subject: exchange

Inter-Org Distribution List Migration

I had this post on at my previous blog and also at MSD2D, but I think it makes sense in putting it here also. You can download the code here.

Almost 40% of the current Microsoft Exchange customers are still using Exchange 5.5. Probably most of them have plans to migrate to the latest version, Exchange 2003 SP1, in the near future. There is lots of literature available about the right procedures for such a task, so if we’re not talking about something very complex, the migration process should be painless.

One of the difficulties you should be aware of (and now I’m speaking particularly for those who are about to migrate) is the migration of the old Exchange 5.5 Distribution Lists (DLs) to the new Universal Distribution Groups (UDGs) in Active Directory, when in an inter-organization scenario.

Migrating DLs in the same organization doesn't represent any challenge, because you can use Active Directory Connector (ADC). Normally, you’ll use Active Directory Connector (ADC) to automate this task. When in the same organization, the ADC replicates all the Exchange Server Distribution Lists to Active Directory as Universal Distribution Groups. But when you do synchronization from an Exchange Directory on a different organization, all you get on Active Directory is mail enabled contacts.

The only way I know to migrate DLs in this scenario (without using third party tools) is by exporting the DLs, and then using the LDIFDE or CSVDE command-line utilities to convert them to UDGs.

I had recently the opportunity to work on a client who needed this DL migration process, so a couple of colleagues of mine, Paulo Lopes and Paulo R. Lopes (they’re not related, before you ask), with a little contribution from myself, came up with the method I’ll describe next.

You can run the following command to perform a DL export from an Exchange 5.5 server (E55SERVER) in a Windows NT 4.0 Domain (NT4DOMAIN), using an NT4 account (NT4ACCOUNT) as the credentials:

ldifde -m -f DL_E55_NT4DOMAIN_OUT.txt -s E55SERVER -u -r "(objectClass=groupOfNames)" -l objectClass,rdn,cn,mail,otherMailbox,Extension-Attribute-1,Extension-Attribute-2,Extension-Attribute-3,Extension-Attribute-4,Extension-Attribute-5,Extension-Attribute-6,Extension-Attribute-7,Extension-Attribute-8,Extension-Attribute-9,Extension-Attribute-10,Extension-Attribute-11,Extension-Attribute-12,Extension-Attribute-13,Extension-Attribute-14,Extension-Attribute-15,textEncodedORaddress,uid,member -b NT4ACCOUNT NT4DOMAIN *

Then you must run a CSVDE export, in order to get the right Display Name:

csvde -f MB_E55_NT4DOMAIN.txt -s E55SERVER -u -r "(objectClass=*)" -l
objectClass,Admin-Display-Name,rdn,cn -b NTACCOUNT NT4DOMAIN *

The last step to import the DLs to Active Directory is to run LDIFDE again, using a global catalog server (GCSERVER):
ldifde -i -f DL_E55_NT4DOMAIN_IN.txt -s GCSERVER -j .\

The main problem with this method is that you’ll have to do some tweaking on those LDFIDE and CSVDE files in order to import them properly to the Active Directory. This can become a long, long time-consuming task (I know, I’ve been there). So I decided to create a script in order to automate this process.

Here is a brief description of what the script does:
1. Extracts Distribution Lists to a file using LDIFDE; 2. Extracts Exchange 5.5 Directory to a file using CSVDE (this is only necessary to match a user's display name to his account name); 3. Modifies the first extracted file so that it can be imported using LDIFDE. Here is where the script does all its magic; 4. Imports DLs to Active directory as UDGs.

You still have to use ADC to synchronize the GAL. In fact, you must first import Exchange 5.5 users if you want the migrated DLs to be populated. So I strongly advise you to read the following KB article:

XGEN: How to Configure a Two-Way Recipient Connection Agreement for Exchange Server 5.5 User

Don’t forget that before you can run the script, you’ll have to modify the following variables:

strDN: the Distinguished Name of the destination OU
E55Server: the Exchange 5.5 server
GCServer: the Global Catalog server
NTUser: the NT User Account to connect to the source domain
NTDomain: the NT source domain

I don’t wish to bother you with one of those big disclaimers about responsibility or copyright, so I’ll just say that I’m offering you this script with the best of intentions, but you should always test before doing anything that can compromise your production environment. Besides that, feel free to distribute it to all your friends and to modify it, although I would appreciate that you drop me an email in case of new improvements.

Any feedback is always welcome.

You should also know that there are some issues with this tool: