Академический Документы
Профессиональный Документы
Культура Документы
This is a preliminary document and may be changed substantially prior to final commercial release of the software described herein. The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication. This white paper is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in, or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. 2009 Microsoft Corporation. All rights reserved. The example companies, organizations, products, domain names, email addresses, logos, people, places, and events depicted herein are fictitious. No association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred. Microsoft, Active Directory, Internet Explorer, Outlook, SharePoint, Windows, and Windows NT are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. All other trademarks are property of their respective owners.
Table of Contents
Table of Contents..........................................................................................3 Introduction...................................................................................................6 Gathering Information...................................................................................9 Lotus Domino Servers......................................................................................9 Routing and Replication Topologies...............................................................10 Network Information......................................................................................10 Backup and Restore Procedures....................................................................11 Client Information..........................................................................................11 User Data.......................................................................................................12 Other Information..........................................................................................12 Diagramming.................................................................................................14 Building a Test Lab and Evaluating Options.................................................16 One Phase or Two........................................................................................18 Single-Phase Migration..................................................................................18 Advantages.............................................................................................18 Disadvantages........................................................................................19 Multiple-Phase Migration................................................................................19 Advantages.............................................................................................19 Disadvantages........................................................................................20 Coexistence............................................................................................20 Long-Term Coexistence..........................................................................21 Installation Tasks.........................................................................................21 Installing Transporter Suite Components on an Exchange Server................22 Dependencies.........................................................................................22 Installing Transporter Suite Components on a Windows SharePoint Services Server............................................................................................................. 24 Dependencies.........................................................................................24 Installing Transporter Suite Components on a Migration Workstation..........24 Dependencies.........................................................................................24 Installing Transporter Suite Components on a Domino Server......................24 Dependencies.........................................................................................24 Single-Phase (Big-Bang) Migrations.............................................................26 Configuring One-Way DirSync........................................................................26 Domino to Exchange...............................................................................26 Two-Phase (Coexistence) Migrations............................................................34
3 Microsoft Transporter Suite for Lotus Domino 3
Namespace Design........................................................................................34 Using disparate namespaces to route mail............................................34 Shared Namespace Design.....................................................................35 Address Book Design.....................................................................................37 Using a single Name and Address Book.................................................38 Using multiple Name and Address Books...............................................38 Configuring Two-Way DirSync........................................................................41 Prerequisites ..........................................................................................41 Configuration..........................................................................................41 Use.......................................................................................................... 46 Configuring Free/Busy Lookup.......................................................................50 Exchange configuration..........................................................................50 Domino Configuration.............................................................................58 Configuring SMTP Connectivity......................................................................61 Using Disparate or Shared/Subdomain Namespace design...................61 Using Shared/Smarthost Namespace design..........................................77 Testing and Other issues to note............................................................86 Removing SMTP connectors...................................................................88
Tasks Common to All Migrations..................................................................89 Migrating Users..............................................................................................89 Prerequisites...........................................................................................89 Configuration/Use...................................................................................90 Migrating Groups...........................................................................................94 Prerequisites...........................................................................................94 Configuration/Use...................................................................................94 Migrating Mailboxes.......................................................................................99 Prerequisites ..........................................................................................99 Configuration/Use.................................................................................100 Post-migration tasks.............................................................................105 Migrating PABs and Personal Archives.........................................................106 Prerequisites ........................................................................................106 Configuration/Use.................................................................................107 Troubleshooting.........................................................................................115 Troubleshooting Directory Synchronization.................................................115 Domino to Exchange.............................................................................116 Exchange to Domino.............................................................................116 Troubleshooting Free/Busy Requests..........................................................118 Make sure Notes.ini file is Available.....................................................118 Verify Servers Configuration.................................................................118 Verify Firewall Port Configuration.........................................................120 review Domino Person Documents.....................................................122
4 Microsoft Transporter Suite for Lotus Domino 4
Turn On Additional Logging..................................................................125 Additional Information on the Free/Busy Architecture.........................127 Troubleshooting Mail Flow...........................................................................139 Diagramming the message paths.........................................................139 Messages stuck in Exchange (no NDR).................................................139 Additional logging.................................................................................145 Known compatibility issues..................................................................147 Troubleshooting User Migration...................................................................149 Active Directoryrelated issues............................................................149 Exchange Serverrelated issues...........................................................150 Other items to note..............................................................................151 Logging.................................................................................................151 Troubleshooting Group Migration................................................................151 Logging.................................................................................................152 Troubleshooting Mailbox Migration..............................................................153 Extraction Versus Injection...................................................................153 Extraction issues...................................................................................153 Transformation/Injection issues............................................................154 A note on addressing............................................................................157 Logging.................................................................................................158 Troubleshooting PAB and Personal Archive Migration.................................159 Extraction versus injection...................................................................159 Extraction issues...................................................................................160 Transformation/Injection issues............................................................161 Logging.................................................................................................161
Appendixes................................................................................................162 Customizing Directory Synchronization.......................................................162 Adding and Removing Attributes..........................................................163 Mapping Functions................................................................................169 Determining the Internal Name of Directory Attributes.......................176 Other Directory Synchronization Topics......................................................177 MIIS.......................................................................................................177 Using a different Domino domain name to represent Exchange Server .............................................................................................................. 177 Upgrading DirSync from Exchange Server 2003 Lotus Notes Connectors .............................................................................................................. 178 Directory Migration Matching Algorithm......................................................180 Multiple Free/Busy Connectors....................................................................182 General PowerShell Information..................................................................184 Additional Information...............................................................................185
Introduction
The Microsoft Transporter Suite for Lotus Domino is used for coexistence between Lotus Domino and Active Directory with Exchange Server 2007, and migration from Lotus Domino to Active Directory, Exchange Server 2007 and Windows SharePoint Server 3.0. The suite can be used to configure Directory and Free/Busy interoperability between Lotus Domino version 6 or 7 and Active Directory with Exchange Server 2007. The suite can also enable migration of users and groups from Lotus Notes 5, 6, or 7 to Active Directory; mail, address books and personal archives from these same versions to Exchange Server 2007; and facilitate the migration of applications to Microsoft Windows SharePoint Services 3.0 or Microsoft Office SharePoint Server 2007. The Microsoft Transporter Suite for Lotus Domino includes the following tools: Directory Connector: Synchronizes users, groups, and Domino mail-in database information between the Windows Active Directory and the Lotus Domino Directory. Free/Busy Connector: Used in the coexistence phase to enable Lotus Notes and Microsoft Office Outlook users to perform free/busy queries against both Lotus Domino and Microsoft Exchange Server 2007 servers when scheduling meetings. Directory Migration: Creates or merges Active Directory accounts for Domino user objects. Group Migration: Creates or merges Active Directory groups for Domino group objects. Mailbox Migration: Migrates information from Domino Mail databases to Exchange Server 2007 mailboxes. PAB and Archive Migration: Migrates information from PAB (Personal Address Book) and Personal Archive databases to Exchange Server 2007 mailboxes. Application Analysis: Gathers and reports information from Domino applications. Application Migration: Migrates information from Domino applications to Windows SharePoint Services 3.0 and Office SharePoint Server 2007. The Transporter Suite provides two management interfaces: the Management Console and the Management Shell. Management Console: Provides a graphical user interface (GUI) and can be used for basic migrations. Management Shell: Adds functionality to the Microsoft Windows PowerShell command-line interface used to run single commands or to script a series of commands. It is typically used for complex command line or scripted migrations.
6 Microsoft Transporter Suite for Lotus Domino 6
This document provides conceptual information, how-to information, and some basic troubleshooting instructions for each migration phase using both the Transporter Management Console and the Management Shell. Note: The third-party Web site information referenced in this document is provided to help you find the technical information you need. The URLs are subject to change without notice. You can download the Microsoft Transporter Suite for Lotus Domino and related documentation, including this document, from Resources for Interoperability and Migration from Lotus Domino (http://www.microsoft.com/technet/move) on TechNet. The following flowchart captures the tasks and decision points of the mail migration process.
Two phase/co-exist
Disparate
Smarthosting
Subdomains
One or two phases ? Single NAB Single phase /big bang See configuration guidance
Multiple NABs
Yes
Remove Connectors
Each item in the flowchart (except for updating MX records, as updating MX records is DNS-server dependent) has a corresponding section in this document with complete information to help you make decision, as well as guide you configure Domino and Exchange Server.
