WSUS 3.0 SP2 master server cross-forest migration impacts

Similar Messages

• Cross forest migration Exchange 2010 SP2 to Exchange 2010 SP2

  Hi,
  We are planning cross forest migration Exchange 2010 SP2 to Exchange 2010 SP2.
  Requesting you to please help us out for below scenario.
  Source Exchange 2010 SP2:- abc.com
  2AD, 2CAS & 2 MBX servers
  Database:- 4
  Total Users :- 3500
  Accepted Domains :- 8
  Total Data:- 5TB +
  Target Exchange 2010 SP2:- xyz.com
  Resource allocated same as above.
  Now we have to migrate users along with data to target forest xyz.com keeping both setup live, as moving 5TB + data will be a ongoing process and the same will take some time.
  With the guidelines mentioned in
  http://careexchange.in/cross-forest-migration-guide-exchange-2010-to-exchange-2010/#comment-14203 we are able to migrate test users along with data, but after migration the migrated user is not able to connect through MS Outlook even not able to login into
  OWA. It gives error “The Outlook Web App address
  https://mail.abc.com/owa is out of date.”
  Kindly let us know how to solve this issue.
  Kindly let me know if you want any more information from our end.
  Thanks in advance.
  Thanks and Regards, Shashank Kudi

  Hi Shashank,
  Do you have certificates properly installed and configured in the target Exchange?
  If not, Please configure certificate and import the certificate to the trusted root CA if you are using internal CA cert.
  Thanks, MAS
  Please mark as helpful if you find my comment helpful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.

• Cross-forest migration to Exchange 2013 SP1 and Outlook 2013 SP1

  Hello! I have two forest: Exchange 2010 SP2 RU5 - resource forest and Exchange 2013 SP1 - account forest. I make cross-forest migration from resource forest (linked mailboxes with account forest) to forest with Exchange 2013 SP1.
  I have moved mailbox from resource forest exchange 2010 to exchange 2013 sp1 forest.
  Outlook 2010 connect to migrated mailbox without any problem, but outlook 2013 sp1 cannot connect to migrated mailbox.
  Error look like - cannot find exchange server.
  I created new mailbox in Exchange 2013 organization and can connect to it with outlook 2010 and outlook 2013 sp1.
  Someone have the same problem with migrated mailbox? How to solve it?
  Truly, Valery Tyurin

  You can use New-MoveRequest to perform a cross-forest move. Here is a well post and step-wise explanation you can check for cross forest migration from exchange 2010 to exchange 2013(http://msexchangeguru.com/2013/11/03/e2013crossforestmigration/).
  Moreover, you can try this utility (
  http://www.exchangemigrationtool.com/ ) to accomplish this task.

• Cross Forest Migration from Exchange 2007 to Exchange 2013

  Hi
  Could anybody advice me the steps also the  pros and cons for below mentioned environment if we are going for the cross forest migration.
  Source 
  Domain -   test.local
  Active Directory -  Windows 2003
  Exchange Server - 2007
  Target
  Domain -   test.net
  Active Directory -  Windows 2012
  Exchange Server - 2013
  Also if it is possible ,
  How could I remove the source environment including the exchange servers. after the migration ?
  Regards
  Muralee

  Hi Oliver ,
  Please suggest us.               
   In my environment we are in a plan to migrate from exchange 2007 to exchange 2013 (cross forest migration).
  Source : Exchange 2007 with sp3 ru 10 
  Target : Exchange 2013 with cu2 ( new environment yet to be created).
  Trust : Forest trust in place (two way )
  Domain and forest functional level : 2003 in both target and source  
  Migration Steps :
  Step1 :
  We are in a plan to execute 'preparemoverequest.ps1' first in the target forest ,so that we will get the disable MEU
  in the target forest.
  Step2:
  Then we are going to use ADMT to migrate users SID'S and password .
  Step3:
  Then we are going to move the mailboxes with New-moverequest  
  Please have a look in to our steps and suggest us ,whether we are going to proceed the migration in a right way or not
  .Is anything needs to be changed please intimate me .
  Thanks 
  S.Nithyanandham 
  Hey there,
  Sorry for taking a little while to get back to you, i've been busy working on Hosted Lync deployments!
  Use ADMT first, then when using preparemoverequest.ps1 script using the -uselocalobject cmdlet. This will then tie it up to the ADMT migrated account.
  More info in this thread here: http://social.technet.microsoft.com/Forums/windowsserver/en-US/2916e931-36a0-4ba4-8c04-196dbe792b44/preparemoverequestps1-and-admt?forum=winserverMigration
  Oliver
  Oliver Moazzezi | Exchange MVP, MCSA:M, MCITP:Exchange 2010,MCITP:Exchange 2013, BA (Hons) Anim | http://www.exchange2010.com | http://www.cobweb.com | http://twitter.com/OliverMoazzezi

