Cross Forest Migration Guide – Exchange 2010 to Exchange 2010

Posted on July 26, 2012 | Category :Cross Forest, Exchange 2010, Migration | 111 Comments


This Migration Guide will help you to migrate mailboxes across forest

Its always people go confused when source and target forests are Exchange 2010, I have tried to explain as detailed a possible and covered one method

where “Running .\PrepareMoveRequest.ps1 first and then using ADMT to migrate the Sid History” of the users

Please share your feedback in comments , So that I can update the guide frequently

so lets go ahead


Step 1:


Have Trust in place across forests , In my Situation I created Two way Transitive Trust where I won’t get into any permission constraints

Good to know : We can limit permissions by going for different type of trusts


See –

How to Create Two way Transitive Trust – Windows Server 2008 R2


Step 2:


You need Active Directory Migration Tool to Get your User accounts migrated without any hassle, You can install it in either of the forests but , Have installed in the target forest , where I will be doing most of my work


See –

How to install ADMT 3.2 in Windows Server 2008 R2



Step 3:


If you are planning to Migrate the User account with SID – Which is recommended – where users will still have access to their old forest where they will be recognized like

access to file shares and permission groups . So I would always recommend to get your SID along with the Users


If you are planning to Migrate Users with Password that doesn’t happen by default , You have to Configure “Password Export Server” in the source domain


See –

How to Migrate Users Across forest (Cross Forest) using ADMT 3.2 with sid and Passwords


Step 4:


Enable MRS Proxy on the Source Client Access Server which is going to Facilitate the Remote move from the Source Forest,

I have described Enabling MRS proxy where version is Exchange 2010 Sp1 or later cause enabling in RTM version differs



How to Enable MRS Proxy and Increase timeout In Exchange 2010


Step 5:

Ignore if you are not using a Self Signed Cert.


If you are using a Self Signed Certificate –Where Exchange servers won’t authenticate between each other

Because they won’t trust each of them

You got to Export the Cert from Source Exchange Server and import it on Target Exchange Server

Vice versa


See –

How to Export a Self signed Server Certificate and Import it on a another Server in Windows server 2008 R2


Step 6:


Check List

* Now Trusts are in place

* ADMT is installed on the Target DC

* MRS Proxy is Enabled on the Source Forest Client Access Server

* Admin User of the Target forest  is a member of administrators group in the Source forest – Add vice Versa

* If you are using Self Signed Cert – They have been Exported from the target and imported in source (vice versa)

* If you are planning to migrate passwords as well – Password Export Service is Configured and PES service is Started in the Source Domain


Before starting, There are many methods to Move mailboxes across forest .I will go for the Recommended one .

let us call this method as “Running .\PrepareMoveRequest.ps1 first and then using ADMT to migrate the Sid History


We will move one mailbox to get a Clear idea , Then we can go for Bulk Migration of mailboxes.

I always recommend to move few mailboxes . Test it as much as you can . they go for bulk migration


Step 7 :


Created a Test Mailbox – Mailbox1



Step 8:


First Store the Access Credentials in the Shell

Please don’t confuse yourself Here.

Am Running this on the Target Forest – $localCredentials Means the TargetForestCredentials

SourceForest –

TargetForest –

Please don’t forget to Type the DomainName\UserName (Note:If it fails with Error – Authentication Failed – Try Entering Domain.Com\Username ,.com or .local refers to your local domain)

$localCredentials = Get-Credential



$RemoteCredentials = Get-Credential

Means my Source Forest



Note : After Storing your Credentials – Do not Close Shell – You got to run the Future Command in the Same Power Shell Session


Step 9:


Now Preparing a Move Request

Browse your Exchange Management Shell into Scripts Folder in your Target Forest , Which will be in Exchange installation Location


.\Prepare-MoveRequest.Ps1 -Identity “EmailAddress” -RemoteForestDomainController “FQDN of Source DC” -RemoteForestCredential $RemoteCredentials -LocalForestDomainController “FQDN of Target Forest DC” -LocalForestCredential $LocalCredentials -TargetMailUserOU “Distinguished name of OU in TargetForest” –UseLocalObject -Verbose


Using –Verbose in the end of the Command

You can clearly see what are the Attributes its getting touched

Mail,Display name,Proxy address etc..