Gathering Information
Before embarking on any project, and especially with migration, it is important to understand the beginning and desired end-states. The challenge with migrations is that there is a large amount of information that you need to collect in order to understand the beginning state. First, you need to document (and usually diagram) the current infrastructure and how it is used in order for you to make decisions about how the migration will proceed. The Domino administrators can generally provide the information requested, but you need to make sure that you ask all the right questions if you expect to get complete answers. In general the information you need will include: (both mail and application) Routing and Replication Topologies Network Information Backup and Restore Procedures Client Information User Data
Mailbox-only servers may be easily retired after mail migration Mail routing servers may also be retired, after the mailbox-only servers they route for have been retired Application servers may be retired or consolidated after the migration of some applications, but may remain in production if it is impractical to migrate the applications hosted Designated administrator contact information
Network Information
The network information gathered may suggest optimal locations for Exchange Server 2007 servers for example, if slow links connect some sites, these sites may require a server presence or that links be upgraded. A topology diagram or detailed information that provides the following: Local area network (LAN) configurations Wide area network (WAN) configuration
10 Microsoft Transporter Suite for Lotus Domino 10
Include speed and latency Firewalls and the restrictions Routers Low-bandwidth, high-latency, and intermittent links Internet connectivity Client locations Traffic statistics if kept Designated administrator contact information As with the mail routing topology, you should create a network diagram if it does not currently exist, because this makes it easier to determine where potential problems may arise.
Client Information
Different versions of the Lotus Notes client produce slightly different behavior, and various configuration options on the client can affect how mail is created and accessed. You should therefore get a sample set of data from clients that include: Version of Lotus Notes client in use Browser usage for example, iNotes or Domino Web Access (DWA) Use of Domino Designer and Domino Administrator Configuration standards and known deviations Hardware for example, x86, x64, other Operating system version, service pack, and hotfixes/updates Lotus Notes client configurations Variations in Location documents Online/Offline usage
11
User Data
User data such as the following can be useful, especially when you determine risk: List of users by domain/server A matrix of user to database template Quotas in force Designated help desk contact information In addition, you will need data on how users are stored in the directory; for example, single NAB, multiple NABs with Directory Assistance, Directory Catalogs, and so on.
Other Information
You may want to obtain the answers to the following questions to help you with your migration efforts. Are there any known problems in the current infrastructure that might adversely affect the migration project? Beware of overtaxing existing connections, transmission problems caused by inadequate software components, and inefficient or incorrect message routing. For example: Bottlenecks or malfunctioning connectors are the likely cause when messages are queued on a bridgehead server. Non-delivery reports (NDRs) are signs of incorrect message routing. Message loops, another common problem, are created if messages are routed multiple times through the same bridgehead. Exchange Server 2007 adds trace information to all transferred messages to detect message loops and to drop looping messages with a non-delivery report (NDR). However, if the message's path includes multiple messaging systems, the trace information might be lost during message conversion between the systems. In this situation, messages may loop indefinitely. The effect can be similar to that of an e-mail flood caused by a worm or virus therefore you should review the existing messaging topology carefully to make sure that the implementation of Exchange Server 2007 does not lead to message loops. What servers must remain? Does the organization have workflow dependencies or mail-in database functionality that requires that certain Lotus Domino servers must remain? How do you want SMTP messages to flow? Are you familiar with every application that is involved in sending e-mail messages? Understanding what applications send e-mail messages is critical to minimizing e-mail transmission problems. While administrators may be familiar with the
12 Microsoft Transporter Suite for Lotus Domino 12
UNIX and mainframe systems that are part of the overall message flow, who are sending e-mail messages and where they are sending to are generally not well documented. When you start retiring servers, or if you are trying to resolve odd e-mail addressing problems, you may have an issue with a rogue application that is sending messages in a non-standard way. Additional logging on all Domino servers with the SMTP listener task enabled may help you find these rogue elements. Are you planning to consolidate messaging resources when you deploy Exchange Server 2007? Exchange Server 2007 can support a very large number of mailboxes on a single server, and deployment of fewer but more powerful servers can help simplify your environment's messaging infrastructure. Identifying the hardware, bandwidth options, and physical user locations you plan to consolidate helps to determine the number of Exchange servers that must be deployed. What are the average and maximum e-mail database sizes in the Lotus Domino messaging system? Look at the current size of users mail databases. This information is very important when you define the Exchange Server 2007 servers storage capacities. At a minimum, the new environment should let all users store the same amount of data or more in their mailboxes. It is not a good idea to enforce more restrictive mailbox quotas on the new system as this might prevent users from experiencing the new mail environment as a positive change. Do the users send encrypted e-mail? The Transporter Suite migration tools do not migrate encrypted information. We recommend that you decrypt mail messages before migration. IBM provides the following documents: How to remove encryption from documents (http://www-1.ibm.com/support/docview.wss? rs=0&uid=swg21089495); and Removing encryption from all documents in your mail file (http://www-1.ibm.com/support/docview.wss? rs=0&uid=swg21110567). Third-party tools are also available for you to use to migrate encrypted mail. These tools decrypt the e-mail by having each end-user run the tool, which decrypts the e-mail message before migration. To locate partner solutions for migrating encrypted e-mail message, see the Microsoft Solution Finder (https://solutionfinder.microsoft.com/default.aspx). Regardless of which method that you choose, the migrated e-mail items will not be encrypted in Exchange Server. If you do not want to store sensitive information in Exchange Server 2007 without decrypting it, you should not migrate these items.
13
Do users require training on Microsoft Office Outlook? Users who are familiar with Outlook will find the migration to Exchange Server 2007 straightforward. However, novice users might face a steep learning curve because Outlook offers a comprehensive set of messaging features. You can ease this situation by providing appropriate user training. Other messaging clients such as Eudora are supported because Exchange Server 2007 supports POP3 and IMAP4. However, remember that Internet clients are usually not as powerful as Outlook especially with respect to calendaring capabilities and this lack of features might become a productivity issue for users. Is the help desk prepared for increased workload related to directory and mail coexistence and migration? The interoperation and migration phases put pressure on help desk personnel because the support call volume increases when users start to use their new messaging clients. We recommend that you dedicate a help desk specialist specifically to Outlook-related questions and that you train this person thoroughly. To maintain productivity in larger organizations, the Outlook task force may consist of a number of experts. You might want to temporarily increase the headcount in the help desk department. It is reasonable to assume that the call level will return to normal within six months after migration is completed. How will you keep management, IT administrators, user help desk personnel, and users updated about the migration progress? It is important to keep everyone in your organization fully informed about the migration progress. For example, the users must know when they are scheduled for Outlook training, and the IT administrators, user help desk personnel, and management need information about project progress. We recommend that you create a detailed communication plan. Many organizations implement a dedicated intranet site to facilitate communication about the migration.
Diagramming
Diagrams of the beginning state do not take much time to produce. The benefits of diagrams are that they can communicate information quickly and more easily than a large list of tables and text. Beginning state diagrams should contain the basic information. More detailed information (such as version information) should be stored in spreadsheets or by other means. A simple routing topology diagram such as the following would be much easier to understand than text indicating the same information.
14
Router 2/Routing
NewYork/Americas
Router 1/Routing
Sydney/Asia
Tokyo/Asia
London/Europe
Paris/Europe
Internet
The Domino Administrator client includes some functionality to diagram e-mail flow and replication paths as shown in the following figure:
This can provide the beginnings of the routing topology diagrams. Note: that the mapping functions provided do not map connections between Domino domains.
15
16
Remember that the success of any migration depends on your preparation: gather the information, configure the lab, test as much as possible before you move to a production environment.
17
Single-Phase Migration
Performing a single-phase migration excludes the coexistence phase and migrates all the users, groups, mailboxes, and user data in a single pass. Before the migration, all users use Lotus Notes and Domino for messaging. After the migration, all users use Microsoft Office Outlook and Microsoft Exchange Server 2007, and the Lotus Domino e-mail servers are decommissioned. Single-phase migration is typically only implemented at small organizations with a simple messaging infrastructure. It still requires significant planning and testing to make sure that the whole organization will move seamlessly from Lotus Domino to Microsoft Exchange Server 2007 without overwhelming the help desk.
Advantages
The most significant advantages of a single-phase migration are: All users migrate at the same time, yielding quick results. Time is saved in the planning phase because coexistence does not have to be tested, supported, or implemented. There is no requirement for message or calendar connectivity between the two messaging environments. Note: Some directory synchronization must still occur from Domino to Active Directory to make sure that migrated messages can be replied to.
18 Microsoft Transporter Suite for Lotus Domino 18
Preserving existing e-mail addresses is straightforward because the new Exchange Server 2007 messaging system replaces the Lotus Domino messaging system.