• WSUS 3.0 SP2 on Server 2008 R2 not working (no console or other access)

  Hi,
  In a brand new network with all 2008 R2 servers I setup WSUS. Initially I could not install the role from the Roles tool in Windows and had to install it from a downloaded file from Microsoft (which I later read is due to 2008 R2).
  This ran fine for about 2 weeks, I had all the clients and workstations in groups, approving updates and installing them.. all tickety boo and then one day the console wont connect and I have not been able to get back into WSUS to do anything. I tried removing
  and re-installing WSUS (both keeping the local database and then deleting it the second time) but nothing helps. My event log reports the following every 6 hours:
  Event ID 13042 - Self-update is not working
  Event ID 12002 - The reporting web service is not working
  Event ID 12012 - The API Remoting Web Service is not working
  Event ID 12032 - The Server Synchronization Web Service is not working
  Event ID 12022 - The Client Web Service is not working
  Event ID 12042 - The SimpleAuth Web Service is not working
  Event ID 12052 - The DSS Authentication Web Service is not working
  Some extra points based on what I have read:
  The server DOES have .net 4.0 installed
  WSUS has been removed and re-installed
  All servers are 2008 R2
  The server also runs Remote Desktop Services.. but aside from this is just a file and print server
  Because this server (and the whole network) are brand new, standard practice is to run WSUS against the Microsoft update site and install all critical and optional updates and patches and etc..
  While it was working, I can't recall installing anything that may have broken it, however typically Windows patches do not cause problems on our machines, so I do not pay too close attention to what gets installed.. Perhaps one of these updates broke WSUS?
  Can anyone offer some suggestions for how to troubleshoot this and try get things moving again?
  Thanks!

  Hi,
  > then one day the console wont connect and I have not been able to get back into WSUS to do anything.
  Any error message when you launch WSUS console?
  You mentioned you have Kaspersky Endpoint Security software installed on WSUS server, have you configured antivirus software to exclude WSUS content directory?
  If you cannot access the WSUS console and a timeout error message appears, the CPU of the WSUS server may be at, or very close to, maximum utilization, which causes the database software to time out. If the database software times out, the WSUS console cannot
  be displayed.
  One way of inadvertently overtaxing your WSUS server is to have antivirus software monitor the WSUS content directory. During synchronization, the antivirus software can overload the CPU.
  Please ignore WSUS content in your antivirus software and check the result.
  For more information please refer to following MS articles:
  Issues with the WSUS 3.0 SP2 Administration Console
  http://technet.microsoft.com/en-us/library/dd939877(v=WS.10).aspx
  The DSS Authentication Web Service is not working.
  http://social.technet.microsoft.com/Forums/en-US/configmgrsum/thread/c901eb7b-7c20-4fb8-87dd-93f128ec8703
  WSUS web services not working
  http://social.technet.microsoft.com/Forums/en/winserverwsus/thread/5b443a1c-01eb-4b73-ad06-03700032bec2
  Lawrence
  TechNet Community Support

• WSUS 3.0 SP2 on Server 2k8 R2 getting Error 364 and 10032

  This is a FRESH installation of Server 2008 R2, installed with SP1 (no updates applied from Windows Update - I want this to happen via WSUS)
  WSUS 3.0 SP2 FRESH installation from standalone installer.
  Installed KB2720211 to correct the issue of clients being unable to communicate with WSUS server.
  WSUS installs fine, synchronizes fine, but a number of updates showing "The Microsoft Software License Terms for this update failed to download"
  Many other updates report the download failed with REASON: HTTP 404 The requested URL does not exist on the server.
  Throughout the last 2 days of researching and investigating these particular errors, I have performed the following steps:
  Verify correct permissions for the drive and folders - no change
  wsusutil reset - no change
  wsusutil checkhealth - Reports WSUS working correctly
  Uninstalled and reinstalled WSUS 3.0 in full
  Removed server from any and all firewall and ISA devices, turned off the internal Windows Firewall completely - no change
  Reinstalled Server 2008R2 again from scratch, installed WSUS again from scratch - no change
  WSUS and Server 2008R2 configurations are identical to a previous installation that was working perfectly, and is NOT using a proxy.