Now you can See a Disabled account which has been Created on the Specified OU




Step 10:


Now use ADMT to migrate the SID and Enable the Target Account which is “Mailbox1”  in my Scenario



How to Migrate Users Across forest (Cross Forest) using ADMT 3.2 with sid and Passwords


Now you can find the SID history of the account , Where you can confirm that you did things correctly



Now your AD account will get  Enabled



Step 11:


Now your Account with SID and password as been moved, But still your Content of the mailbox hasn’t moved yet. Which is moved my a remote as below


Now moving the mailbox using a Remote move request


New-MoveRequest –Identity ‘’ –Remote –Remotehostname ‘’  -RemoteCredential $RemoteCredentials –TargetDeliverydomain ‘




Now you can See a Remote move has been Completed




Now you won’t be able logon on the new forest directly as you required to change password as first logon

To avoid that situation



How to Disable “User must change password at next logon” after cross forest move using ADMT 3.2


Open Adsiedit –Set pwdlastset to –1



or just login to a client machine and change the password at first logon




Great !! you able to login in Target Forest Success fully !!


Step 12:


To Move the Users in Bulk



Cross forest Move Mailbox in Bulk – Exchange2010 to Exchange 2010


Step 13:

If you doesn’t want to share free/busy information as of now. Skip it

if you want to share Free/busy information between these forests. If source domain is always going to exist after migration . I would recommend to create Federation Trust which is free of service from Microsoft to share free busy information.


if you doesn’t want to go for Federation you can share free busy using below method


See –

How to Configure Cross forest Availability Service (Free/Busy,Auto discover) – Exchange 2010 to Exchange 2010

Step 14:

Please look into the below link for configuring Cross forest coexistence mail flow

How to Configure Cross forest connectors (Mail flow) Exchange 2010 to Exchange 2010



Happy Cross forest Migration !!

Hope I made as much simpler as I can !!


Thank you !!

Satheshwaran Manoharan

Exchange MVP , Publisher of
I have been supporting/Deploying/Designing Microsoft Exchange for some years . If you any Questions ?. Please share you thoughts via Comments.

LinkedIn Google+ Skype 

Comments 111

  1. Michelle Reply

    We have purchased another company. We will need to keep their old active directory up so they can log into a propitiatory application for a while until we get fully integrated.
    We both have Exchange 2010, we will be changing their email address domain as well as their logon usernames. What is the best way to go about this? Do we add their computers to the domain then move the mailbox and logon as them? What about their user profiles? Any recommendations are appreciated.

  2. 12/09/25

    Hi Michelle,

    Will you be getting rid of the Active directory of the company you purchased ?
    How many users are there ?

    If its less amount of users – You can move them to your own Company – Move their AD accounts – and re Configure their Outlook to Outlook anywhere profiles for the time being.

    Once all the applications are integrated you can rejoin the domain machines to your own domain

  3. Jim Robert Reply

    HI Satheshwaran,

    Thanks for sharing these useful and step by step process to migrate mailboxes. A migration process is really complicated procedure and requires lots of planning , efforts and times. In our case, we used a program ( )and successfully migrated our 1600 mailboxes with full accuracy and quickly. It saved our a lot of time and efforts by giving an opportunity to move multiple mailboxes at a time.


  4. Charlespanth Reply


    Thanks for this knowledgeable advice in which you have shared the things regarding cross forest migration from exchange 2010 to 2010. I had a similar kind of problem and I read your blog and used the tool named Lepide Exchange Recovery Manager and it solved my problem easily.

  5. mr. user Reply


    we also purchased a new company. Is it possible to keep the user account in Source Forest, but move only the mailbox to the Target Forest’s exchange Servers?

    If so, What extra steps are needed?

    • 12/11/29

      You will run only .\Preparemoverequest.ps1 with an Extra switch of -LinkedMailUser
      and move the mailbox using New-Moverequest

  6. Shabeer ahamed Reply

    After doing the mailbox move and updating the OAB, I still see the moved users as mail enabled contacts or users in the OAB. Even after updating the OAB, restarting the File distribution service, the icons for these users in GAL shows as contacts.

