sourceIADs.putEX ADS_PROPERTY_CLEAR "msExchADCGlobalNames", 0
sourceIADS.setinfo
'*************************************************
When you run the migration, Exchange Migrator clears the property values and dissociates the source and target objects, allowing ADC to replicate the Exchange 2000 data back to the Exchange 5.5 mailbox. In this situation, you should also apply an LDAP filter to the Exchange 5.5-to-AD Connection Agreement to prevent the source object from replicating back to the target AD after the connection agreement is removed from the AD side using Exchange Migrator.
You can use the above ADS_Property_Clear script in conjunction with the ADC LDAP filter script. To do this, place all the property assignment statements (sourceIADS.put...) before the set information (sourceIADS.setinfo) command. The script then applies all the property assignments when the sourceIADS.setinfo command executes.
For more information about using the ADC LDAP Filter script, see the following NetIQ knowledge base article:
How do I configure an ADC CA LDAP filter?
https://www.netiq.com/kb/esupport/consumer/esupport.asp?id=NETIQKB4448
note
NetIQ Corporation provides scripts for Exchange Migrator only as a workaround. The scripts and any related documentation are provided "AS IS," and NetIQ Corporation makes no warranties with respect to the script, documentation, its use, or operation. NetIQ Corporation has no responsibility for any impact arising from your use of the scripts provided.
Please be advised that NetIQ Technical Support does not troubleshoot script issues. The script should be fully tested in your lab environment before using in any production environment. Please do not use this script until you are completely sure that it will work based on your complete testing matrix in your lab environment.
note
If you have a Native mode target Exchange environment that contains no Exchange 5.5 servers, you need to establish a connection agreement between your Site Replication Service (SRS) and Active Directory. The replication of the SRS connection agreement and the standard Exchange 5.5 directory replication should allow the objects to replicate back to the source mailbox correctly. For more information about setting up an SRS connection agreement, see the following Microsoft knowledge base article:
XADM: Mailboxes Do Not Replicate from Active Directory to Exchange Server 5.5
http://support.microsoft.com/default.aspx?scid=kb;en-us;300129
note
For more information regarding the msExchADCGlobalNames attribute, please refer to the following Microsoft knowledge base article:
XADM: A Description of the "ADC Global Names" Attribute
http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B316280
note
For more information about what ADC Connection Agreements are needed in an Intra-Org migration please see the following knowledge base article:
What Active Directory Connector (ADC) Connection Agreements (CAs) are needed for an intra-org Exchange 5.5 to Exchange 2000 migration?
https://www.netiq.com/kb/esupport/consumer/esupport.asp?id=NETIQKB5660