So the problem:
All mailboxes of the users are migrated to a central Exchange server, comming from various Exchange 5.5/2003/2003 mailservers (contact me if you want to know how 🙂 ) . and mailboxes where cloned.. now the client needs to be pointed to the new exchange server else Outlook will not work. The challenge, how do you change your mapi profile.
We had 4 scenario’s
1: The domain is NT4 no trust or no domain at all!
2: The domain the user is in, has a trust with the Exchange domain
3 The domain the user is in is a Windows 2000/2003/2008 domain no trust
4: The user is in the domain
I’ve created a script that takes into account these 4 different options and uses them to determine the actual authentication path. To migrate the MAPI profile itself we used the program EXPROFRE.exe.
ExprofRe has to be called like: ExprofRe.exe /logfile= /targetGc=
Problem is, the authentication to the targetGC..
1: When there is no trust and the source domain is NT4 or a standalone machine, we use NTLM passthrough authentication. Inside the script we create a new local user, with the same username and password as a user in the target domain. To add this user (while a regular user is logged in) we do a runas:
Sub CreateProfmigAccount()
�
ExtDiag ” Running in NT migration mode, user account must exist”
strWindir = WshShell.ExpandEnvironmentStrings(“%Windir%”)
�
On Error Resume Next
�
Set objUser = GetObject(“WinNT://” & gstrClient & “/” & strMigUser)
If err=0 Then
Out ” Account already exists.”
Exit Sub
Else
Set objUser = Nothing
err.clear
End If
�
Diag ” Admin account : ” & strLocalAdmin
Diag ” Account to create : ” & strMigUser
�
Call MigrationAccountCheck
�
strProg = “CMD /C NET USER ” & strMigUser & ” ” & Unscramble(strMigPass) & ” /ADD”
strCmd = “runas /env /user:” & Unscramble(strLocalAdmin) & ” “”” & strProg & “”””
ExtDiag strCmd
rc=WshShell.Run(strCmd,2,False)
strWindowTitle = strWindir & “System32runas.exe”
ExtDiag strWindowTitle
bolResult = False
bolResult = WshShell.AppActivate(strWindowTitle)
while bolResult = False
StdOut.WriteLine ” Focus Failed, retrying.”
WScript.Sleep 50
bolResult = WshShell.AppActivate(strWindowTitle)
Wend
StdOut.WriteLine ” Focus succeeded.”
strLocalAdminPass2=Unscramble(strLocalAdminPass)
WshShell.SendKeys(strLocalAdminPass2 & “~”)
wscript.sleep 1000
bolCreated = false
Retry = 0
Do While bolCreated = False And Retry < 10
WScript.Sleep 1000
Set objUser = GetObject(“WinNT://” & gstrClient & “/” & strMigUser)
If err=0 Then
Diag ” Account created.”
Exit Sub
Else
Set objUser = Nothing
retry = retry + 1
Diag “Did not find user, rechecking (” & tetry & “)”
err.clear
End If
Loop
�
End Sub
After the local user is created we do roughly the same thing, kicking off the exprofRe with a /netonly option and with the newly created user. Because of the /netonly the GC will be reached with an account that has the same username/password as an account in the target domain. Offcourse the accounts is also deleted afterwards.
2: When there is no trust between the domains, we can use UPN Suffixes. Add a new UPN suffix to the target domain (migrations.local for example). Create a new user on the target domain (GC@migrations.local) and create the exact same on the Windows 2000/2003/2008 domain of the source.
On the client side we can now do a runas /netonly /user:GC@migrations.local Exprof….blabla
3: When there is a trust, just use runas /netonly /user:<targetdomain>username Exprof blabal
4: just run Exprof with the options
So basically, there are numerous ways to script around authentication, use your imagination to see which one fits your requirements
Sub RunExprofRE(strValue2)
‘ *********ExProfRedirector runner************************
‘ Runs ExprofRe with MigUser credentials in RunAs /Netonly
‘ First sets command ready and creates CMD object
‘ then runs cmd window with command
‘ finally enters the password using sendkey’s
‘*********************************************************Set StdOut = WScript.StdOut
strLogonServer = WshShell.ExpandEnvironmentStrings(“%LogonServer%”)If useRPC=0 Then
strProg = strExprofRe & ” /logfile=” & strLogLocation & “” & WshNetwork.ComputerName & “-” & “%USERNAME%” & “-” & strValue2 & “.log /q /targetgc=” & strGCServer
Diag strExprofRe & ” /logfile=” & strLogLocation & “” & WshNetwork.ComputerName & “-” & “%USERNAME%” & “-” & strValue2 & “.log /q /targetgc=” & strGCServer
Else�
strProg = strExprofRe & ” /logfile=” & Chr(34) & strLogLocation & “” & WshNetwork.ComputerName & “-” & “%USERNAME%” & “-” & strValue2 & “.log /q /targetgc=” & strGCServer & ” /p=” & strRpcPath
Diag strExprofRe & ” /logfile=” & strLogLocation & “” & WshNetwork.ComputerName & “-” & “%USERNAME%” & “-” & strValue2 & “.log /q /targetgc=” & strGCServer & ” /p=” & strRpcPath
End IfIf ScriptMode=4 Then
‘Using only simple command
Diag “Running Mode 4 of script, running:”
Diag strProg �
stdOut.WriteLine ” Command initialized”
rc=WshShell.Run(strProg,2,False)
Else
‘Set command ready
Select Case ScriptMode
Case 1 ‘NT4
strCmd = “runas /env /netonly /user:” & gstrClient & “” & strMigUser & ” ” & chr(34) & strProg & chr(34)
Diag “==> COMMAND THAT WILL BE RAN <===== NT4 Mode”
Diag strCmd
Case 2 ‘ UPN migration
strCmd = “runas /env /netonly /user:” & strMigUser & ” ” & chr(34) & strProg & chr(34)
Diag “==> COMMAND THAT WILL BE RAN <===== UPN Mode”
Diag strCmd
Case 3 ‘ Trusted Domain Migration
strCmd = “runas /env /netonly /user:” & strMigUser & ” ” & chr(34) & strProg & chr(34)
Diag “==> COMMAND THAT WILL BE RAN <===== TRUST Mode”
Diag strCmd
End Select
�
Diag “Command initialized”
rc=WshShell.Run(strCmd,2,False)
�
strWindowTitle = strWindir & “System32runas.exe”
‘Wait for command window
bolResult = False
bolResult = WshShell.AppActivate(strWindowTitle)
while bolResult = False
ExtDiag ” Preparing Command for Execution”
Wscript.sleep 50
bolResult = WshShell.AppActivate(strWindowTitle)
Wend
�
stdOut.WriteLine ” Executing command”
‘Sending Password
strMigpass2=Unscramble(strMigPass)
ExtDiag strMigPass
WshShell.SendKeys(strMigpass2 & “~”)
End If
�
End Sub