    I waitied for 24 hours and still no luck. How to resolve this.

    • 13/01/09

      How about OWA ? or Outlook in online mode ? Does that looks ok ?

      • Shabeer Ahamed Reply

        It was an issue with OAB generation which we ahve solved it and it appears okay after that.

        But the new issue is that outlook profile in cache mode doesn’t receive e-mail after cross forest mailbox move. It says outlook data file cannot be accessed.It works fine in online mode.

        Either we have to reconfigure outlook profile or delete the ost file and resynchronize it.
        How to do it for bulk users?

        • 13/01/10

          Yes It can’t reconfigure itself to the new user , You got to do it manually.

          Or you got to get in touch with a Group Policy Expert to Reconfigure it on Bulk.

          but machines will be joining in the old domain right ? so you planning to join to the new domain later ?

          and to use Outlook anywhere for the mean while ?

  7. Cody Reply

    If I wanted to migrate a separate forest into an existing forest and used this guide, would users maintain email addresses for both domains (source and target) and still have access to their email as the system performs a remote move? I’d think they would have access to email as it does a remote move (as it does with a local). I will have a need for the users from the source domain to receive email from the old domain name after everything is done.

    The source domain as a windows infrastructure will go away but we will retain the domain for email routing purposes.

    • 13/03/12

      In that case . you have to move your mailboxes from Forest 1 to Forest 2 . but not the active directory accounts.
      Once you feel Migration is done. you have to move your AD accounts.

      This procedure is different. for your requirement.

      Resource Forest
      Each mailbox in the Exchange forest must have a corresponding user in the account forest, which is granted access to logon to the mailbox. This is referred to as a “Linked Mailbox”.

      • Cody Reply

        That doesn’t make sense to me. The last time I moved from one forest to another it was 2010 to 2007 and by default all of the old domain SMTP addresses and even the X400/X500’s stayed in place. The only way to get rid of them was manually. I still have users in my current forest with old SMTP addresses from an older domain. I didn’t have to break apart the migration for that.

        When the trust is in place, can’t I just add the source domain as a domain in the target domains “accepted domains” list in Exchange? Then can the source’s mx records be pointed to the target domains HUB?

        That document references a hybrid configuration with co-existence. Is that what you are referring to? Having enabled and disabled users and maintaining information in both domains?

        That resource forest method doesn’t sound like what I am in need of. We don’t want to maintain the other (source) domain. We will be moving everything as quickly as possible and in the order recommended by ADMT (groups in certain order, user/email accounts, and finally computer accounts, etc).

  8. Cody Reply

    It seems there is a way to get this done without having to use a different method —

    I should be able to use cross-forest connectors.

    Have you used this method?

  9. ROBIN Reply

    thanks a lot for posting this article .. superb one

  10. 13/04/02

    This is very very usefull document. Thanks for your post

  11. Cody Reply

    Just wanted to let you know the cross-forest exchange connector works great. I have two separate forests with a bi-directional transitive trust in place. I setup that connector and if we move a user from the one forest into the one we are migrating to, they keep their email address and can still receive mail at that address.

  12. Loon Reply

    Great job on this process and sharing with the greater community !

    Your order is this:

    1 – prepare mailbox
    2 – Run ADMT on account for SID migration
    3 – Migrate mailbox

    I found that with a target Exchange 2013 forest from a source Exchange 2010 forest migration worked out in this order:

    1 – prepare mailbox
    2 – Migrate mailbox
    3 – Run ADMT on account for SID migration

    It seems that using the built in Exchange 2013 GUI migration tools, I can’t migrate the mailboxes after they have had ADMT run on them, probably because ADMT turns them into full blown Exchange mailboxes.

    Can you add to this ?

    Cheers !

    • 13/04/16

      Hi Loon,

      I haven’t started testing cross forest migration with Exchange 2013 yet.

      Once I post an article. I would add to this soon.

      thank you for your comments. It will be useful for me.