  In my research on this issue I have encountered a number of posts mentioning this, although none of them specified v3.2.
  Given that the patch only applies to WSUS v3.2, to do so would be notably redundant. :-)
  Is the KB2734608 applicable to WSUS 3.0 as well?
  You seem to be confused by nomenclature.
  "WSUS 3.0" == WSUS v3 RTM (released Spring 2007)
  "WSUS 3.1" == WSUS v3 SP1 (released Summer 2008)
  "WSUS 3.2" == WSUS v3 SP2 (released October 2009)
  Nonetheless, the patch only applies to WSUS v3 with Service Pack 2, aka WSUS v3.2.
  I am hesitant to say that maybe an upgrade to 3.2 may fix the issue
  Since you can only install WSUS v3.2 on a Windows Server 2008 R2 server, this is really a non-issue.
  I added the WSUS role within the server manager rather than from the standalone installer.
  This was probably a key differentiator. I'm curious why you used the standalone installer to begin with.
  I should mention, during the server installation, I also did a full factory reset on the router, and reconfigured it accordingly.
  I'm still inclined to believe this had the most significant impact on your download failures.
  Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
  SolarWinds Head Geek
  Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
  My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
  http://www.solarwinds.com/gotmicrosoft
  The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.
  Yea, in looking around further I figured out that the 3.2 was a reference to 3.0 SP2. I went ahead and added that patch and lost the ability to synchronize period. At that point I just wiped everything again and am back up and running.
  I used the standalone installer as the server role had originally failed and was unusable in the original installation. I stayed with the standalone installer as I had thought it may have been updated from the version included in the 2k8 R2. I now know otherwise.
  I was still able to use the wizard to start with, which allowed the server manager to add the necessary required roles and services, but would ultimately fail in installing the WSUS role. This time it all worked like a charm, so I went with it.
  As for the router, it may have been the culprit, although prior to the initial server reformat, the previous WSUS installation was working perfectly, about an hour prior to the completion of the the format and the installation and configuration of the WSUS
  server.
  Either way, thanks for the help and the clarifications on some of the items for me.

• SCCM 2012 on Server 2012 and WSUS 3.0 SP2 on Server 2008

  We are installing SCCM 2012 SP1 fresh into our development environment - the primary site server and the database (SQL 2012) are both being installed on Server 2012.
  We have an existing WSUS box on a Windows 2008 (not R2) server - the WSUS server version is 3.2.7600.256.  We have set this up as the software update point.
  For the purposes of this discussion, these are the server names (obviously obfuscated):
  Primary site server:  sccm.domain.local
  Database server:  sccmdb.domain.local
  WSUS server:  wsus.domain.local
  On the primary SCCM server, I've installed the WSUS user interface (Install-WindowsFeature -Name UpdateServices-UI), in order to work with the remote WSUS server.
  Updates synchronization appears to be working fine, but when I try to setup client distribution via SUP, I'm getting the following error in the Application event log:
  Log Name:      Application
  Source:        SMS Server
  Date:          8/6/2013 11:03:11 AM
  Event ID:      6613
  Task Category: SMS_WSUS_CONFIGURATION_MANAGER
  Level:         Error
  Keywords:      Classic
  User:          N/A
  Computer:      sccm.domain.local
  Description:
  On 8/6/2013 11:03:11 AM, component SMS_WSUS_CONFIGURATION_MANAGER on computer sccm.domain.local reported:  WSUS Configuration Manager failed to publish client boot-strapper package "9D5353E5-DA80-48C3-97DE-C9C528F73A2D" with version "5.00.7804.1000"
  to the Software Updates Point.
  As well as this in the WMC.log:
  PublishApplication(9D5353E5-DA80-48C3-97DE-C9C528F73A2D) failed with error System.InvalidOperationException: Publishing operation failed because the console and remote server versions do not match.~~   at Microsoft.UpdateServices.Internal.BaseApi.Publisher.LoadPackageMetadata(String
  sdpFile)~~   at Microsoft.UpdateServices.Internal.BaseApi.UpdateServer.GetPublisher(String sdpFile)~~   at Microsoft.SystemsManagementServer.WSUS.WSUSServer.PublishApplication(String sPackageId, String sSDPFile, String sCabFile)  $$<SMS_WSUS_CONFIGURATION_MANAGER><08-06-2013
  11:03:11.787+240><thread=3704 (0xE78)>
  ERROR: Failed to publish sms client to WSUS, error = 0x80131509  $$<SMS_WSUS_CONFIGURATION_MANAGER><08-06-2013 11:03:11.803+240><thread=3704 (0xE78)>
  It would seem obvious that this is because of a mismatch in versions between the WSUS server version on wsus.domain.local, compared to the UpdateServices UI on sccm.domain.local.
  Is there a way around this, without having to upgrade the WSUS server to Server 2012?
  Thanks for any thoughts you may have!

