I love Microsoft products. Here is an example of why.  Working for Microsoft I get to play around with them for free. This Blog is an example of what I am talking about.

A couple of years back my mother started documenting our entire extended family. ( which is actually four different trees spanning at least 6 generations. After splitting the largest tree there were at least 75+ names left on a single sheet of paper.

The best my mother could do was glue two or more large sheets of Foolscap paper together to write this down. When I saw this I immediately thought of digitizing it and thought it will be a weekend activity.

Circa 2005; Internet to the rescue ! And after exploring many propriety software available on the internet I had to rule them all out one by one. Reasons varied from un-friendly interface to propriety methods of storage. ( considering that I would be sharing this out to the extended family for possible  updates or simply viewing )

Finally after many hours spent exploring and ruling out options I zeroed on Visio after seeing how somebody else had done it. ( Website no longer available. )

I found this options scalable and  somewhat convenient, but it was not to be.

In Hindsight I believe my approach needed some fine tuning. I built my own templates for the common shapes like male, female, married, child, etc. ,etc.

I got started assembling the bricks, and that’s when I realized how dam difficult aligning and sizing the different shapes is.  And I had not even started putting details. Picture how aligning all the above shapes into the below would be like.

Each shape is in fact a simple grouping of discrete lines. With no other choice I carried on the cumbersome task to putting all the objects together. Not regularly but when ever I had some free time on a weekend.

All This happened sometime in 2005 and till December 2008 I was barely 25 % done with the entire tree in spite of spending a lot of time on this. I did think of Exploring AutoCAD but it was not to be. ( remembering my AutoCAD days in 1998-99 )

In December 2008 when I was somewhere 25% done with the tree I met a colleague who was the Expert on Visio & who's job profile was to demonstrate & sell Visio to customers  ( he actually sat right next to me for a very long time).  In some discussion on Visio I mentioned to him I was in progress of creating this family tree and was having a tough time. That’s when he suggested why don’t I type the names in Excel File and simply import them into a Visio file.

How ingenious ! But I dint know how that could be done. A couple of minutes later he was showing me the organizational chart feature in Visio.

Here is what he did.

File > New > Organizational Chart.

Created a Couple of Objects, then exported the file to excel.

Looking at the excel file I immediately understood how Visio built the hierarchy. Just 3 columns matter and additional 2 columns for the name and title.

• Unique_ID

Each person must have a unique ID

• Reports_To

Which should have the Unique_ID of the parent

• Master_Shape

For the identifying shape from the library.

In Short, we reverse Engineered the Visio file into Excel to understand the Required fields.

What I got :

• Ability to build a diagram from scratch with virtually no skillset in Visio.
• No messy aligning , shapes, grouping & un-grouping. ( Trust me this can be Really Messy )

• Just Type all the details in Excel & simply import them into Visio.

So, Put the Data into Excel & it take less then a minute for importing. ( compared to many many many hours doing it the old way. )

I can also simply e-mail either the Visio or a Jpeg file to the extended family. Or if I need some help in filling out the details I simply e-mail the excel file to relatives & ask them to fill it up.

( every one has Microsoft excel )

In hindsight I feel like an idiot for having spent so many hours attempting to do it using my own template :(

Some problems I faced on the way & how I resolved them:

1. Every Spelling update made resulted in the Visio needing a re-import.

Thus I needed to make the Visio dynamically linked to the excel file. If the excel file is updated it should reflect in the Visio without re-importing it.

Done. It was a simple option in Visio.

2. I need to figure out how to maintain the order when the file is imported into Visio.

i.e.  Elder Siblings should be to the left of their younger sibling.

I put an additional field which had a number. So after importing the excel file, I displayed the number to sort out siblings. Then hide the number.

3. Printing Across multiple Pages. ( 2 Problems here )
   1. Margin the Printer leaves

I knew that all printers have a limitation to printing right to the edge. But dint know how much I could push the printer I was using. After wasting many sheets of paper I decided not to bother. Simply chop off the extra paper with a blade.

2. Overlap Printed ( a couple of mm )

Dint bother fixing this. Simply cut a strip off along with solution of point a.

Going ahead I need to solve the following challenges:

1. Differentiate Male & female.

I have used two master Shapes ( manager & delegate ) mapping to a Descendant & His / Her Spouse.

