Cross-forest migration from Exchange 2010 to Exchange 2019/2016/2013

I. Pre-migration activities

Before you install and configure CodeTwo Exchange Migration, make sure that your environment (both the source and target server) is prepared for migration and that you meet the system requirements.

Below you will find the list of key points to be considered:

Step 1: Prepare a clean target Exchange environment in a new Active Directory forest

The following points need to be revised:

Learn more about the above in Exchange 2016 and Exchange 2013.

Step 2: (Optional) Enable the two-way trust relationship between the forests

Learn more about creating a forest trust on Windows Server 2008 R2 and 2012.

This step is not necessary but recommended. Trust setup process will most likely reveal any issues you would otherwise find only during the actual migration and, of course, it is better to address those before starting the migration.

* Please note that setting the trust relationship doesn't apply to SBS based environments.

Step 3: Configure mail flow between the source and the target server

  • Configure Send and Receive Connectors on Exchange 2010.
  • Configure Send and Receive Connectors on Exchange 2013 (default Receive Connector is typically created during Exchange Server installation process)
  • Configure Send and Receive Connectors on Exchange 2016 and 2019 (default Receive Connector is typically created during Exchange Server installation process)

Step 4: Prepare domain accounts on the target server

  • Migrate domain accounts between the Active Directory forests. You can do it automatically using Active Directory Migration Tool (ADMT) or create the accounts manually in the target forest.
  • During the mailboxes matching step, you can also set the program to create the mailboxes and the corresponding users automatically.

    Important

    Please be aware that prior to migration you have to prepare (in the target environment) a mailbox-enabled user account for each user included in the migration.

    What is more, if you choose either to manually create the mailboxes or allow the program to prepare them for you, be advised that the account data (such as permissions) will not be migrated.

    If you are migrating archive mailboxes (In-Place Archives), you need to enable them manually in your target environment. See this article to learn how to do this.

    If you have already created new mailboxes on your target Exchange Server, it is possible to hide them from the GAL (e.g. to prevent your users from sending emails to them until the migration is finished). These mailboxes will be still visible in CodeTwo Exchange Migration and the migration will proceed as usual.

Step 5: Make sure that the account used to connect to the source server belongs to the appropriate AD group or has the necessary roles assigned, and that it has its mailbox configured correctly

If you use Exchange Server 2010 without SP1:

  • Check if the selected account belongs to the Organization Management group.
  • Ensure that this account has a valid, non-hidden mailbox on the source Exchange server.

If you use Exchange Server 2010 with SP1 installed:

  1. Check if the source admin account has the following management roles assigned:
    • ApplicationImpersonation
    • View-Only Configuration
    The program will check if these roles are assigned to the admin account during the Configuration step of the Source server connection wizard. However, before you even start the program, you can manually:
    • check which roles are assigned to a specific user. To do that, run the Exchange Management Shell on the target server and enter the following cmdlet: Get-ManagementRoleAssignment -RoleAssignee “UserName”, where instead of UserName you need to enter a valid Name or Alias of your mailbox-enabled AD user; or
    • check which users are assigned a specific role. To do that, run the Exchange Management Shell on the target server and enter the following cmdlet: Get-ManagementRoleAssignment –Role “RoleName”, where instead of RoleName you need to enter a specific role, e.g. ApplicationImpersonation.

    If any required roles are missing, you can either assign them manually, following the steps described in this KB article or let the program assign them for you in the Configuration step of the connection wizard.

  2. Ensure that the UPN has been defined for this account
  3. Ensure that this account has a valid, non-hidden mailbox on the source Exchange server.

Info

UPN (User Principal Name) is the name of a system user in an email address format. Learn more.

Step 6: Verify the configuration and rights of the admin account that will be used to connect to the target Exchange server

Make sure that the target admin account is assigned the necessary management roles and that this account is mailbox-enabled.

Verify the following:

  1. Check if the target admin account has the following roles assigned:
    • ApplicationImpersonation
    • View-Only Recipients
    • View-Only Configuration
    • Public Folders*
    • Mail Recipient Creation*
    • Mail Recipients*

      Important

      Please note that the Public Folders role is only required if you plan to migrate public folders. Moreover, the Mail Recipient Creation and Mail Recipients roles are required to create new users and mailboxes. Therefore, it's not required to assign them to the admin account if you are migrating data to the mailboxes that already exist on the target server.