      • Lukas Reply

        Thanks Loon – I had the same issue as you (cross-forest migration from Ex2010 to Ex2013), and your post is correct.

  13. Cody Reply

    This guide for moving users does work great for me. The only thing out of the guide that didn’t work was the free/busy sharing. I can live without that though to be honest, since the users will be in the same forest in the end and cross forest sharing won’t be required at that point.

    Good article Satheshwaran! Much easier on the eyes that how Microsoft has it laid out on TechNet.

  14. sonik Reply

    Hi, When I run step11 powershell command, I have this error,I installed all of certificates in both of forest exchange server :(
    The call to ‘https://exc.mydomain.local/EWS/mrsproxy.svc’ failed. Error details: Could not establish trust relation
    ship for the SSL/TLS secure channel with authority ‘exc.mydomain.local’. –> The underlying connection was closed:
    Could not establish trust relationship for the SSL/TLS secure channel. –> The remote certificate is invalid according
    to the validation procedure..
    + CategoryInfo : NotSpecified: (0:Int32) [New-MoveRequest], RemoteTransientException
    + FullyQualifiedErrorId : 5695ADBE,Microsoft.Exchange.Management.RecipientTasks.NewMoveRequest

    • 13/05/15

      if you have .local domain . it might give out issues like this .

      Make sure if your using a cert. see it does have a .local entry.

      or you might have to use a self signed cert for moment to verify it does work or not\

      hopefully MRS proxy is already enabled,

  15. IT_Vision Reply

    Hello Satheshwaran,

    Would you please clarify something for me.

    We are looking to perform a cross-forest mailbox move from Exchange 2010 to Exchange 2010. We have a forest trust in-place. My question is, we initially utilized GALSync between the two forests to bring over contacts information. So in the destination forest we have “Cross-Forest mail contacts” in Exchange from the source forest.

    We are only looking to bring over the users mailbox over to our environment.

    1. The user account will remain in the source forest so I wanted to make sure we will not run into any issues with having the cross-forest mail contacts already in place.

    2. Is ADMT still needed if the users account is going to remain in the source forest?

    3. When the mailbox is moved, and the users account remains in the source forest, how do we get the user account over to the new forest when that time comes, and how does it changed from a none-linked user mailbox?

    Any help on the process we look to do is greatly appreciated.


    • 13/06/05

      1. you wont run into any issues

      2. ADMT is not needed in the initial move.

      3. We are building a , Resource forest.

      Just scroll up , and see . mr. user (Edit)

      This question is already answered

  16. Siim Reply

    Hi Loon!

    We are also doing cross forest migration from Exchange 2010 to 2013. Tried this order – prepare, migrate, run ADMT, everything works, no errors. But in the end we have a mail user under contacts in Exchange Admin Center instead of having normal user. Did you have this problem? Any hints are highly appreciated!

    • 13/06/15

      I feel once you prepare move . a disabled account is created

      Once you migrate using ADMT make sure . The same account gets enabled and activated.

      Thank you

  17. Siim Reply

    Hello Satheshwaran!

    Yes, everything is OK with user accounts under AD Users and Computers, first the account is disabled, and later after ADMT it gets enabled. But my problem ist that in Exchange Admin Center this new user appears under contacts, not under mailboxes as normal user should. Actually this contact appears right after running PrepareMoveRequest.ps1 script which is starnge because mail-enabled user shoult be created.

    • 13/07/16

      Are you sure you are running on a fresh user. who doesnt exist in the destination forest at al ?

  18. sony Reply

    Instead of Two way Transitive Trust, can we have one way trust between forests?

  19. sony Reply


    I would also like to know the procedure for cross forest migration from 2010 to 2013. Please help.

  20. Fabian Hernandez Reply

    First of all, Thank you for your detailed post!

    My question is, Will migrating the SID of users make it so that when the workstations are migrated to the new forest, the users keep access to the same user profile on the workstations?

    • 13/08/06

      HI Fabian,

      SID migration is Recognize the Migrated users ..In giving access to fileshares and stuff.

      But recreating the profile is must. We cannot skip it.
      Unjoin and join to new domain

      • Fabian Hernandez Reply

        Thanks for the quick reply!