  Not really. As mentioned though, even the separate WSUS server is probably overkill. In ConfigMgr, WSUS is used to handle the update catalog and that's it. Clients do *not* report status to the WSUS instance and do *not* download updates from the WSUS instance.
  No management is ever done in WSUS.
  So, in reality, once a month, clients connect to WSUS to download the delta update catalog (delta compared to what they currently have) which usually comes out to about a few hundred KB (yes KB, not MB) -- this download is done via BITS. The server also
  syncs the catalog from the WSUS instance, via the SUP, in a similar fashion. If you are using SCEP, the frequency will be greater, but the deltas will be much smaller.
  EULAs, as needed, are also stored in WSUS and accessed by clients -- these are also quite small only a select few updates requires them.
  That's it. Standing up a dedicated WSUS instance means having a server sitting there doing almost nothing else.
  If you are concerned about load on the site server, then you should create a separate site system that contains the MP, SUP (and WSUS instance), and DP. Then, for HA purposes, you can simply build a second site system with these three roles also and HA will
  essentially be automatic (from a client functionality perspective).
  Jason | http://blog.configmgrftw.com

• Exchange 2010 to 2013 cross forest migration doesn't have an SMTP address that matches the target delivery domain

  I’m having a problem moving a mailbox from exchange 2010 sp3 to Exchange 2013 which are in two separate forests.
  Two way trust in place
  Certificates imported
  ADMT is set up.
  SMTP namespace oldcompany.org and newcompany.org for the old email domain and new one is configured to be shared between forests. 
  I’m doing the following:
  Step 1
  Prepare-MoveRequest.ps1 -Identity [email protected] -RemoteForestDomainController DC1. oldcompany.Local -RemoteForestCredential $RemoteCredentials -LocalForestDomainController DC1. newcompany.local -LocalForestCredential $LocalCredentials  -TargetMailUserOU
  "OU=Office Users , DC=newcompany,DC=local" –verbose
  Everything goes ok, and a disabled user is created. A disabled user account is created in the correct OU.
  Email address is set to [email protected]
  Proxy smtp addresses are set:
  smtp:[email protected]
  SMTP:[email protected]
  smtp:[email protected]
  Step 2
  I then use ADMT and migrate sid history ect.
  Step 3
  New-MoveRequest –Identity [email protected] –Remote –Remotehostname exchange.oldcompany.local  -RemoteCredential $RemoteCredentials –TargetDeliverydomain exchange.newcompany.local
  This then fails with the error:
  The target mail user newcompany.local/Office Users /mark test' doesn't have an SMTP address that matches
  the target delivery domain 'exchange.newcompany.local'.
      + CategoryInfo          : InvalidArgument: ([email protected]:MailboxOrMailUserIdParameter) [New-MoveReques
     t], RecipientTaskException
      + FullyQualifiedErrorId : [Server=EXCHANGE,RequestId=ec704dc8-bfb9-47c1-a1ec-cc6d8ef00484,TimeStamp=23/12/2014 1
     0:51:33] [FailureCategory=Cmdlet-RecipientTaskException] 5ABE3B29,Microsoft.Exchange.Management.RecipientTasks.New
    MoveRequest
      + PSComputerName        : exchange.newcompany.local
  Any ideas what I am missing. 