Disadvantages
The most significant disadvantages of a single-phase migration are: The migration of large numbers of users or large amounts of data can result in unacceptable downtime. The whole Exchange Server environment must be implemented before migrating users. The pace of the migration cannot be controlled by migrating divisions or departments individually. Flexibility is limited. For example, it is not possible to leave a particular group of users on the Lotus Domino e-mail system.
Multiple-Phase Migration
Multiple-phase migration is recommended for larger organizations and those organizations with more complex messaging infrastructures. Larger organizations typically have multiple e-mail servers, frequently located in different physical locations. There may be several messaging clients that connect to the e-mail servers. It might not be feasible for all the e-mail databases to be migrated and for all the clients to be reconfigured at one time. In these situations, the migration process must occur over an extended period of time and include multiple phases. A multiple-phase migration allows for time to test, evaluate, and update the migration plan during the migration period. The migration is implemented in phases by migrating groups and physical locations simultaneously, while at the same time providing adequate support throughout the transition. Multiplephase migrations require coexistence, during which time e-mail users must be supported on both the Lotus Domino and Exchange Server 2007 platforms. One of the most important issues that you must consider in a multiple-phase migration is coexistence between the directories and messaging systems, because users on the old e-mail system must be able to exchange messages with users who have already migrated to the new e-mail platform. Because users usually exchange e-mail messages primarily with other users in the same workgroup or department, we recommend migrating related workgroups or departments at the same time. Migrating these groups of users simultaneously can help to reduce the number of messages that must be routed between the two disparate messaging environments.
Advantages
The most significant advantages of a multiple-phase migration are as follows: Control the pace of migration. Stage server and client deployments according to migration phases. There is no need to establish the whole Exchange Server environment before migrating users. Complete migration in incremental and manageable steps.
19 Microsoft Transporter Suite for Lotus Domino 19
Migrate related departments, business units, or teams simultaneously and migrate users who require access to each other's calendars and e-mail databases during the same migration phase. Synchronize reconfiguration of the messaging client and end-user training with the migration of mailboxes. Minimize risk. If one particular operation in the multiple-phase migration is not successful, a limited number of people are affected. If migration of a group of users fails for any reason, users can continue to work with their Lotus Domino e-mail databases until the issues are resolved.
Disadvantages
The most significant disadvantages of a multiple-phase migration are: Multiple-phase migrations are more time-consuming, and therefore, more expensive when compared to single-phase migrations. Connectors must be deployed and supported. Directory synchronization must be configured between the systems to enable the Lotus Domino messaging system and the Exchange Server 2007 organization to interoperate as seamlessly as possible. Both the Lotus Domino and Exchange Server 2007 messaging systems must be maintained and supported for a period of time.
Coexistence
In any multiple-phase migration, there will always be a phase in which the Lotus Domino messaging environment must coexist with the Microsoft Exchange Server 2007 environment. Because not all users are migrated at the same time, some users will remain in the Lotus Domino messaging environment while other users are in the Microsoft Exchange Server 2007 environment. For these users to route e-mail to one another, the Active Directory and the Lotus Domino Directory must synchronize user and e-mail address information, e-mail must route between the two environments, and users should be able to perform free/busy calendar lookups regardless of the other users' e-mail platform. The key components involved in coexistence are: The Directory Connector tool in the Transporter Suite handles directory synchronization. An SMTP Connector handles message transfer, preservation of message paths, and message conversion. The Free/Busy Connector handles the free/busy calendar lookups between the systems.
Advantages
As described in Multiple-Phase Migration, temporary coexistence allows for controlled migration in phases.
20
Disadvantages
Coexistence is costly, support-intensive, and requires administrator knowledge of multiple messaging systems therefore many companies consider standardizing their communication infrastructure on a single messaging system as a key element in their messaging strategy.
Long-Term Coexistence
Long-term coexistence is basically a multiple-phase migration without an end. After users have been migrated to Microsoft Exchange Server 2007, the Domino messaging system continues to coexist. Some companies choose this strategy to preserve investments in existing technologies, such as complex line-of-business applications that rely on Domino.
Installation Tasks
Various components in the Transporter Suite can be installed on different types of computers: All connector components (Directory Connector and Free/Busy Connector): Can only be installed on Exchange Server 2007 servers with the Hub and/or Client Access Server (CAS) roles installed; optionally, other roles (such as Mailbox or Unified Messaging) can also be installed. E-mail Migration components (both the GUI and PowerShell cmd-lets): Can be installed on an Exchange Server 2007 server, or a separate workstation. Running migrations from a separate workstation has the advantage of not affecting production should problems arise (such as a Lotus Notes session crash, for example). Application Analysis and Migration components (both the GUI and PowerShell cmd-lets): should be installed on a Windows SharePoint Services server. An add-in task for Lotus Domino: Must be installed on a Domino server designated as the bridgehead for Free/Busy queries to provide lookups from Notes clients requesting Exchange Server users Free/Busy data. The most recent version of the Transporter Suite can be downloaded from http://go.microsoft.com/fwlink/?linkid=82688, in both 64-bit and 32-bit versions: The 64-bit version of the Transporter Suite is used on production Exchange Server 2007 servers and 64-bit migration workstations The 32-bit version of the Transporter Suite is used on 32-bit migration workstations, and test Exchange Server 2007 servers on a 32-bit operating system. Note: The 32-bit Exchange Server 2007 servers are not supported for production use.
21
22
23
Dependencies
Lotus Domino server Microsoft Windows operating system Note: The Microsoft Remote Procedure Call (MSRPC) protocol used for communication between Domino and Exchange has not been ported to other platforms. Again, installation is relatively straight-forward:
24 Microsoft Transporter Suite for Lotus Domino 24
1. On the Welcome page, click Next. 2. Accept the terms of the license agreement, and then click Next. 3. Select Free Busy Connector Add-In Task For Lotus Domino. The installation location is determined based on information the Domino servers places in the Registry upon installation.
4. Click Install, and then click Finish. Configuration guidance for this component can be found in the Configuring Free/Busy Lookup section of this document.
25
26
Configuration
To begin, a new connector must be created. To create a new directory connector 1. Open the Transporter Management Console. In the left pane, click Connect, and then, in the right pane, click Create Directory Connector.
27
To configure the new directory connector To configure the connector, double-click the newly created object, and you are presented with tabbed property pages to fill in, the first being the General tab. 1. On the General tab, choose a global catalog by clicking the Browse button. You are presented with a list of global catalog servers, including their site information. Choose a global catalog in the same site as the Exchange Server 2007 server. 2. Next, type a Domino Server name. This server should contain replicas of all Name and Address Books containing users that will be migrated to Exchange Server. 3. Then, enter and confirm the password for the user whose ID file is installed on the Exchange Server 2007 server. If the typed passwords do not match (note that they are not verified against the ID file yet), a red flashing exclamation point ( ) will be displayed. Once this information has been entered, you can move to the Sync to Active Directory tab. Here, you enter the Name and Address Books and other associated information.
28 Microsoft Transporter Suite for Lotus Domino 28
4. Click the Add button to enter the following information: The source Name and Address Book (for example, NAMES.NSF) The source Domino domain name (for example, Domino Domain) The associated SMTP domain name (for example, contoso.com): The associated SMTP domain name is used to construct a targetAddress for the contact that will be created. It will not be used in a single-phase migration. 5. If there are multiple source NSFs, repeat this process for each of them. 6. Then, choose a Target Organizational Unit for the contacts to be created by clicking the Browse button. Note: The server account (COMPUTERNAME$) must have Full Control permissions on the chosen organizational unit (OU) and on all subcontainers for the account to be able to write, modify, and delete objects. After you set the permissions using Active Directory Users and Computers as shown, click Advanced and choose This container and all sub containers:
7. Because no migration back to Domino will occur, the Sync to Domino tab can be skipped. 8. On the Advanced tab, you can choose to synchronize groups to Active Directory. The Directory Synchronization component creates contact objects to represent Domino groups; later, you can migrate the groups including membership by using the Group Migration tool. See the Migrating Groups section in this document for additional guidance. A screen capture of a completed connector configuration follows:
29
Use
Although configured, Directory Synchronization will not automatically occur. To perform the synchronization, you can either use the Transporter Management Console or a command in the Transporter Command Shell. To perform Directory Synchronization using the Transporter Management Console 1. Open the Transporter Management Console. In the left pane, click Connect, in the middle pane highlight the Domino Directory Connector, and then in the right pane, click Synchronize Now.