If I need to Differentiate between Male & Female, I would need four master Shapes

(Male Manager, Female manager, Male Delegate & Female Delegate )

Given that there are no more shapes to be used I might need to create some custom shapes. ( Non-Standard - not going to attempt it just yet  )

What I lost:

• Unique shapes male and female. ( I Think i can workaround that by creating a custom shape but not going to attempt it just yet )

• A lot of time I spent on the old method.

==========================================

Some Statistics:

• 4 Family trees - 1 for each Grand Parent. ( 1 Tree split into 2 due to size, so 5 Trees )
• 390  different persons.
• Largest tree of 135 Individuals
• Up to 6 generations Documented.
• 13 A3 sheets of Paper for printing in landscape mode.
• Many Hours to put it all together.

Unfortunate that i cannot upload the tree over here.

Adding further value:

1. Put this up on a website. ( Ahh…. That’s another Blog topic )

2. Capture as much information as possible in the excel file and look for ways to put it up  on the Visio.

( DOB, DOD, Photo, Etc )

Credit also to a friend of mine who tickled me into moving forward.

- Sachin Filinto

The purpose of this blog is to document how a cross-forest migration is done with native Exchange 2010 tools. Another reason I am writing this blog is that I did not find this method documented either in the Microsoft community content nor on the internet. ( Same SMTP domain but Different AD Domain / forest )

This Blog is a meant to be very concise & to the point article on how to go about the migration using built-in tools like ADMT & Prepare-MoveRequest.ps1 script which can be freely downloaded from the Microsoft website & is included with Exchange 2010 Service Pack 1 respectively.

This Method of co-existence & migration could be classified as Short co-existence with a One-way GAL synchronization.

To start with we need to get some basics crystal clear.

1. Some Basics

a. proxyaddresses & targetaddress

proxyaddresses is the main attribute where e-mail address information is kept. When you open the properties of a recipient in Outlook and look at the "E-mail Addresses" tab, you are looking at this attribute. This is a multi-valued string containing all the addresses that represent the recipient.

e.g. SMTP:user101@tailspintoys.com, smtp:johndoe@tailspintoys.com,X400:c=US;a= ;p=contoso;o=Exchange;s=user101

targetAddress

In contacts and mail-enabled users (MEU) this attribute will point to a mailbox outside the Exchange organization, for example, to a Hotmail account or to another's company address.

Source & for further reading : Link

b. Mail Enabled User ( MEU )

Also Known As: Mail User /Mail-Enabled Active Directory user.

A mail user is similar to a mail contact, except that a mail user has Active Directory logon credentials and can access resources. Thus a MEU represents a user outside the Exchange organization. Each mail user has an external e-mail address. All messages sent to the mail user are routed to this external e-mail address & for this it uses the targetAddress attribute mentioned earlier in this Blog.

A MEU does not appear different from a mailbox in the GAL.

Source & further reading Link , Link ,Link

2. Preparing for the actual mailbox move to the target forest.

To move a mailbox from an Exchange 2003/07/10 Server to another Exchange 2010 forest, the target forest must contain a valid mail-enabled user (MEU) with a specified set of Active Directory attributes.

There are several ways to Create this MEU in the target forest ( ILM/ FIM / Custom Scripts / Prepare-MoveRequest.ps1 )

For a list of mandatory & optional attributes see this Link. In this blog I shall cover only the Prepare-MoveRequest.ps1

Prepare-MoveRequest.ps1

When executed some of the things this Script does is:

a. Creates a disabled "Mail User" in the target forest & copies proxyaddresses attribute from the source forest to target forest. ( besides other attributes )

b. Stamps the targetaddress attribute of the target object.

c. Append the LegacyExchangeDN value from the source forest object as a X500 Proxy address of the target object.

d. Append the LegacyExchangeDN value from the target forest object as an X500 Proxy address of the source object.

Lets take a look at each of these points in more detail.

a. Creates a disabled "Mail User" in the target forest & copies proxyaddresses attribute from the source forest to target forest. ( besides other attributes )

The following diagram shows the output when Prepare-MoveRequest.ps1 is executed.

The following diagram shows the Mail User created in the target forest.

The following diagram shows the disabled Mail User in the target forest.

The following diagram shows the LegacyExchangeDN attribute of the Mail User in the target forest.

b. Stamps the targetaddress attribute of the target object.

The following diagram shows the targetaddress attribute of the Mail User in the target forest.

c. Append the LegacyExchangeDN value from the source forest object as a X500 Proxy address of the target object.

The following diagram shows the LegacyExchangeDN from the source forest being appended as the x500 Proxy address in the target forest.

The following diagram shows the x500 proxy address on the target MEU

d. Append the LegacyExchangeDN value from the target forest object as an X500 Proxy address of the source object.

The following diagram shows the LegacyExchangeDN from the target forest being appended as the x500 Proxy address in the source forest.

The following diagram shows the LegacyExchangeDN from the target forest as a x500 proxy in the source forest.

The following diagram shows the empty targetAddress in the source forest.

Syntax:

.\Prepare-MoveRequest.ps1 -RemoteForestDomainController dcx01.contoso.com -RemoteForestCredential $RemoteCredentials -LocalForestDomainController dc01.fabrikam.com -LocalForestCredential $LocalCredentials -TargetMailuserOU "OU=mig,DC=fabrikam,DC=com" -verbose -identity johndoe

You need to define $LocalCredentials & $RemoteCredentials before executing the above command.

For this we can use:

(Target Forest )

$LocalCredentials = Get-Credential

(Source Forest )

$RemoteCredentials = Get-Credential

Note: In the examples shown above, Contoso.com is the Source forest & Fabrikam.com is the target forest. @tailspintoys.com is the SMTP domain used in both the source & target forests.

( It is advisable to use the -verbose switch to log any possible warning & errors. )

Important considerations:

a. A very critical point to note is that by adding the LegacyExchangeDN value as an X500 proxy address in the opposing forests, ensures that replying to any e-mails prior to the migration will not result in an NDR. ( Exchange does not necessarily use the SMTP address when replying to e-mails from internal users )

b. This Script DOES NOT copy the password & the SID ( For that you need to use ADMT).

c. Prepare-MoveRequest.ps1 should be run prior to ADMT. Thus ADMT would need to be executed with the "Migrate and Merge Conflicting Objects" option selected. ( more details in ADMT section )

d. If executed for all users in the Organization, this can effectively be used to populate the GAL in the target forest prior to moving the mailbox from source to target.

As seen in the Below screenshot, a MEU is not distinguishable in the GAL of the target forest )

For further reading on the Prepare-MoveRequest.ps1 script see Link

…To be continued in Part II

Moving to a new forest and retaining the same SMTP domain ( with native scripts ) - Part II

3. Moving the Active Directory account using ADMT

ADMT is a great tool for Migrating and Restructuring Active Directory Domains ( user accounts, passwords, groups & group membership, computer accounts & much more.)

However It is very important to note that ADMT DOES NOT touch Exchange attributes.

ADMT can be executed before prepare-move request, after prepare-move request or skipped if we want to use a linked account.

Assuming Prepare-move request was executed first, when executing ADMT we need to merge the account with an existing MEU.

Below are screen grabs of the ADMT wizard. the critical options are highlighted.















 

If ADMT is run prior to the Prepare-MoveRequest.ps1 script is executed, we would need to execute Prepare-MoveRequest.ps1 with the -OverWriteLocalObject Switch.

Further reading Link

4. The Actual Move of Mailboxes.

Having prepared the environment, moving the mailbox should now be a breeze. Given that Moving mailbox is a large topic, so In order to keep this blog concise, I shall jump straight to the command & explain only what is relevant.

1. MRSProxy or NO MRSProxy

   MRSProxy encapsulates all communication between the organizations in HTTPS packets thus making the move seamless.

   Assuming the source forest has Exchange 2010 SP2 or above, enable MRSProxy in the source forest.

   Set-WebServicesVirtualDirectory -Identity "EWS (Default Web Site)" -MRSProxyEnabled $true -MRSProxyMaxConnections 50

   Details can be found Here

   In the event that the source forest does NOT have an Exchange 2010 server, we cannot use the MRSProxy. So we skip the above step & use the -remotelegacy in lieu of -remote switch in the move command.