  Hi Walkersway,
  As you have mentioned both the domains are "shared between forests", I would assume its added to the accepted domains as Internal Relay. Also you have 'Send Connector' Setup to relay out the email to the new forest.
  "You configure the SMTP domain as an internal relay domain to make sure that email that's addressed to that domain is accepted by the Exchange organization. The connector configuration of your organization determines how messages are routed."
  In your case "newcompany.local" should be present.
  Try this:
  New-MoveRequest –Identity [email protected] –Remote –Remotehostname exchange.oldcompany.local -RemoteCredential $RemoteCredentials –TargetDeliverydomain newcompany.local
  The TargetDeliveryDomain parameter specifies the FQDN of the external email address
  created in the source forest for the mail-enabled user when the move request is complete. This parameter is allowed only when performing remote moves with the
  Remote or RemoteLegacy parameter.
  Regards,
  Satyajit
  Please “Vote As Helpful”
  if you find my contribution useful or “Mark As Answer” if it does answer your question. That will encourage me - and others - to take time out to help you.

• Exch 2007 to Exch 2007 Cross forest migration

  Hi all,
  I am currently migrating all users from a root domain in one forest to a child domain in a second forest.
  Source: Forest A\DomainA is server 2003 r2 with Exchange 2007 SP3
  Target: Forest B\Domain B is server 2008 r2 with Exchange 2007 SP3
  I am using ADMT to migrate the user accounts with SID history. Data has been replicated over with permissions in tact.
  domain trusts have been put in palce and SID filtering has been disabled.
  Order of migration thus far;
  1. Migrate Sec Groups
  2. Migrate Distribution lists - with target proxt address only (source will be added on the weekend of the cut over)
  3. Migrate User Accounts. all exchange attributes are stripped out. Source/target user account's are left in current state (not disabled)
  4. I then run this powershell command to migrate the user mailbox over;
  Move-Mailbox -TargetDatabase TargetStore -Identity SourceUser -GlobalCatalog TargtDC -SourceForestGlobalCatalog SourceDC -NTAccountOU SourceOrgUnit -SourceForestCredential SourceCredential -TargetForestCredential TargetCredential -Confirm:$False
  The mailbox is migrated over and it automatically connects to the corresponding user that was migrated previously. How is this connection made. The move-mailbox does not migrate the source user. I was under the impression that the mailbox would show in the
  target as a linked mailbox and then I would have to disconnect and it reconnect it to the target account. it makes my life easier that it reconnects it but i wanted to know if im missing something. is this the correct way in which to migrate the mailboxes.
  Thanks

  Hello,
  It’s expected. In AD account properties, there are a lot of attributes about Exchange, such as HomeMDB, HomeMTA…
  When you use AMDT, these values will be changed to the target domain so that they matches.
  Thanks,
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Simon Wu
  TechNet Community Support

• WSUS 3.2 SP2 with KB2720211 and later KB2734608 rebuilt as WSUS 6.3.9600.16384. Will clients connect back OK after initial Sync to parent server?

  Hello all, after many iteration of trying to fix 11 DSS running Windows 2008 R2 WSUS 3.2 SP2 sync issues with parent USS, we have decided to gradually move towards WSUS 6.3.9600.16384 on Windows 2012 R2.
  I have already built a Windows 2012 R2 WSUS server (which will eventually replace the current 2008 R2 WSUS 3.2 SP2 master server) The sync is OK. There was no error on the data base side or anything.
  The idea now is to gradually pick one DSS, rebuild it with Windows 2012 R2 WSUS service, and sync it with newly built and to be main primary server. The fact that I actually picked up a working WSUS 3.2 and rebuilt it with WSUS 6.3, will the clients still
  talk back and connect? Or this version uses totally different update engine..in that case, how is it all going to work?
  Shahidul

  The fact that I actually picked up a working WSUS 3.2 and rebuilt it with WSUS 6.3, will the clients still talk back and connect?
  Theoretically, yes; but in practicality, probably not.
  Almost certainly your original WSUS v3 server was installed to the Default Web Site (port 80). WSUS v6 servers default to their own v-root on port 8530, so at a minimum you will need to reconfigure the GPO that tells the clients where to find their WSUS
  Server. However, once you do that, the clients will register automatically.
  The second part of this question relates to target groups.
  If you're using Client-Side Targeting and you've created the groups on the new WSUS Server, the clients will automatically register in their policy-assigned groups.
  If you're using Server-Side Targeting, you'll have to use the console to reassign the clients from "Unassigned Computers" to their correct target group(s).
  Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
  SolarWinds Head Geek
  Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
  My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
  http://www.solarwinds.com/gotmicrosoft
  The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

• WSUS 3.0 SP2 not installing on Server 2008

  Hi
  I'm trying to install WSUS 3.0 SP2 on Server 2008 SP2.
  During the install I am told that IIS and the required roles must be installed before set up can continue. I have confirmed that all of the pre-requisites listed below are installed on this server;
  Microsoft Internet Information Services (IIS) 7.0. Ensure that the following components are enabled:
  Windows Authentication
  ASP.NET
  6.0 Management Compatibility
  IIS Metabase Compatibility
  The installer still tells me that IIS or it's required components are not installed properly.
  Is there anything else that I need to check in relation to this error message?
  Thanks in advance.

  > Is there anything else that I need to check in relation to this error message?
  Perhaps the WSUS 3.0 SP2 Deployment Guide, in the section Configure IIS?
  I don't see "Static Content", "ISAPI Extensions", or "ISAPI Feature" listed in the citation you provided, and I'm not sure what it is you're citing to get that list of components for IIS 7.0, but it doesn't match anything that's ever been officially documented for WSUS v3 in the Deployment Guide.
  In the Select Role Services window, make sure that the following services are selected:
  Common HTTP Features (including Static Content)
  ASP.NET, ISAPI Extensions, and ISAPI Features (under Application Development)
  Windows Authentication (under Security)
  IIS Metabase Compatibility (under Management Tools, expand IIS 6 Management Compatibility)
  Lawrence Garvin, M.S., MCITP:EA, MCDBA
  Principal/CTO, Onsite Technology Solutions, Houston, Texas
  Microsoft MVP - Software Distribution (2005-2009)
  My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
  My Blog: http://onsitechsolutions.spaces.live.com

• Public Folder Migration Cross Forest

  Hello,
  We are in the middle of planning a cross forest migration from Exchange 2010 to Exchange 2013. 
  To give some context:
  We already have an Exchange 2013 environment complete with mailboxes, and public folders etc. We have a 2010 Exchange server in a different forest that we would like to migrate all existing mailboxes and public folders from to the Exchange 2013 forest. We will
  be keeping the domain/forest that currently contains 2010 so all mailboxes that will be moved will end up being linked mailboxes in the 2013 organization with the accounts held in the other forest. 
  One of the big unanswered questions remains around public folder access. During migration there will be a time when some users will be in the Exchange 2010 organization, and some will be in the Exchange 2013 organization. I have two main questions around this
  1. Is there any way possible that anyone can think of that the users moved to 2013 can access the public folders still on 2010?
  2. What is the best way to migrate the public folders over from 2010 to 2013? Do we have to create the public folders and permissions on 2013 before hand or do we use a 3rd party tool or other method to achieve this goal?

  Hi,
  To reduce needless trouble, I recommend migrate mailbox first and public folder second.
  However, public folder will works fine no matter where it located. If you experience an issue about user in Exchange 2013 mailbox cannot access Public Folder in Exchange 2010, please change the RPC authentication to NTML.
  More details about it, please refer to:
  https://social.technet.microsoft.com/Forums/exchange/en-US/3172435f-4c06-41b3-b7a7-937dc0160049/exchange-2013-users-unable-to-access-exchange-2007-public-folders?forum=exchangesvrdeploy
  Additional, step by step to migrate Public folder to Exchange 2013, for your reference:
  http://blogs.technet.com/b/meamcs/archive/2013/07/25/part-4-step-by-step-exchange-2007-to-2013-migration.aspx
  Thanks
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
  Allen Wang
  TechNet Community Support

• SCOM 2007 cross-forest clients migration

     Hello to all. I'm preparing a cross-forest migration from source domain domain1.a.com to target domain domain2.b.com . 
     Source domain has hundreds of servers (windows 2003 and windows 2008). All source DCs are Windows 2003. Source domain already has SCOM 2007 R2 deployed on its member servers and on others located on another source domains.
     As cross-forest migration will run just for domain1.a.com I need to know:
     1- Is possible to migrate member servers from source-->target and keep source SCOM 2007 R3 monitoring the already migrated member server? 
     2-If positive, what need to be done in advance (before any member server migration) and after each member server migration?
     3-If target forest already have a SCOM 2007 R2 environment, what should need to be done so migrated member servers would be monitored on this target SCOM 2007 R2 (that has nothing to do with the source one) ?
     Thanks in advance, EEOC.