30
2. A new page will be displayed that indicates the task to be performed. Click Next. 3. On the following screen, there are several synchronization options. Choose Full Synchronization, make sure that the Full one way synchronization from Domino option is selected, and then click Next. 4. On the summary screen that follows, click Next. A completion screen will be displayed, and should indicate that the wizard completed successfully.
31
Note: The Elapsed Time displayed represents the time taken to start the process the process is not yet complete. To perform Directory Synchronization using the Transporter Command Shell To perform the same task in the Transporter Command Shell, use the StartDominoDirectoryConnector cmdlet as shown:
32 Microsoft Transporter Suite for Lotus Domino 32
The next step in a single-phase migration is to migrate users. See the Migrating Users section later in this document for guidance.
33
Namespace Design
Namespace design here refers to the SMTP domain names of the organization exposed to the Internet. Some options in use are described in the following table. Type
Unified namespace Divisional or geographical Technology-specific Disparate
Additionally, division, geographical, or disparate namespaces may be used internally, but a unified namespace exposed to the Internet. A unified namespace means that even though within the corporate network users may have a divisional, geographic or technology-specific address, a unified view of the organization is presented outside the corporate network.
34
Configuration of Edge Transport servers is beyond the scope of this document. Additional guidance can be found at Planning for Edge Transport Servers (http://technet.microsoft.com/en-us/library/aa996562.aspx) on the TechNet Web site.
35
36
Disadvantages
The ID of the user associated with the Transporter gains any additional permission to the main Domino directory. Should the ID file and associated password be compromised, configuration changes can be made to the Domino environment.
Use
The ID of the user associated with the Transporter must be granted access to create, modify, and delete documents in the default address book (NAMES.NSF). This is known as Manager with Delete Documents access in Domino parlance. The required permissions are as shown:
38
Disadvantages
More complicated to configure.
Use
The ID of the user associated with the Transporter must be granted access to read the default address book (NAMES.NSF). This is known as Reader access in Domino parlance. Required permissions are as shown:
Furthermore, a new Exchange address book must be created, and the ID of the user associated with the Transporter must be granted access to create, modify, and delete documents in this address book. This is known as Manager with Delete Documents access in Domino parlance. Because documents are created programmatically rather than through the UI, adding the ID file to specific roles (UserCreator, UserModifier) is not required.
39
The Directory Profile document should have the Domain defined by this Domino Directory set to Exchange (or the ForeignDomain value of the Directory Connector in Exchange Server 2007).
Additionally, this address book should be made available to all servers and clients either through replication and Directory Assistance or the use of Directory Catalogs. Some changes to server documents may also be required. In general, organizations that choose to use multiple address books will
40 Microsoft Transporter Suite for Lotus Domino 40
already be using one of these two methods to make other address books available.
Configuration
To start, a new connector must be created. To create a new directory connector 1. Open the Transporter Management Console, and in the left pane, click Connect. Then, in the right pane, click Create Directory Connector.
41
3. To configure the connector once created, double-click the newly created object. You are presented with tabbed property pages to fill in, the first being the General tab. 4. First, determine how often automatic Directory Synchronization should occur. This depends on several factors, such as: How large are the directories? How frequently do the directories change? Typically, most installations will be set to synchronize somewhere between every hour and every four hours. Note: By default, the Microsoft Exchange Directory Connector Service for Lotus Domino is set to Manual. You should configure this service to be Automatic if you want scheduled directory synchronization to occur. If the service remains set to Manual, the service will not be started after a reboot. You can change the server startup using the Services MMC snap-in as shown:
42
5. Second, choose a global catalog by clicking the Browse button. You are presented with a list of global catalog servers, including their site information. Choose a global catalog in the same site as the Exchange Server 2007 server. 6. Next, type a Domino Server name. This server should contain replicas of all Name and Address Books containing users that will be migrated to Exchange Server. 7. Then, enter and confirm the password for the user whose ID file is installed on the Exchange Server 2007 server. If the typed passwords do not match (note that they are not verified against the ID file yet), a red flashing exclamation point ( ) will be displayed. 8. Once this information has been entered, you can move to the Sync to Active Directory tab. Here, you enter the Name and Address Books and other associated information. 9. Click the Add button to enter the following information: The source Name and Address Book (for example, NAMES.NSF) The source Domino domain name (for example, Domino Domain) The associated SMTP domain name (for example, contoso.com): The associated SMTP domain name is used to construct a targetAddress for the contact that will be created. 10. If there are multiple-source NSFs, repeat this process for each of them. 11. Then, choose a Target Organizational Unit for the contacts to be created by clicking the Browse button. Note: The server account (COMPUTERNAME$) must have Full Control permissions on the chosen organizational unit (OU) and on all subcontaners for the account to be able to write, modify, and delete objects. After you set the permissions using
43 Microsoft Transporter Suite for Lotus Domino 43
Active Directory Users and Computers as shown, click Advanced and choose This container and all sub containers.:
12. Next, move to the Sync to Domino tab. On this tab you select which OUs and users will be synchronized back to Domino. 13. Click the Add button under Source Organizational Units to add OUs to synchronize with the Domino directory. Click Browse on the new dialog box to choose an OU to add. Note: The server account (COMPUTERNAME$) must have Read permissions on the OU chosen to be able to read objects. You can set and verify the permissions using Active Directory Users and Computers as shown:
14. Enter a Domino Directory Filename next. Depending on the address book model used, this may be NAMES.NSF, or the name of another address book. 15. Finally, click the Add button under Routable Exchange Domains to add SMTP domains that contain Exchange Server
44 Microsoft Transporter Suite for Lotus Domino 44
users. These domains should be reachable from the Domino servers, but not necessarily available from the Internet. 16. On the Advanced tab, you may decide to prevent the synchronization of Domino groups to Active Directory, as the Directory Synchronization component creates contact objects to represent Domino groups. Later, you can migrate the groups including membership using the Group Migration tool. See the Migrating Groups section in this document for additional guidance. Whether to synchronize groups and/or contacts from the Active Directory back to Domino depends on several factors: The timing of Group Migration The destination OU of Group Migrations Whether there are contacts in the Active Directory that it makes sense to synchronize Options to control the synchronization are the last items on the Advanced tab. The following figure is a screen capture of a completed connector configuration.
45
Use
Although configured, Directory Synchronization will not automatically occur. To perform the synchronization, you can either use the Transporter Management Console or a command in the Transporter Command Shell. To synchronize directories using the Transporter Management Console 1. Open the Transporter Management Console. In the left pane, click Connect, in the middle pane, highlight the Domino Directory Connector, and then, in the right pane, click Synchronize Now.
46
2. A new page will be presented indicating the task to be performed. Click Next. 3. On the following screen, there are several synchronization options. Choose Full Synchronization, make sure that the Full one way synchronization from Domino option is selected, and then click Next. 4. On the summary screen that follows, click Next. A completion screen will be displayed, and should indicate that the wizard completed successfully.
47
Note: The Elapsed Time displayed represents the time taken to start the process the process is not yet completed. To synchronize directories using the Transporter Command Shell To perform the same task in the Transporter Command Shell, use the Start-DominoDirectoryConnector cmd-let as shown:
48
Options include: -FullReloadtoAD: Rewrites all Active Directory objects into the Domino directory -UpdateToAD: Writes changes to Active Directory objects into the Domino directory -FullReloadToDomino: Rewrites all Domino objects into Active Directory -UpdateToDomino: Writes changes to Domino objects into Active Directory Other options can be found using the Get-Help Start-DominoDirectoryConnector command in the Transporter Command Shell.
49
Configuration
There are several items to configure on Exchange Server 2007 that are required in order to enable the lookup of Free/Busy information for Domino users: Public Folders Availability Client Access Server Settings Free/Busy Connector
Public Folders
A Public Folder server must be available in the Exchange Server 2007 Administrative Group. When first installing Exchange Server 2007, you are asked to choose whether compatibility with earlier versions of Outlook is required. Selecting the appropriate check box causes a Public Folder store to be created. Installations that contain Exchange Server 2003 will automatically have a Public Folder store created. In the event that a Public Folder store does not exist, one can be created. This Public Folder store is created on one of the servers with the Mailbox role. Note: Unless there is only a single Public Folder store in an Exchange Server 2007 organization, a Public Folder store cannot be created on
50 Microsoft Transporter Suite for Lotus Domino 50
Storage Groups that use Cluster Continuous Replication (CCR), Local Continuous Replication (LCR), or Standby Continuous Replication (SCR). To use the Exchange Management Console to create a new Public Folder store 1. In the left pane, click Server Configuration/Mailbox, and then choose a server from the middle pane. A Public Folder store can be created in an existing or new Storage Group.