      Go back to Step 5 above to learn how to check whether these roles are assigned and, if necessary, how to manually assign them. Keep in mind that the program will do that for you during the Configuration step of the Target server connection wizard.
  2. Access to the target server's EWS service using IP or Domain Name, e.g. https://[Exchange_IP]/EWS/Exchange.asmx or https://[Exchange_Name]/EWS/Exchange.asmx
  3. To connect to EWS from the outside of the local network you need to have the external EWS URL correctly configured:
    • Open the Exchange Management Shell on the target server and check if the ExternalUrl is defined: Get-WebServicesVirtualDirectory | fl
    • If there's no address in the ExternalUrl line it needs to be defined. Execute the following script: Get-WebServicesVirtualDirectory | Set-WebServicesVirtualDirectory -ExternalUrl https://[Target server's internet name]/EWS/Exchange.asmx

Step 7: Adjust the EWS throttling settings and change the maximum size limit of sent mail to decrease the time of migration processing

Step 8: Install and activate CodeTwo Exchange Migration

The program needs to be installed and activated on a machine within the source server domain.

The following additional components will also be installed, as they are required for CodeTwo Exchange Migration to run properly:

  • .NET Framework 4.6.1 or higher (required on all systems),
  • Windows PowerShell 3.0 (required on all systems),
  • MAPI CDO (MAPI Client and Collaboration Data Objects; required on all systems, except for systems with coexisting 32-bit MS Outlook 2013 or older).

The installation wizard will guide you through the whole installation process. After the installation is finished, remember to activate the program

II. Migration process

The steps below will guide through the correct configuration of CodeTwo Exchange Migration.

If you would like to perform a migration by using a CSV file containing source and target mailbox pairs, follow the steps provided in this article. Once you import the CSV file, go to step 4 below to continue configuring your migration job.
 

Step 1: Connect to the source server

Important

Make sure that the software user who runs the migration is a local administrator.

When you start the program, you will see the Dashboard tab. Click Create a new migration job link on the How to start card. Select the source server type: Exchange Server. The Create Exchange migration job wizard will open. Set the name of the job and click Next to go to the Mailbox types step. Here, select if you want to migrate primary mailboxes, archive mailboxes or both.

Proceed to the Source mailboxes step. If this is your first migration job, you will need to configure a connection to the on-premises Exchange Server that will be used as the source of your migration. Click Add new source connection in the Source server drop-down menu and a wizard will open. First, choose a protocol which you want to use to connect to the source Exchange Server: EWS or MAPI.

Important

You need to choose the MAPI protocol if you connect to Exchange 2010 without SP1. Otherwise, you should use EWS.

If you want to configure a connection to the source Exchange Server via EWS, you need to complete these three steps:

  • Server connection – here you can allow the program to automatically recognize the Exchange Server located within your network or select it manually from the picker.
  • Admin account – in this step, you need to provide the UPN and password of the account that will access the source Exchange server. By default, the currently logged administrator's email address is filled in automatically. However, you can change it by clicking Browse and selecting another user's email address from the picker.
  • Configuration – this process configures the source Exchange server connection and checks whether the account provided in the previous step has the necessary roles assigned. If not, the program will attempt to assign them automatically. In such a case, you might be asked to provide the credentials of another account that belongs to the Organization Management role group. This account will not be used to connect to the source server, but only to assign the missing roles.

If you migrate via the MAPI protocol, you need to go through the steps below:

  • Server connection – here you can allow the program to automatically recognize the Exchange server located within your network or select it manually from the picker.
  • Service account – in this step, the program creates a service responsible for accessing mailboxes selected for migration. As the service works under the administrator's MAPI profile, enter the administrator's email address and password. By default, the currently logged administrator's email address is filled in automatically. However, you can change it by clicking Browse and selecting another user's email address from the picker.
  • Configuration – this process configures your source server connection based on the entered settings.

If all data has been correctly entered, your source server mailboxes will be visible in the program.

If any errors appear, see Troubleshooting

Step 2: Select mailboxes you want to migrate and define target connection

After successfully configuring the source connection, you will get back to the migration job wizard.

The Source mailboxes step now allows you to include or exclude mailboxes by using multiple filters. You can, for example, include all users' mailboxes from a particular Organizational Unit or Active Directory group. By default, the program includes all users along with the Public Folders, because it is a most common scenario. Choose the mailboxes you want to migrate and proceed to the next step (Target mailboxes).

Now, set up a new target server connection by choosing Add new target connection from the Target server drop-down menu. A simple wizard will open.

  • In the Server connection step, choose either Autodiscover Exchange Server (default option) to automatically find the proper target server or configure the connection manually.