2. Command to Move the Mailbox across the forests ( pull the mailbox from source forest to the target forest )

   First save the credentials in two variables:

   ( target forest )

   $LocalCredentials = Get-Credential

   ( source forest )

   $RemoteCredentials = Get-Credential

   Then execute the command based on whether the source forest has MRSProxy enabled or not.

   • With MRSProxy DISABLED in the source ( even if there is a E2010 server in the source )

   New-MoveRequest

   -Identity johndoe@tailspintoys.com

   -RemoteCredential $RemoteCredentials

   -TargetDeliveryDomain 'tailspintoys.com'

   -RemoteGlobalCatalog dcx01.contoso.com

   -RemoteLegacy

   • With MRSProxy enabled in the source (on a server e2010.contoso.com )

   New-MoveRequest

   -Identity johndoe@tailspintoys.com

   -RemoteCredential $RemoteCredentials

   -TargetDeliveryDomain 'tailspintoys.com'

   -RemoteGlobalCatalog dcx01.contoso.com

   -Remote

   -RemoteHostName E2010.contoso.com

   Note: -RemoteHostName is the E2010 servers where we have enabled the MRSProxy

   When the above commands are executed, it will result in the source mailbox turning into a Mail User ( MEU) & the Target Mail User (MEU) into a user mailbox.

   Source forest:

   User Mailbox> Mail User ( MEU )

   Target forest:

   Mail User (MEU) > User Mailbox

   Before Move:

   

   Move Command:

After Move:

1. 

   Note: Issues to be aware of when moving across forests

   1. Outlook nickname cache is best cleared ( from the client side )
   1. Update OAB & replicate to the CAS servers. Have the users wait till it downloads or ask them to manually download the OAB.
   1. Depending on how end-users have created their outlook rules, it could break. You might need to re-create the outlook rules.
   1. Shared mailboxes + their users & manager + delegate sets should be moved together. you cannot have a manager in one forest & delegate in a different forest
   2. This Mailbox pull will result in the source mailboxes being hard deleted. Ensure you have a backup in case you need to retrieve the mailbox
   1. "Suspend this move when it is ready to complete" option is not available when moving across forest.

   Additional Reading.

   http://technet.microsoft.com/en-us/library/dd351123.aspx

   http://blogs.technet.com/b/exchange/archive/2010/08/10/3410619.aspx

5. Ensuring Mail flow between source & target during the co-existence phase.

The Method described below would work fine if we have to migrate all the mailboxes from the source forest to the target forest rapidly & in one scheduled activity. This is because both the source & target forest are authoritative for the same SMTP domain.

This drawback ( of having to move all the mailboxes in one scheduled outage ) would be acceptable if the number of mailboxes is small or the actual move would happen in a short span of time. However this is not a common scenario as most migrations would take several hours if not days or weeks.

In the event that the move of mailbox takes several hours, days or weeks, we would need to have e-mail flowing between the source forest, ( mailboxes which are going to be migrated ) & the target forest ( mailboxes which have already been migrated ) Thus a migrated user can send an e-mail to a user who is yet to be migrated & vice-versa.

The additional steps to achieve this would involve:

 

1. Add a new accepted domain e.g. @tailspintoys.local in the target forest and also add this domain as a secondary SMTP address to the target forest objects.

Thus we have an additional secondary SMTP e-mail address of johndoe@tailspintoys.local

set-emailaddresspolicy -id "Default Policy" -enabledemailaddresstemplates SMTP:@tailspintoys.com,smtp:@tailspintoys.local

update-emailaddresspolicy -id "Default Policy"

 

2. Modify the move command used earlier. Change the TargetDeliveryDomain to tailspintoys.local

e.g. New-MoveRequest -Identity johndoe@tailspintoys.com -RemoteCredential $RemoteCredentials -TargetDeliveryDomain 'tailspintoys.local' -RemoteGlobalCatalog dcx01.contoso.com -RemoteLegacy

Thus the Target address on the MEU in the source forest after the mailbox is moved will be johndoe@fabrikam.local besides the expected proxy addresses.

Once Executed, we will now have the MEU in the source having a target address of tailspintoys.local

 

3. Create appropriate connectors for mail flow.

In order to have e-mail flowing between the two forests we would need to configure connectors in both the forests. This procedure could vary depending on how the existing mail flow is configured.