        Just so im clear, After Disjoining old domain and rejoining new domain with the workstation, The local Workstation profiles will be rebuilt even if user SID is migrated? or will the user see their same profile on the workstation?

  21. Fabian Hernandez Reply

    Yet Another question. Should we take the same precaution in moving distribution groups and security groups? Exchange migration first by prepare move script and then admt?

    My plan was just to move the distribution groups in AD and then re enable them as mail distribution lists. Is that a sound thing to do?

  22. Nathan Reply

    Hi, I have found your site because I am having problems moving mailboxes from one forest to another, after doing prepare-moverequest and ADMT to take over SID. These stages work great and new AD account appears with SID history and all other attributes. But the New-move request wont bring across the mailbox. It is saying: The Target mail user doesn’t have an SMTP address that matches the taget delivery domain.

    I have verified all your steps:
    Certs aren’t self signed

    Am at a loss…

    We are migrating from Exchange 2010 SP2 to Exchange 2010 SP3
    Is this the problem?
    Any help appreciated..

    • 13/08/21

      This happens because of missing proxy address . In the command change the target delivery domain to your source domain . And change the destination email address later .

  23. Fabian Hernandez Reply

    How would we include or also migrate users archive mailboxes ? Would it be easier to migrate it through the exchange mmc? Our users online archives are in a separate DB then the mailboxes. Do you perhaps have a write up somewhere or a good link to a document on the procedures?


  24. Taksaka Reply

    Hi, how to migrate Distribution list with all of the mail attribute ? Without migrate mail attribute when users open old email to distribution group and reply that email, they receive undelivered message.

  25. Marco Reply

    Hi, thanks for the beautiful article but I think that I’m missing something.
    The Prepare-MoveRequest goes like descibed (output: 1 mailbox ready to move), ADMT migrate what needed but doing the move request I recive this message:
    —The target recipient “recipient” must be a mail-enabled user when the primary mailbox is moving cross forest.—
    Have you got any idea about this problem?
    I have tryed with different user but no luck.
    Thanks for your time and your help.

    • 13/09/18

      I feel while using ADMT , you are not enabling the account Marco.

      Once using ADMT , make sure migrating account is getting enabled

  26. Steve lindsey Reply

    Hello, & thank you for this nice little nugget of knowledge.

    I have been given a task of migrating Exchange from 1 domain/forest to a completley new Forest/Domain

    the new domain is in place, & i have the trust setup between both. I used the ADMT to copy the OU structure, groups, Users, group memberships, SID history & Passwords. all of it is working nice.

    Nowi have to migrate Exchange over. The Source environment is Exchange 2010 (not sure of the SP at the moment.) & the new Target environment is Exchange 2013.

    I know little to nothing about exchange, but if i use the scripts to add the attributes to the target users, & then the script to move the mailboxes. What would be the state of the mailboxes on the Source? would users still be able to use exchange over there? or would they be forced to use the new domain/exchange environment.

    What i want to do is prevent ANY changes to the source environment, as it must stay prestine for quite some time. When we fully transition EVERYTHING to the new domain/forest we will then run for about 6-12 months using the new environment ONLY & the trust between each will be severed once that initial cut over takes place, but the data will remain intact over there…Just in case we ever need to go back to the old model. Once the 1-2 year span is over, i assume our offshoot will then begin removing/deleting/cleaning up the items & data we left on their environment

    thank you in advance for your response.

    • 13/11/23

      If you just migrate the Data . They will still stay there.
      But once you migrate . You got to change the mail flow to the new environment.
      As your data gets old . as they are going to keep on receive new mails on the new environment

  27. Paul Reply

    How does the situation change if the users in one Forest are in a different SMTP domain and need to stay in the different domain?

    • 13/12/08

      Yeah that’s the same . Still they will need the old proxy address added . So that they can reply their old emails

  28. Danish Khan Reply

    Dear Satheswaran,

    Thanks for your article and i need your support regarding Cross Forest Migration between 2010 to 2013 Exchange server. Shall i used the same steps of there is any change as the in my scenario the source is Windows 2008 R2 Domain Controller and Exchange 2010 mail Server and Target is Windows 2012 DC and Exchange 2013 Mail with 2 CAS and 2 Mailbox with DAG.

  29. Martell Reply

    Hi and a happy new year!

    Thanks for these good suggestions! I have a little bit different situation – we need to separate a small bunch of users into another domain in another forest. But their mailboxes have to stay into the same Exchange 2010 server (where they are already within the existing domain). So we need to move the AD accounts away to the other DC and re-map those accounts within the existing Exchange server to the new trusted AD accounts. How could that be achieved in the right way?

    • 14/01/06

      Exchange mailboxes and AD accounts have to be in the same forest .

      You can take the accounts migrated like a copy of it . and have a GAL sync .
      So that AD accounts used is destination forest for – system login
      AD accounts for email password will be different.

  30. Danish Khan Reply

    Dear Satheswaran,

    Hello and Happy New Year, this is my second email regarding the same subject I follo your article each and every step is successfully done but after running the move command I face the below error and there is no such article or help available on the below error please let me know if you have any idea on the below error

    The call to ‘’ failed. Error details: Could not establish trust
    relationship for the SSL/TLS secure channel with authority ‘’. –> The underlying
    connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. –> The remote
    certificate is invalid according to the validation procedure..

    • 14/01/06

      make sure the server entry is available on the cert . otherwise its not going to trust each other .

  31. Daniel Rosa Reply

    I’m moving Exchange 2007 to Exchange 2013 intra forest, but on user I received the error:
    SkipFolderPromotedProperties, WordBreak
    FailureCode : -2146233088
    FailureType: NonUniqueRecipientException
    FailureSide: Target
    Message : Error: Multiple objects with Sid S-1-5-21-2308973541-373552077-3909921197-2649 were found.

    Can you help me Satheshwaran Manoharan?

    Tks Daniel

  32. Dave Kings Reply

    First, thank you for this post. I’m have some some issues, I am getting the following error, ”

    “This task does not support recipients of this type. The specified recipient destination.local/Imported Users/Dave Test is of type UserMailBox. Please make sure that this recipient matches the required recipient type for this task.

    Well in the source domain it was mailbox enabled. I’m not quite sure what I’m missing.

    Environment is Server 2008 R2 Exchange 2010 SP3 to new forest with same configuration. Account are migrated with ADMT, passwords and sync’d and “merge” is selected within ADMT. What do I need to look for.

    Many Thanks, Dave

    • 14/02/26

      Can you check — Get-mailbox “Problematic mailboxname” | Fl

      Check for receipient type details. “Make sure its user mailbox”

  33. Ashish Reply

    Hi Satheshwaram,

    This is one of finest articles I have seen on Exchange cross forest migration. Great work.

    Will this approach work for exchange 2007 to 2007 as well. In the target forest the we have upgraded the Cas server to 2010 as we are using quest for legacy lotus notes connectivity.

    Also what happens to free/ busy and resource booking. Is there additional steps required for that.

    This is merger situation where we only want to migrate the mailboxes to new forest the users will remain in the same forest.


  34. DPenneman Reply

    This will also work mostly for a Exchange 2003 cross migration also. Just a few little tweaks. Use the -remotelegacy switch during the move. Also during the new-moverequest use -baditemlimit 150 -acceptlargedataloss or a lot of mailboxes will fail after hours of waiting for them to move.
    On the target server make sure the mailbox quota is larger than what you are moving.

  35. MUSHTAQ Mondal Reply

    Excellent. .extensive helpful n handy. .Appreciate your efforts.

  36. Rait Reply

    I have problem with New-MoveRequest.
    It gets error “THe target mail user “xx” doesnt hav an SMTP address that matches the target delivery domain”.

    I did :
    1. Made all your steps
    2. Add Target Exchange sourche exchange domain to be trusted.

    What I should to step by ste to get mailboxes moved ?

  37. Riaz Javed Butt Reply


    I am following the steps that you recommend for the cross forest migration. I am able to successfully run prepare-moverequest script along with the required parameters. Successfully migrated the user account using ADMT along with SID and password history from source to target forest. but when i run the new-moverequest cmdlet i am getting the following error message.

