Thanks Jeff, Yesterday, we tried Migrate Computer -> Migrate Security Translation -> Migrate Users, and that didn't seem to quite work. Desktop users got a brand new windows profile. Our theory is that the correct order for us may be Migrate Computer-> Migrate User -> Migrate Security Translation. Perhaps because we did Sec.Trans. Before user, there wasn't a destination account to translate the profile to. (If that makes any sense).
Big thing with migrated users and mailboxes is that the client permissions on the mailbox seem to lack the "Self" user with rights to "delete mailbox storage" and "full mailbox access" rights. At least, this is the difference between migrated users and users made natively. Jim Helfer WTW Architects Pittsburgh PA -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Waters, Jeff Sent: Tuesday, April 27, 2004 3:58 PM To: Exchange Discussions Subject: RE: E5.5->2003 permissions issues with "migration" I am just now starting on the exchange part of this migration so I can't answer for you there, but I can tell you it seemed to be SOP that the user is forced to change their password after the migration. The cool part is you can select all the users and reset that flag with 3 or 4 mouse click's. I also found that you wanted to migrate the computer before the user, it was the only way that SID translation worked for me. I have not had any problems in the lab with mailbox permissions, I just walked through the setup guide, moved a few test mail boxes and the clients worked perfectly. -----Original Message----- From: Jim Helfer [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 27, 2004 12:43 PM To: Exchange Discussions Subject: E5.5->2003 permissions issues with "migration" To move my users to NT4/Ex5.5 accounts&mailboxes to Win2003 AD accounts&mailboxes, I used the following method. 1. Install 2003 into original site, use AD Connector to communicate between users on the different systems, and to maintain SMTP mail flow in and out. 2. Active Directory Migration Tool to create users and computer accounts (Migrate User, Migrate Comptuer, Security Translation). 3. AD Cleanup wizard to merge Exchange properties currently attached to the new users that ADC created. 4. Move mailbox Unfortunately, permissions just don't seem to be quite right, and I'm worried that I'm doing something wrong that will bite me later. F'rinstance - 1. I set up Password migration in ADMT , but when I migrate a user, the account has "User must change password at login". This may be by design, but I have to wonder at the design decision behind forcing users to immediately change passwords after you've gone through a certain amount of grief to maintain the passwords. <g> 2. The migrated 2003 user does not seem to have client permissions to their own mailboxes! I need to go in and add the "SELF" user with "Full mailbox access" The user from the NT4 domain is included, however. 3. After the migration when the user attempts to start outlook, it prompts for the NT4 domain/username on starting outlook. After a mailbox move to a different server in the same org, I thought that OL MAPI connections were supposed to pick up on these sorts of things. 4. Public Folders were just a mess. All permissions needed to be hand installed, and in one case, the "default" set of permissions didn't appear in the PF's property page until a few _days_ after replication. I guess it's not a crisis yet, we can fix up all the permissions, but there are two things that I am wondering about. A) Did I waste my time with this whole ADC-migration thing that just doesn't do what one would expect it to do? B) Are my permissions so crossed up that I will have all kinds of trouble detaching the 5.5 server (First server in the org?). Otherwise, I'm interested in any one else's experience using these tools. Using hindsight, it sure seems that it would have been more efficient just to manually move all the users in one long weekend. Jim Helfer WTW Architects Pittsburgh PA _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang =english To unsubscribe send a blank email to %%email.unsub%% Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang =english To unsubscribe send a blank email to %%email.unsub%% Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe send a blank email to [EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with.