Here are the PowerShell commands used in my lab:

source_to_target mail flow

Source send connector

new-SendConnector

-Name 'source_to_target'

-Usage 'Internet'

-AddressSpaces 'SMTP:*.tailspintoys.local;1'

-IsScopedConnector $false

-DNSRoutingEnabled $false

-SmartHosts 'ex01.fabrikam.com'

-SmartHostAuthMechanism 'None'

-UseExternalDNSServersEnabled $false

-SourceTransportServers 'ex01.contoso.com'

Target receive connector

new-ReceiveConnector

-Name 'source_to_target'

-Usage 'Internet'

-Server 'EX01.fabrikam.com'

-Bindings '0.0.0.0:25'

-RemoteIPRanges '10.10.10.103'

target_to_source_and_internet mailflow

target send connector

new-SendConnector

-Name 'target_to_source_and_internet'

-Usage 'Internet'

-AddressSpaces 'SMTP:*;1'

-IsScopedConnector $false

-DNSRoutingEnabled $false

-SmartHosts 'ex01.contoso.com'

-SmartHostAuthMechanism 'None'

-UseExternalDNSServersEnabled $false

-SourceTransportServers 'EX01.fabrikam.com'

source receive connector

new-ReceiveConnector

-Name 'target_to_source_and_internet'

-Usage 'Custom'

-Server 'Ex01.contoso.com'

-Bindings '0.0.0.0:25'

-RemoteIPRanges '10.10.10.11'

-AuthMechanism 'Tls, ExternalAuthoritative'

-PermissionGroups 'AnonymousUsers, ExchangeServers'

Note1: usage = internet as this would not require authentication.

Note2: RemoteIPRanges is the IP address of the server used in the send connector matching this receive connector. This will result in only the identified server being able to send e-mail over this receive connector.

Note3: For this example I have chosen to create a separate send & receive connector in both the forests. However you could also achieve this by modifying the existing receive connectors instead of creating new receive connectors.

6. Additional configuration needed.

• AutoDiscovery for outlook clients ( also used by free-busy )  Reference link
• Free-busy / Availability information.
• Redirecting OWA across forests
• Linked mailboxes
• Shared / Resource mailboxes

I hope to cover these in future blogs, time permitting.

Additional Reading Link1 Link2 Link3

Thank you for reading this far & I hope this blog was useful for your cross-forest migration.

Next Blog: How Groups can be migrated across forests & what kind of issues can crop up.

Ever wanted to send an invite to a whole lot of people by e-mail & wanted it to look professional rather then sending a generic one to all users Bcc'ed ?

Here is a method to generate bulk personalized e-mails to  a set of uses ( from a list ) using the mail Merge Feature of Microsoft Word. ( Outlook used to send the e-mail )

• Add the Recipients to your outlook contacts ( Highly recommended as this would simplify the steps later on -

If needed create a subfolder in the contacts folder. )

• Open Microsoft Word.

• Select the "Mailing" tab from the ribbon.

• Start mail merge > e-mail messages.

Here Type the body of your e-mail.

• "Select recipients" > Select from outlook contacts

• Preview the e-mail by selecting the "Preview Results"  Icon.

• Click on Finish & merge

• Click on Send e-mail Messages

• Type the Subject of the e-mail

• Click on Ok.

Further Options to customize the e-mail

• You can Customize the  Greeting from the below menus

Greeting Line Or Insert Merge Field ( More Granular control )

e.g. Each e-mail could be customized with a Dear Mr. xyz ( Pulled from the contact information )

For more information : read the word help file. ( It has detailed instructions on all the options you see on the ribbon )

Lesson Learnt the Hard way:

Keep your machine Disconnected from the network ( or Keep outlook offline )

After the mails are generated, review them from the outlook outbox. If the e-mails are as expected, go ahead & make outlook online to have the e-mail sent.

Solving the family tree challenge with Visio ( long one )

securing printing

removing hidden document information

Securing your Home Wi-fi internet connection. ( long one )

and many more... ( which i started first writing on the 22 may 2009 when i was at the delhi airport for about 6 hours )

I have the date because one note puts the date in a very prominent location.