    “The Target mail user “” doesn’t have and SMTP address that matches the target delivery domain “”

    Kindly if it’s possible for your then reply on my email ID. thanks…

  38. Mohan Reply

    Hi Sathesh, I followed all your steps for cross forest migration (Exchange 2010 SP3 to Exchange 2010 Sp3). when I do new-move request, am getting “doesn’t have an SMTP address that matches the target delivery domain” error but mail enabled contact is created already. please advise.

  39. Mohan Reply

    I was able to move mailboxes before suddenly got the above said error

  40. Mohan Reply

    Hi Sathesh, found the problem.. it was with primary SMTP address in email contact.

  41. Kenneth Reply


    I get this :( please help…..

    The call to ‘https://exchangeserver.domain.local/EWS/mrsproxy.svc’ failed. Error details: The remote server returned an unexpected response: (405) Method Not Allowed. –> The remote server returned an error: (405) Method not allowed…


    • Kenneth Reply

      When executing:

      New-MoveRequest -Identity ‘’ -Remote -Remotehostname ‘exchangeserver.domain.local’ -RemoteCredential $RemoteCredentials -TargetDeliverydoman domain.local

    • 14/07/22

      You enabled MRS proxy ?

      • Mugundhan Reply

        Hi Satheshwaran,

        I am also getting the following error while creating new move request.https://exchangeserver.domain.local/EWS/mrsproxy.svc’ failed. Error details: The remote server returned an unexpected response: (405) Method Not Allowed. –> The remote server returned an error: (405) .

        When i tried to open the above url in the source url, i am getting 404 error. But am able to successfully open the same url in the target exchange server.

        Kindly assist me in troubleshooting the issue

        • 15/01/17

          Make sure you are entering the right credentials.

          Try restarting replication service. or restarting the source Exchange server may help.

  42. MAJID Reply

    Hi my friend,
    Thank you for this training.
    I have a problem with download Password Export Server 3.1 x64. Would you please send me this software by email or upload to another place for download.
    Thank you

  43. Sandeep Singh Reply

    Thanks for this great article. Getting some issues, Please help out.

    While executing
    New-MoveRequest –Identity ‘’ –Remote –Remotehostname ‘’ -RemoteCredential $RemoteCredentials –TargetDeliverydomain ‘
    it end up with below error. I have already enabled MRS Proxy on source CAS and increased the data import time out to 20.

    The call to ‘https://path/EWS/mrsproxy.svc’ timed out. Error details: The request channel timed out attempting to send after 00:00:00:0000005. Increase the timeout value passed to the call to Request or increase the SendTimeout value on the Binding.

    one more error: could not establish trust relationship for the SSL/TLS secure channel with aurthority ‘FQDN of source domain’

  44. Hadi Byron Reply

    Hi Satheshwaran,
    thank you for the valuable info presented.
    my question is , when I moved users to the target forest ( exchange 2007 to exchange 2013) using (prepare move, ADMT, move mailboxes) i have noticed that the users in the target forest don’t have GAL or address book. how to create a GAL for them inorder to be able to use it to exchange emails with other users not migrated yet in case of co-existance.
    Thank you in advance

    • 14/08/28

      same domain ? Same domain name space sharing ? –

      • Hadi Byron Reply

        different domain, same domain name space sharing

        • 14/08/28

          You should introduce one more SMTP domain
          Source Domain where MX is hitting.
          Mailbox in Target — Create Contact – Target Address to Target domain
          Target Domain
          Mailbox in Source – Create Contact – Target Address to Source domain

          Manual GAL SYnc
          Or check for any 3rd party tools like GAlsync

  45. Talha Malik Reply

    Satheshwaran Manoharan

    Hi, I have go through your document its very help full for me to perform cross forest migration but i need to do the cross forest migration from Exchange 2010 to Exchange 2013 so steps & sequence are little bit change
    Step 1
    Step 2
    Step 3
    finally run ADMT tool to migrate sID History

    Additionally, if new-moverequest failed with error failedother after completion 95%
    then we need to run
    set-moverequest -identity maibox -baditemlimit=1
    resume-moverequest -identity mailbox
    now mailbox move to exchange 2013 successfully.