A single screen creates and optionally mounts the new Public Folder database after configuration information has been entered. 2. In the Public Folder database name box, type the name of your database. If you are using the Exchange Management Console on the server where the database will reside, you can also click Browse to browse for an alternative location for the database files.
51
To use the Exchange Management Shell to create a new Public Folder store 1. Use a command of the form: New-PublicFolderDatabase Name "PF database name" StorageGroupName "SG name" This should be run on the server to host the new Public Folder store. To use the Exchange Management Shell to verify the existence of the Schedule+ Free/Busy public folder 1. A specific folder must exist to store items representing the Free/Busy information for Domino users. Verify the existence of this folder using the following command in the Exchange Management Shell: Get-PublicFolder Identity "\NON_IPM_SUBTREE\SCHEDULE+ FREE BUSY" -Recurse Output should be similar to:
Note: that the second entry, beginning with /ou=Exchange indicates the presence of the correct folder. Note: If an error message that resembles the following is returned, you must create the top-level folder.
There is no existing PublicFolder that matches the following identity: \NON_IPM_SUBTREE\SCHEDULE+ FREE BUSY
The command required to create the top-level folder is: New-PublicFolder Name "\NON_IPM_SUBTREE" Path "SCHEDULE+ FREE BUSY" Note: If you created the top-level folder above after the error, or if no error was returned, but the folder was not displayed, the subfolder will have to be created. The command required is of the form: New-PublicFolder Name "\NON_IPM_SUBTREE\SCHEDULE+ FREE BUSY" Path "EX:/o=OrgName/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)" For more information about Public Folders, see Understanding Public Folders (http://technet.microsoft.com/en-us/library/bb397221.aspx) on the TechNet Web site.
52 Microsoft Transporter Suite for Lotus Domino 52
Availability
Availability settings must be changed to cause the Availability service to use the Public Folder when gathering Free/Busy information for Domino users. This change must be performed using the Exchange Management Shell. Depending on the namespace design you chose, there may be multiple address spaces (SMTP domains) that need to be configured, including the address space used by Exchange Server. The command required is of the form: Add-AvailabilityAddressSpace ForestName dominodomain.com -AccessMethod PublicFolder Output is as shown:
For more information about Availability, see Understanding the Availability Service (http://technet.microsoft.com/en-us/library/bb232134.aspx) on the TechNet Web site.
53
Free/Busy Connector
Finally, the Free/Busy Connector must be created. To create the Free/Busy Connector 1. Open the Transporter Management Console. In the left pane, click Connect, and then in the right pane, click Create Free/Busy Connector.
54
To configure the Free/Busy Connector 1. To configure the connector once created, double-click the newly created object. You are presented with tabbed property pages to fill in, the first being the General tab. Notes On the General tab, the Schedule setting controls how often the Free/Busy connector will search for new objects representing Domino users in the Active Directory, and will create associated Public Folder messages to represent them. This setting does not control when Free/Busy information will be gathered for users. Other settings on the General tab include: Days of Free/Busy information: As the name suggests, this many days worth of availability data will be collected upon request. Maintain information in cache (seconds): When availability information is collected for Domino users it is cached; subsequent requests for the users availability information during this time will be returned from the cache. Timeout (seconds): The maximum amount of time a request can be outstanding to Domino; when this timeout is exceeded, cached information will be returned to the requestee.
55 Microsoft Transporter Suite for Lotus Domino 55
Note: The timeout setting should not be set above one minute. If the timeout is set too high, Availability could mark a Public Folder server as bad. If all Public Folder servers hosting a replica of the Free/Busy folder are marked as bad, no Free/Busy information will be retrieved for Domino users. 2. Next on the General tab, type a Domino Server name. This server will act as a bridgehead for Free/Busy requests to and from Exchange Server. 3. Then, enter and confirm the password for the user whose ID file is installed on the Exchange Server 2007 server. If the typed passwords do not match (note that they are not verified against the ID file yet), a red flashing exclamation point ( ) will be displayed. 4. Once this information has been entered, you can move to the Advanced tab. Click the Add button under Connected Domino SMTP Domains to add domains containing Domino users. This information is used to generate Free/Busy messages in the Public Folder. Typically, this list will match the data on the Directory Connector created during the Configuring Two-Way DirSync part of the installation, described earlier in this document.
56
Note: By default, the Microsoft Exchange Free Busy Connector for Lotus Domino service is set to Manual. You should configure this service to be Automatic. If the service remains set to Manual, the service will not be started after a reboot.
57
5. You can change this using the Services MMC snap-in as shown:
Domino Configuration
Domino uses domain documents to determine how to route Free/Busy requests throughout the system. Exchange Server users are represented as belonging to a foreign domain. Therefore, a Foreign Domain document must be created to indicate to Domino servers how to route requests.
Prerequisites
The add-in task from the Transporter Suite has been installed
Configuration
To create a Foreign Domain document in the Domino Administrator 1. In the Domino Administrator, go to the Configuration tab, and in the left pane, select Messaging/Domains. Choose Add Domain. 2. In the document presented, set the following options: Domain type: Choose Foreign Domain. Foreign domain name: Typically, this will be Exchange, but should match the ForeignDomain attribute on the Directory Connector created during the Configuring Two-way DirSync part of the installation, described earlier in this document. Gateway server name: Enter the name of the Domino server that will act as a bridgehead for Free/Busy requests to/from Exchange Server. This should match the Domino Server name configured on the Exchange Free/Busy connector.
58 Microsoft Transporter Suite for Lotus Domino 58
Gateway mail file name: Enter mail.box. Calendar server name: Enter the name of the Domino server that will act as a bridgehead for Free/Busy requests to/from Exchange Server. This should match the Domino Server name configured on the Exchange Free/Busy connector. Calendar system: Typically this will be mail.box1.
3. Click Save, and then click Close. This new document will have to replicate to other servers in the Domino domain. Note: For multiple domain installations, additional Nonadjacent Domain documents must be created to allow Free/Busy requests from these downstream domains to Exchange Servers users. 4. Finally, add the ExCalCon add-in task to the list of tasks the server will begin on startup. This can be performed by one of two methods: Using the Domino Administrator (or at the Domino console): Use the following commands in bold from the following screen capture. Input: show conf servertasks Output: Replica,Router,Update,AMgr,AdminP,Sched,CalCon,Rnr Mgr Input: set conf servertasks=[output] ExCalCon ExchangeServername CalendarSystem
Some versions of the Lotus Notes client will always send Notes RTF meeting requests to the first participant of a meeting. Notes routing then attempts to deliver this RTF message to a database with the same name as the Calendar System on the Calendar Server. Setting this to mail.box causes the message to be delivered to the default Mail Router mailbox, the message is converted and delivered correctly.
59
Editing the NOTES.INI (or SERVER.INI) file that controls the startup of the Domino server, adding the same information:
It is possible to use more than one Free/Busy connector to provide faster response times to remote users. Whether it is appropriate to install additional Free/Busy connectors depends heavily on the overall network structure. Typically, such an installation would only be in the largest of organizations, with several network locations where Exchange Server users and Domino users coexist, and there is high speed, low latency connectivity between the systems at that location. Additional Free/Busy Connector guidance can be found in the appendix of this document titled Multiple Free/Busy Connectors.
60
On Exchange
There are several configuration changes that have to be made on the Exchange Server 2007 server to enable smooth SMTP mail transfer between the systems.
server. Depending on how connectivity is established between the systems, choosing the External Relay Domain option may be appropriate. 4. Click New to add the domain. An example screen capture follows:
If you use the shared/subdomain design, you will also need to add the exchange domain as an Accepted Domain. To add the exchange domain as an Accepted Domain 1. Click the New Accepted Domain option in the right pane again, and then enter the following details in the new window: Name: Typically, enter the exchange domain name here with a comment that this represents Exchange to Domino users. For example: exchange.contoso.com (for Domino use) Accepted Domain: Enter the other domain name. For example: exchange.contoso.com 2. Select Authoritative Domain. E-mail is delivered to a recipient in this Exchange organization. 3. Click New to add the domain.