  1. It is possible.
  2. You will have to install certificates in the environment and either manag the agents through a gateway (minimal number of certs) or by installing certs on the agents directly.
  3. Just uninstall the agents and reinstall by the target SCOM 2007 R2 console.
  Juke Chou
  TechNet Community Support

• Cross-forest access to public folders Exchange 2013-2007

  Dear.
  We have an Exchange 2007 org in one forest and an Exchange 2013 org in another forest.
  User accounts remain in the 2007 AD, mailbox moved to Exchange 2013 in the other forest, so a linked mailbox.
  What do I need to do in the Exchange 2007 public folders to give the migrated mailboxes (not migrated users) access to these public folders?
  Thanks for the support.
  Regards.
  Peter Van Keymeulen, IT Infrastructure Solution Architect, www.edeconsulting.be

  Hi Stephen,<o:p></o:p>
  <o:p> </o:p>
  Do you have trust between Exchange 2007 forest and Exchange 2013 forest? Please set up a trust between the two forests. Then set the public folder client  permission
  to see if we can access the
  public folders.<o:p></o:p>
  <o:p> </o:p>
  If not, since Public folder cross forest migration is not supported in from an Exchange 2007/2010 forest to an exchange 2013 forest, refer to forum:
  http://social.technet.microsoft.com/Forums/office/en-US/51da1b97-fbb1-4f81-87da-c3370960c4ab/crossforest-public-folder-migration?forum=exchangesvrdeploy
  http://social.technet.microsoft.com/Forums/office/en-US/663f0dc3-a977-408a-93c7-94584fbefc62/public-folder-issue-cross-forest-migration-exchange-2010-to-2013?forum=exchangesvrdeploy
  <o:p></o:p>
  Title: Migrate Public Folders to Exchange 2013 From Previous Versions<o:p></o:p>
  Link:
  http://technet.microsoft.com/en-us/library/jj150486(v=exchg.150).aspx<o:p></o:p>
  <o:p> </o:p>
  So for public folder migration,
  the only supported path is cross forest 2007/2010 to 2007/2010 and then inter forest 2007/010 to 2013. Or
  we can first export all the public folder to PST from the Exchange 2007 forest, then import the PST to the Exchange 2013 forest.
  <o:p></o:p>
  Regards, Eric Zou

• Gal Sync and group member sync cross forest. Not working together

    I am finalizing a cross forest migration. The End client needs an extended period of time with both domains up and running. I have been working with an advisory engineer and we are having a hard time.
    We started by setting up GAL sync and that works as expected. Then we tried to setup group provisioning, and I have that working. I can create a groups and add members, as long as those users are in FIM and the Target forest the membership information
  is preserved. During the process we removed the GAL sync agents for ease of troubleshooting. Now when I run the GAL sync agents and I search the connector space I am showing connector false on both sides. I am not sure how to correct that. The other objects
  were created by the DS agents and FIM.  If I sync a new object it will create a contact cross forest. 
    What I want it to do is run the GAL sync without group contacts. Synchronize the GAL on both sides. (Groups have been created on both sides of the domain and ADMT has moved the group membership with the user) After the GAL is synchronized I need FIM
  to synchronize the group membership adding the contacts from the missing users that have moved. I am not sure how to get that logic in the system.
    I am not sure I am going about this the right way. It may be easier to use the FIM and AD DS agents to provision users cross forest as contacts and the group membership would be preserved.  If that is the case, I am not sure how to pull
  that off.
  Does anyone have recommendations?
  Thank You

   
  This is an overview of basically how it works. 
  The Group sync is pretty much out of the box, the real key here is the User is imported to FIM and that 'Person' is then provisioned outbound as a contact. 
  Membership synchronizes with the Group and FIM maintains group membership cross forest as the source user, and the target contact are the same 'Person'. 
  Precedence is important.  The OU structure is the same on both forests and needs to be initialized.  The Groups Sync is ahead of the users and then the users sync, and the group membership
  syncs. 
  The attribute flow is a long list.  It includes all of the exchange information for the contact, and it provisions the contact as mail enabled on both sides.  There is no VB it’s all
  done in sync rules. 
  Next Ill post the attribute flow and precedence diagram, I’ll get that together this week (I hope).  I intend to put this up in a lab and get screen shots on the whole configuration. 
  I will do that as soon as I can.
  Let me know if you have questions.