    I have done this in production environment and its worked fine.

    • 14/09/02

      Thank you for Sharing . Currently am working on this . Hopefully I should post it soon, Wish you a good day.

  46. Saeed Khalifi Reply

    hi & thanks for this great article, really enjoyed readin’ it.
    got a couple of questions here.
    our target domain is (netbios name: 123xyz), our target domain is (netbios name: 123zyx.
    1. can we issue forest trust? (hence the netbios names of domains)
    2. can we migrate from ex2010 to ex2013SP1 in this scenarion? or does this work on just EX2010 cross forest migration?
    thanks in advance

  47. Anthony Obando Reply

    Hi Satheshwaran,

    I’ve follow the whole steps – my scenario is cross-forest exchange 2010 mailboxes to exchange 2013.

    Have one mailbox in Queued status but i dont see anything running either management console on 2010 or 2013.

    Am I missing something?

    Thank you

  48. Jason Lawrence Reply

    Hi Satheshwara,

    Great article!

    I’m having a bit of an issue with cross forest 2010 – 2010. After I move accounts via ADMT the account in the new forest isn’t enabling and i’m receiving an error about password requirements when i try and enable it. Step 9 seems to go fine so not sure what i’m doing wrong?

    Any help would be great! Thanks

    • 15/01/17

      In the Group Policy make sure the password complexity is matching between the domains.
      For Example – Source domain may allow 3 letter passwords
      but target forest may not allow it.
      make sure it matches.

      • Jason Lawrence Reply

        I did check and the password was well within requirements.

        Oddly enough it worked if i changed the order to:

        Prepare mailbox
        move mailbox

  49. Felix Reply

    Hi Manohran,

    i am having an issue accessing a mailbox after cross forest move. trust is in place and networking is fine between the two forests. the user account of the mailbox moved is to be retained in the source forest, so the -linkedmailuser switch was used to prepare the move. the disabled account created in the target AD forest is still disabled. please assist.

    • 15/01/20

      Try reseting the password and access it.
      If its not listed as a mailbox both the ends. please check your event viewer. let me know what it says.

      • Felix Reply

        Hi Manoharan,

        issue resolved. reset the password and was able to access it.

        i have another concern, what happens to mail enabled groups on the source exchange by the time the mailboxes in the group are moved to another exchange organization. will the users still receive group emails or is there anything to be done to address this. Note that in this scenario, the source AD is still in use.

  50. Shashank Kudi Reply

    Hi Satheshwaran,

    Thanks for sharing such great information. Requesting you to please help me out for below scenario.

    Source Exchange 2010 SP2:-
    2AD, 2CAS & 2 MBX servers
    Database:- 4
    Total Users :- 3500
    Accepted Domains :- 8
    Total Data:- 5TB +

    Target Exchange 2010 SP2:-
    Resource allocated same as above.
    Now we have to migrate users along with data to target forest keeping both setup live, as moving 5TB + data will be a ongoing process and the same will take some time.

    With your guidelines we are able to migrate test users along with data, but after migration the migrated user is not able to connect through MS Outlook even not able to login into OWA. It gives error “The Outlook Web App address is out of date.”

    Kindly suggest,

    Kindly let me know if you want any more information from our end.

    Thanks in advance.

  51. Mugundhan Reply

    Am getting this error “the target recipient must be a mail enabled user when the primary mailbox is moving cross forest” after running new-move request. Can you please advise on the same.

  52. shafeek Reply

    awesome article!!!!!

    Can I use digital certificate on both forest to authenticate between each other (it doesn’t contains server name space on digital certificate but domain name persist on both certificate). If no, is it required to export certificate from all CAS server (forest A) and import into all CAS servers in forest B (vice versa);
    Thank you in advance!!!!!


  53. sandip Reply

    Great article !!!

    It really clear my concept about cross forest migration

    Hope to see more posts like this :)

Leave a Reply

Your email address will not be published.


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Current ye@r *

Visit Us On TwitterVisit Us On FacebookVisit Us On Google PlusCheck Our Feed