If you use the Shared/Subdomain namespace design, mailboxes in Exchange Server need to have an e-mail address added in the exchange domain. Instead of manually updating each user, an E-mail Address Policy can be created to perform this task. To create a new E-mail Address Policy 1. In the Exchange Management Console, in the left pane, click Organization Configuration/Hub Transport, and then click the E-mail Address Policies tab. 2. In the right pane, click the New E-mail Address Policy option and fill in details listed: Name: Typically, enter the exchange domain name. For example: exchange.contoso.com Include these recipient types: Choose The following specific types, and then select the following check boxes: Users with Exchange mailboxes Resource mailboxes Mail-enabled groups 3. After you click Next, you have the option of filtering the recipients that the policy will apply to. In this case, no additional filtering is required. Click Next. 4. On the third screen, click the Add button to configure how e-mail addresses should be created. In the E-mail address domain dropdown box, choose the exchange domain just added in the Accepted Domains section above. Sample screen captures to this stage follow:
63
5. Once this information has been entered, click Next. 6. The fourth screen lets you apply the policy now, or at a later time and optionally stop applying the policy if it runs longer than a specified time. Leave the schedule as Immediately, and then click Next. 7. The fifth screen summarizes the policy changes. Click New to continue. The last screen details the progress of policy creation and application. Sample screen captures follow:
64
For additional information about E-Mail Address Policies, see Understanding EMail Address Policies (http://technet.microsoft.com/enus/library/bb232171.aspx) on the TechNet Web site.
Send Connector
65
To create a Send Connector 1. Click the Send Connectors tab. From the right pane, choose New Send Connector. 2. The first page requires just two configuration items: Name: Typically, enter the other domain name here with a comment that this represents a connection to Domino users. For example: domino.contoso.com (To Domino) Intended use: Leave Custom selected 3. Click Next. 4. On the following page, click the Add button to enter the domain name. This should be the other domain. If subdomains are multiple-level (for example, toyko.domino.contoso.com), select the Include all subdomains check box. When you have finished entering all the domains containing Domino users, click Next. 5. On the third page, configure whether this Send Connector will use DNS or smarthosts. If you use smarthosts, click the Add button to enter either IP addresses or the remote servers Fully Qualified Domain Names (FQDNs). Using smarthosts allows for authentication and TLS/SSL connections from Exchange Server to Domino if desirable. When complete, click Next. 6. The fourth page lists the source bridgeheads, which are those Exchange Server 2007 Hub servers that you want to use to deliver mail to Domino. Click the Add button to select additional source bridgehead servers. When complete, click Next. 7. The fifth page displays a summary of the options selected. Click New to create the Send Connector.
66
67
Receive Connector
Finally, a Receive Connector must be configured to allow messages from Domino to enter the Exchange Server 2007 environment. To create a Receive Connector 1. In the Exchange Management Console, in the left pane, click Server Configuration/Hub Transport, select an Exchange Server 2007 Hub server as a destination bridgehead, and then, in the right pane, click New Receive Connector. 2. Similar to the Send Connector configuration, there are two configuration items: Name: Typically, enter hub server name, and add a comment that this is a connection to Domino users. For example: exchangehub.contoso.com (from Domino) Intended use: Leave Custom selected. 3. Click Next. 4. The following page allows for configuration of specific IP addresses and ports that this connector will listen on. Typically, you might have a specific IP address that will be used to receive from Domino, and the port will remain 25. Additionally, the FQDN that will be sent in the HELO/EHLO response can also be set. When you have finished configuring, click Next. 5. The third page allows for the restriction to specific IP addresses. Typically, you add only the IP addresses of Domino bridgehead servers. These can be added individually, or using a network ID and mask. Use the Add and buttons to modify the settings. When you have finished configuring, click Next. 6. The fourth page displays a summary of the options selected. Click New to create the Receive Connector.
68
For addresses in mail from Domino to be resolved to objects in the Active Directory (that is, the contact object representing the Domino user), some additional configuration is required after the Receive Connector is created.
69
To configure the Receive Connector 1. Double-click the newly created object. When you are presented with tabbed property pages to fill in, move to the Authentication tab. 2. By default, the Transport Layer Security(TLS) check box is selected. Clear this check box, and select the Externally Secured (for example with IPSec) check box instead. 3. Switch to the Permission Groups tab, and select the Exchange servers and Partners check boxes. E-mail from partners is considered safe to resolve. 4. Click OK to save these settings. For more information about Send and Receive Connectors, see Transport Architecture (http://technet.microsoft.com/en-us/library/aa996349.aspx) on the TechNet Web site.
On Domino
Prerequisites
Domino version 6.0.3 or later. Note: Domino 5 and earlier lack support for native iCal and HTML mail. Because Exchange Server 2007 will communicate with Domino using messages in these formats, Domino 5 is not supported. Using a Domino 6 or Domino 7 server as a bridgehead to Domino 5 servers may work. However,, troubleshooting of any content conversion issues would begin with IBM. Domino 8 has not been tested, but it is not expected that iCal and HTML support would be significantly different.
Configuration
Depending on the namespace design chosen, there will be some differences in the configuration of Domino. There are several documents to verify or configure on the Domino side: Global Domain Document Foreign SMTP Domain Document Connection Document Server Documents Server Configuration Documents
To create a new Global Domain document if one does not exist, click Add Domain. The Global Domain document should show the following settings: Domain type: Global Domain Global Domain role: R5/R6/R7 Internet Domains or R4.x SMTP MTA Local primary Internet domain: The default authoritative domain name. Alternate Internet domain aliases: There may be several entries here. If you use disparate namespaces, the other domain may be listed here. If you use subdomains, the domino subdomain should be listed here. Internet address lookup: Enabled This setting (if Enabled) overrides the setting on the Server Configuration document (see below). This causes a lookup attempt for an InternetAddress on the Person documents of the sender and recipients. An example Global Domain document follows:
71
To configure the Foreign SMTP Domain Document 1. In the Domino Administrator, go to the Configuration tab, and, in the left pane, select Messaging/Domains. 2. To create a new Foreign SMTP Domain document to route messages to Exchange Server 2007, click Add Domain. The Foreign SMTP Domain document should show the following settings: Domain type: Foreign SMTP Domain Messages addressed to/ Internet Domain: The domain name containing Exchange Server 2007 users. If you use disparate namespaces, the other domain should be listed here. If you use subdomains, the exchange2007 subdomain should be listed here2. Should be Routed to/ Domain name: SMTPtoExchange3 An example Foreign SMTP Domain document follows:
Note: No Domain document for this domain exists because the Domain name listed is a virtual domain name. Domino servers will not know how to route messages to the SMTP domain until Connection documents have been created.
Connection Document
Connection documents define message routing paths and methods, as well as replication topology. Because replication is not required, this option will be disabled. To configure the Connection Document 1. In the Domino Administrator, go to the Configuration tab, and, in the left pane, select Messaging/Connections. 2. To create a new Connection document to route messages to Exchange Server 2007, click Add Connection. The Connection document should show the following settings: Connection type: SMTP Source Server: The source bridgehead server name. If multiple source bridgeheads are desired for redundancy, Connection documents should be created for each of them.
2
The first part of the domain name should not be exchange, since this matches the Foreign Domain document used for Free/Busy functionality. Domino appears to confuse the two.
3
You can set a name or [IP address] in the Internet Host field.
72
Destination server: ExchangeHosts The Domino Administrator user documentation indicates that this field should contain a unique fictitious name that does not match any server in the organization. Destination domain: SMTPtoExchange This should match the domain name entered in the Foreign SMTP Domain document. Optional settings: SMTP MTA relay host: The name or IP address of a smarthost. If internal DNS MX records for the other domain resolve to Exchange Server, this can be left blank. Routing/Route at once if: 1 message pending. An example Connection document follows:
Server Documents
Server documents contain significant information and configuration details (but not all configuration details) about a particular server. The document for incoming bridgeheads for mail from the Exchange server(s) must be updated to make sure that the server listens on SMTP. To enable the SMTP listener task for incoming Domino bridgeheads 1. In the Domino Administrator, go to the Configuration tab, and, in the left pane, select Servers/All Server Documents.
73
2. To verify or update a Server document to route messages from Exchange Server 2007, click Add Connection. 3. The Server document should show the SMTP listener task as Enabled. An extract from an example Server document follows:
Server documents are also used to configure SSL/TLS on a server. For additional guidance using SSL/TLS on Domino, see the Help in Domino Administrator.
MIME/Conversion Options/Outbound/Lookup Internet address for all Notes addresses when Internet address is not defined in document: Enabled. MIME/Conversion Options/Outbound/Perform exhaustive lookups when converting Notes addresses to Internet addresses: Enabled. This setting is generally only required when the multiple address book design is used. Destination bridgeheads (those receiving from Exchange Server 2007) should have the following item set: Router/SMTP/Restrictions and Controls/SMTP Inbound Controls/: If this list is used, it should contain all source Exchange Server 2007 bridgehead servers. Inbound Connection Controls/Allow connections only from the following SMTP internet hostnames/IP addresses: The names and IP addresses of all Exchange Server 2007 bridgehead hub servers. If they use IP addresses, they should be contained in square brackets. Note: Server Configuration documents that specify * as the server name apply to all servers that do not have a specific Server Configuration document. An extract from an example Server Configuration document from a server that acts as both a source and destination bridgehead follows:
75
Now that you have verified your server configuration documents, you are ready to review Testing and Other issues to note later in this document.
