Due to annoyances with our remote access system our users accessed OWA differently depending if they are
faculty or staff (identified by active directory security group). So I needed a way to migrate only the staff to the new exchange 2007 server. Well all the staff are members of the sonicwall – staff group. Rather than move each mailbox one at a time to the new server and then redo the group memberships I created a powershell script to do it for me. Here is what it does.

  1. uses Get-QADUser to find all users in an OU
  2. checks each user found to see if it’s a member of the Sonicwall – Staff group
  3. if yes
  4. then move the mailbox
  5. remove user from sonicwall – staff group
  6. add to sonicwall – exchangehub group

I also added some logic for later when I’m ready to move the faculty over. Just for clarification, the faculty aren’t being moved yet because some of them have Macs. Annoyingly Entourage for Mac doesn’t know how to find a mailbox on an exchange server if the mailbox has been moved.

The script uses the Quest AD powershell addon, so that will have to be install before running.

Here is the script:

# Instruction to add Snap-ins
set-Location c:<br />#add-PSSnapin  quest.activeroles.admanagement
#Add-PSSnapin -name Microsoft.Exchange.Management.PowerShell.Admin</p>

$colResults = Get-QADUser -SearchRoot mtmercy.edu/IT/testing

foreach ($i in $colResults)
    {
        #Check if user is in staff group
        if ((Get-QADUser -identity $i).memberof -eq “CN=Sonicwall – Staff,OU=Sonicwall,OU=Security Groups,DC=mtmercy,DC=edu”)
        {
            Write-Host “found staff”
            Write-Host “Moving” $i
           
            Move-Mailbox -Identity $i.samAccountName -TargetDatabase “exchangehub\First Storage Group\Mailbox Database” -SourceMailboxCleanupOptions DeleteSourceMailbox -confirm:$false
            add-QADGroupMember -identity “CN=Sonicwall – Exchangehub,OU=Sonicwall,OU=Security Groups,DC=mtmercy,DC=edu” -member $i.dn
            Remove-QADGroupMember -Identity “CN=Sonicwall – Staff,OU=Sonicwall,OU=Security Groups,DC=mtmercy,DC=edu” -Member $i.dn
            Remove-QADGroupMember -Identity “CN=Sonicwall – Faculty,OU=Sonicwall,OU=Security Groups,DC=mtmercy,DC=edu” -Member $i.dn
        }
       
        #Check if user is in faculty group
        if ((Get-QADUser $i).memberof -eq “CN=Sonicwall – Faculty,OU=Sonicwall,OU=Security Groups,DC=mtmercy,DC=edu”)
        {
            Write-Host “found faculty”
#            add-QADGroupMember -identity “CN=Sonicwall – Exchangehub,OU=Sonicwall,OU=Security Groups,DC=mtmercy,DC=edu” -member $i.dn
#            Remove-QADGroupMember -Identity “CN=Sonicwall – Staff,OU=Sonicwall,OU=Security Groups,DC=mtmercy,DC=edu” -Member $i.dn
#            Remove-QADGroupMember -Identity “CN=Sonicwall – Faculty,OU=Sonicwall,OU=Security Groups,DC=mtmercy,DC=edu” -Member $i.dn
        }
    }</span>

</blockquote>

UPDATE:
There are some problems with this script. While it does work, it doesn’t work well. The big problem is memory usage, which I suspect can be fixed. The script also has problems with people who have changed their names, should be easy to fix, or at least work around. Lastly, due to the way I wrote the script it will not move more than one mailbox at a time, which is more of an annoyance than a real problem. I’m open to any ideas on how to improve this script.