    Warning

    If you decided to configure the target connection manually, be aware that using an IP address will make granting impersonation rights and creating mailboxes impossible unless you configure PowerShell Virtual Directory in IIS to allow basic authentication.

  • Admin account – provide a valid UPN and password of the account that will access the target server (remember that the admin account must fulfill the requirements specified in I Pre-migration activities, Step 6). Click Next to move on to the Configuration step.
  • Configuration – this process configures the target Exchange server connection and checks whether the account provided in the previous step has the necessary roles assigned. If not, the program will attempt to assign them automatically. In such a case, you might be asked to provide the credentials of another account that belongs to the Organization Management role group. This account will not be used to connect to the target server, but only to assign the missing roles.

Once the configuration ends successfully, you will see green check marks. If any errors appear, see Troubleshooting.

After your connection is established, click Finish and proceed to the next step (Match mailboxes).

Step 3: Match source and target mailboxes

Matching the source mailboxes with the target mailboxes can be done automatically, by using the built-in automatch feature, or manually. We suggest that you start off by matching mailboxes automatically and modify the automatch settings if not all the mailboxes were matched in the first run. Use the manual option only if there are any mailboxes left unmatched after several automatch runs with a different configuration of the automatch mechanism.

To match mailboxes automatically, click the Match mailboxes button. In the window that opens, click Automatch > Automatch all mailboxes or select the mailboxes you want to match and click Automatch > Automatch selected mailboxes. Configure the automatching mechanism and click Automatch to start the matching process. If not all the mailboxes were matched, modify the automatch mechanism and run it again. Repeat this as many times as necessary.

Read more about the default configuration of the automatch mechanism and how to customize it

If any source mailbox is left unmatched despite several attempts to match it automatically with different automatch settings, match it manually.

Note that you can set the program to create target users and primary mailboxes on your Exchange server, whether you’re matching mailboxes manually or automatically. Learn more

When you have matched all your mailboxes, save your configuration and close the matching window. Continue with the migration job wizard. The next steps will allow you to configure additional options.

Step 4: Customize all necessary aspects of the migration job

You can configure the following additional options:

  • Scheduler - allows you to set the job to be automatically started in the desired time periods, so you do not have to control it manually.
  • Time filter - is used to exclude items that are older or newer than a particular date
  • Folder filter - may completely exclude specific folders from the migration process
  • Advanced settings - provides an option to define how many mailboxes should be migrated at the same time. This number should correspond to the number of logical processors. You can also define the maximum size of items to be migrated.

Step 5: Start the migration

Move on to the JOBS tab and click Start on the toolbar to begin the migration.

Info

The migration processing time depends on several different factors, e.g. the number of mailboxes and items, the speed of internet connection, EWS throttling settings. We have published more details here.

Step 6: Check if the number of migrated items in the target mailboxes matches the source server mailboxes

If you notice any missing items in the target mailbox restart the migration by using the Run delta migration option.

Important

Please be aware that the program does not migrate some specific folders at all. Those are i.e. Sync Issues or ones created while putting a mailbox on litigation hold.

Info

If any problems appear during the migration process, they will be indicated on the dashboard, pointed out in the reports and logged in the log files. Check out the software's diagnostics.

Step 7: Check if there are any new items in the source mailbox after migration

Once the migration is finished and you have noticed that some new items appeared in the migrated source mailbox, just restart the migration by using the Run delta migration option. Please keep in mind that this feature migrates only new items, not the modified ones. Delta migration can also be used to resolve issues with any items that failed to migrate on the first attempt.

III. Post-migration cleanup

Once the migration is completed, please follow the points below:

Step 1: Change DNS records (MX, Autodiscover)

You need to change MX records to enable mail flow to new servers. Additionally, you should also set up Autodiscover record to facilitate connecting migrated mailboxes with a mail client (e.g. Outlook). Detailed information on how to do so on Exchange Server 2019 and 2016 can be found in this Microsoft article. Please note that this process may take several hours.

Warning

If any new items appear in a source mailbox while the MX records are being changed, it is possible to migrate these items after the records migration process is completed. It can be done by using the Run delta migration option.

Step 2: (Optional) Decommission Exchange

Follow the instructions provided in this Microsoft article to learn how to uninstall Exchange Server 2010.

Step 3: Outlook profiles

If your Outlook has problems connecting to the new Exchange server, you need to create a new Outlook profile for each user in your domain. You can do it using a GPO or Microsoft Intune.

IV. Troubleshooting

For troubleshooting information, refer to our Knowledge Base.

For additional resources, refer to Frequently Asked Questions or contact us.

In this article

Was this information useful?