76
On Exchange
There are several configuration changes that have to be made on Exchange Server to enable smooth SMTP mail transfer between the systems.
Send Connector
To create a new Send Connector 1. In the Exchange Management Console, in the left pane, click Organization Configuration/Hub Transport, and then click the Send Connectors tab. 2. In the right pane, choose New Send Connector. 3. The first page requires just two configuration items: o Name: Enter the shared domain name here with a comment that this represents a connection to Domino users. For example: contoso.com (To Domino) o Intended use: Leave Custom selected. 4. Click Next. 5. On the following page, click the Add button to enter the domain name. This should be the other domain. If some subdomains are present in Domino, select the Include all subdomains check box. When you have finished entering all the domains containing Domino users, click Next. 6. On the third page, configure whether this Send Connector will use DNS or smarthosts. Using the shared/smarthosts design requires the use of smarthosts. Click the Add button to enter either IP addresses or the remote servers Fully Qualified Domain Names. When complete, click Next. 7. Because smarthosts have been selected, Authentication and TLS/SSL connections from Exchange to Domino can be configured if you want. Domino will not support Exchange Server Authentication. In general, we do not recommend that you use Basic Authentication over a nonencrypted channel. When it is configured, click Next.
77 Microsoft Transporter Suite for Lotus Domino 77
8. The fifth page lists the source bridgeheads, which are those Exchange Server 2007 Hub servers that will deliver mail to Domino. Click the Add button to select additional source bridgehead servers. When complete, click Next. 9. The sixth page displays a summary of the options selected. Click New to create the Send Connector.
78
79
Receive Connector
Next, a Receive Connector must be configured. To create a Receive Connector 1. In the Exchange Management Console, in the left pane, click Server Configuration/Hub Transport, select an Exchange Server 2007 Hub server as a destination bridgehead, and then, in the right pane, choose New Receive Connector. 2. Similar to the Send Connector configuration, there are two configuration items. The following items should be configured: Name: Typically, enter hub server name, and then add a comment that this is a connection to Domino users. For example: exchangehub.contoso.com (From Domino) Intended use: Leave Custom selected. 3. Click Next. 4. The following page allows for configuration of specific IP addresses and ports that this connector will listen on. Typically, you might have a specific IP address that will be used to receive from Domino, and the port will remain 25. Additionally, the FQDN that will be sent in the HELO/EHLO response can also be set. When you have finished configuring, click Next. 5. The third page allows for the restriction to specific IP addresses. Typically, you add only the IP addresses of Domino bridgehead servers. These can be added individually, or by using a network ID and mask. Use the Add and buttons to modify the settings. When you have finished configuring, click Next. 6. The fourth page displays a summary of the options selected. Click New to create the Receive Connector.
80
81
For addresses in mail from Domino to be resolved to objects in the Active Directory (that is, the contact object representing the Domino user), some additional configuration is required after the Receive Connector is created. To configure the Receive Connector 1. Right-click the newly created connector, select Properties to display the property pages, and then move to the Authentication tab. 2. By default, Transport Layer Security(TLS) is selected. Clear the check box for this option, and then select the Externally Secured (for example with IPSec) check box. 3. Switch to the Permission Groups tab, and then select the Exchange servers and Partners check boxes. E-mail from partners is considered safe to resolve. 4. Click OK to save these settings. For additional information about Send and Receive Connectors, see Transport Architecture (http://technet.microsoft.com/en-us/library/aa996349.aspx) on the TechNet Web site.
On Domino
Prerequisites
Domino version 6.0.3 or later. Note: Domino 5 and earlier lack support for native iCal and HTML mail. Because Exchange Server 2007 will communicate with Domino using messages in these formats, Domino 5 is not supported. Using a Domino 6 or Domino 7 server as a bridgehead to Domino 5 servers may work. However,, troubleshooting of any content conversion issues would begin with IBM. Domino 8 has not been tested, but it is not expected that iCal and HTML support would be significantly different. Inter-Domino server traffic allowed over SMTP. You must allow SMTP traffic because Domino mailbox servers will use smarthosting over SMTP instead of NRPC to move messages sent to an Exchange Server 2007 user to the outgoing Domino bridgeheads.
Configuration
Depending on the namespace design chosen, there will be some differences in the configuration of Domino. There are several documents to verify or configure on the Domino side: Global Domain Document Server Documents Server Configuration Documents
To configure the Global Domain Document In the Domino Administrator, on the Configuration tab, in the left pane, select Messaging/Domains. Then: o o To verify an existing Global Domain document, expand the Global Domain entry in the middle pane. To create a new Global Domain document if one does not exist, click Add Domain.
The Global Domain document should show the following settings: Domain type: Global Domain Global Domain role: R5/R6/R7 Internet Domains or R4.x SMTP MTA Local primary Internet domain: The default authoritative domain name. Alternate Internet domain aliases: There may be several entries here. Internet address lookup: Enabled This setting ensures that a lookup for InternetAddresses will occur regardless of the Server Configuration documents similar setting. An example Global Domain document follows:
Server Documents
Server documents contain significant information and configuration details (but not all configuration details) about a particular server. You must update the document for any destination smarthost, whether a destination bridgehead for Exchange Server or just a smarthost along the way, to make sure that the server listens on SMTP.
83 Microsoft Transporter Suite for Lotus Domino 83
To configure the Server documents 1. In the Domino Administrator, on the Configuration tab, in the left pane, select Servers/All Server Documents. 2. To verify or update a Server document to route messages from Exchange Server 2007, click Add Connection. The Server document should show the SMTP listener task as Enabled. An extract from an example Server document follows:
Server documents are also used to configure SSL/TLS on a server. For additional guidance about how to use SSL/TLS on Domino, see the Help in Domino Administrator.
Router/SMTP/Local Internet domain smart host: The name or IP address of a Domino server acting as a source bridgehead to Exchange Server 2007. If you use an IP address, it should be contained in square brackets. MIME/Conversion Options/Outbound/Message content: From Notes to Plain Text and HTML. MIME/Conversion Options/Outbound/Lookup Internet address for all Notes addresses when Internet address is not defined in document: Enabled MIME/Conversion Options/Outbound/Perform exhaustive lookups when converting Notes addresses to Internet addresses: Enabled. This setting is generally only required when the multiple address book design is used. Source bridgeheads (those sending messages to Exchange Server 2007) should have the following items set: Router/SMTP/Basics/SMTP used when sending messages outside of the local internet domain: Enabled. Router/SMTP/Local Internet domain smart host: The name or IP address of an Exchange Server 2007 Hub server. If it uses an IP address, it should be contained in square brackets. MIME/Conversion Options/Outbound/Message content: From Notes to Plain Text and HTML. MIME/Conversion Options/Outbound/Lookup Internet address for all Notes addresses when Internet address is not defined in document: Enabled. MIME/Conversion Options/Outbound/Perform exhaustive lookups when converting Notes addresses to Internet addresses: Enabled. This setting is generally only required when the multiple address book design is used. An extract from an example Server Configuration document from a server that acts as both a source and destination bridgehead follows:
85
ok New message from Exchange/Outlo ok New message from Domino/Notes New message from Internet User Reply message from Exchange/Outlo ok Reply message from Domino/Notes Reply message from Internet User Reply to Reply from Exchange/Outlo ok Reply to Reply from Domino/Notes Reply to Reply from Internet User There will be some formatting differences between Outlook and Notes, especially related to complex document formatting. Known issues can be found in the section titled Troubleshooting Mail Flow later in this document.
87
88
Prerequisites
The Transporter Suite has been installed. The Lotus Notes client has been installed (preferably as a single-user installation) and configured with an ID file that has permissions to read the default address book (NAMES.NSF) and any other address books containing users who are to be migrated this is known as Reader access in Domino parlance. Required permissions are as shown:
Active Directory Organizational Units to contain migrated users have been created. The Active Directory account performing the user migration has the following roles assigned: o o Exchange Recipient Administrator role Account Operator role for the Organizational Units to contain the migrated users
Microsoft Transporter Suite for Lotus Domino 89
89
Configuration/Use
Migrating users can be performed on the Exchange Server 2007 server running the Transporter Suite connector components, or on a migration workstation. To migrate users with the Transporter Management Console 1. Using the Microsoft Transporter for Lotus Domino MMC, in the left pane, select Migrate/Directory/Users. You may be prompted for the password associated with the ID file of the user that Lotus Notes is configured to use. If this is the case, enter the password. 2. The middle pane will display the list of users from the Domino directory similar to the following:
In the example shown here, the South Administrator user has a possible match with a similarly named account in the Active Directory. The details of the matching algorithm can be found in the Appendix titled Directory Migration Matching Algorithm. In the middle pane, choose a user or a set of users, and then, in the right pane, click Migrate Selected User(s) or Migrate with manual Active Directory lookup. 3. A screen is displayed introducing the migration. Click Next. 4. Do one of the following: If you clicked Migrate Selected User(s): a. On the second screen, browse for an organizational unit to contain the newly created user objects. Note: If a user object already exists, it will not be moved to this OU. b. This screen also has a check box to Reset password on next logon - if you want to force new users to reset the password, select the check box. After making this decision, click Next. Note: Existing users will not have their passwords updated, or the requirement to reset their password at next logon these settings apply to new user accounts only. If you clicked Migrate with manual Active Directory lookup: The second screen prompts with a possible Active Directory Account match, and gives the option of creating a new user object, or manually matching an existing account. After selection, click Next.
90 Microsoft Transporter Suite for Lotus Domino 90
5. The next screen provides the option to create a mailbox at user object creation. If you want, browse for the desired Private Information store (mailbox database) to create a mailbox. After selection, click Next. Note: If mailbox migration is to occur shortly after user migration, you may create a mailbox at this time. If there is expected to be a time lag between user migration and mailbox migration, do not create a mailbox now. If a mailbox is created, messages from Exchange Server senders will be delivered to the newly created mailbox, rather than forwarded to the users Domino mailbox. Also, when creating the Exchange Server mailbox, note that Person documents are not automatically updated in Domino to reflect the change in destination this must be done manually. This may also require an update to users Personal Address Books and Domino Group membership. 6. The last screen summarizes the changes that will be made. Screen captures reflecting the steps listed follow:
91
To migrate users using the Transporter Command Shell 1. Migrating users can also be performed using the following commands in the Transporter Command Shell: $passwd = ConvertTo-SecureString String 'password' -asPlainText -Force Move-DominoUser Identity 'Notes Canonical Name' -InitialPassword $passwd TargetOU 'OU=orgunit,DC=domain,DC=com'
92
The Move-DominoUser cmd-let requires a secure string for the password entry. This is created using the built-in ConvertTo-SecureString function. Sample output is shown here:
After Directory Synchronization has been performed, contact objects representing Domino users exist. When user migration occurs, attributes from the contact object (in particular, proxyAddresses) are merged into the newly created user object, and the contact object is deleted. Note: All addresses listed in the original Person documents FullName field are migrated to the Active Directory during Move-DominoUser. Note: You can direct Move-DominoUser to use a particular global catalog in the Transporter Command Shell or in Transporter Suite for Lotus Domino MMC. This may be useful (especially in a single domainforest) to cause changes to be made on a defined Global Catalog, but be aware of the limitations. If you do specify a particular Global Catalog, changes can only be made to objects in the domain that the global catalog resides in. For example, if you specify a global catalog in DomainA, and a matching user is found in DomainB, it cannot be updated.
93
Migrating Groups
Group Migration with the Transporter Suite allows for the migration of group membership from the Domino directory to Active Directory.
Prerequisites
The Transporter Suite has been installed. The Lotus Notes client has been installed (preferably as a single-user installation) and configured with an ID file that has permissions to read the default address book (NAMES.NSF) and any other address books containing groups to be migrated. This is known as Reader access in Domino parlance. Required Reader permissions are as shown:
Active Directory Organizational Units to contain migrated groups have been created. The Active Directory account performing the user migration has the following roles assigned: o o Exchange Recipient Administrator role Account Operator role for the Organizational Units to contain the migrated users
Configuration/Use
Migrating groups can be performed on the Exchange Server 2007 server running the Transporter Suite connector components, or on a migration workstation.
94 Microsoft Transporter Suite for Lotus Domino 94
If existing Mail only groups, Multi-purpose groups or Access Control List only groups are relevant for the Active Directory and Exchange Server 2007 environment, they can be migrated with little to no loss of functionality. Note: Migrated Access Control List only groups may not function as expected, unless Users have been migrated. Note: Domino allows free-text in group membership; Active Directory requires strict references to existing objects. Before migrating groups, make sure that users and groups have been synchronized from the Domino directory to Active Directory to make sure that strict references can be used. Member entries in groups that do not resolve to an Active Directory user object will be dropped during the migration, and a warning generated. Manual fix-up of groups (which may involve creating an Active Directory contact object to represent the dropped entry) will be required. The migration can be performed either in the Microsoft Transporter for Lotus Domino MMC, or from the Transporter Command Shell prompt. To migrate groups using the Transporter Management Console 1. Using the Microsoft Transporter for Lotus Domino MMC, in the left pane, select Migrate/Directory/Groups. You may be prompted for the password associated with the ID file of the user that Lotus Notes is configured to use. If this is the case, enter the password. 2. The middle pane will display the list of groups from the Domino directory similar to the following:
Choose a group or set of groups, and then, in the right pane, click Migrate Selected Group(s). 3. A screen is displayed introducing the migration. Click Next. 4. The second screen allows for changes in behavior of the group migration. It is possible to maintain membership, merge membership, or overwrite membership of the target group, if one exists. This screen also allows for browsing for a target Organizational Unit (OU) that a new group would be created under. When you have finished, click Next. 5. The third screen is a summary of the changes to occur. Click Migrate to migrate the group or groups.
95 Microsoft Transporter Suite for Lotus Domino 95
To migrate users using the Transporter Command Shell To use the Transporter Command Shell, enter commands of the form: Move-DominoGroupToAD Identity 'Notes Canonical Name' -PrimaryDirectory 'mergemode' TargetOU 'OU=orgunit,DC=domain,DC=com'
96
Note: In this example, a free-text member entry was not migrated. Note: Member entries in groups that do not resolve to an Active Directory user object will be dropped during the migration, and a warning will be generated. The following scenario describes the circumstances where Group Migration will not migrate the nested group correctly: If the All Domino Users group contains another group, Some Domino Users, and the All Domino Users group is migrated before the Some Domino Users group, the Some Domino Users group would not exist in the Active Directory, unless the group was synchronized previously by the Directory Connector. In this case, migration of the All Domino Users group would generate a warning indicating that it could not find an equivalent object for the Some Domino Users group. Performing the migration of the All Domino Users group again after the Some Domino Users group has been migrated should generate the outcome that you want. Note: You can direct Move-DominoGroupToAD to use a particular global catalog in the Transporter Command Shell or in Transporter Suite for Lotus Domino MMC.
97 Microsoft Transporter Suite for Lotus Domino 97
Note: If you do specify a particular Global Catalog, changes can only be made to objects in the domain that the global catalog resides in. For example, if you specify a global catalog in DomainA, and a matching group is found in DomainB, it cannot be updated. This switch may be useful (especially in a single domain-forest) to cause changes to be made on a defined Global Catalog, but be aware of the limitations.
98
Migrating Mailboxes
Migrating mailboxes is to move the contents of a Domino mail database to an Exchange Server 2007 mailbox.
Prerequisites
Several configuration changes must be made before migration can occur. The Transporter Suite has been installed. The Lotus Notes client has been installed (preferably as a single-user installation) and configured with an ID file that has permissions to read the default address book (NAMES.NSF) and any other address books containing users who are to be migrated, as well as permissions to read any mail databases to be migrated. This is known as Reader access in Domino parlance. Required permissions are as shown:
The Active Directory account performing the user migration has the following roles assigned: o o Exchange Recipient Administrator role Account Operator role for the Organizational Units to contain the migrated users
The Active Directory user used to perform the migration must have permission to impersonate the users to inject mail into their mailboxes. This permission can be set using an Exchange Management Shell command of the form:
99 Microsoft Transporter Suite for Lotus Domino 99
The sample here shows how to add this permission on each CAS in the organization.
For organizations that have message size limits greater than 4 megabytes (MB), the maximum attachment size for web services must be increased. We recommend that you increase this limit during migration anyway. You increase the message size limit by editing the web.config file in the exchweb\EWS subdirectory of the ClientAccess directory on each CAS, adding a line similar to the following in the <system.web> section (this line sets the maximum to 10 MB): <httpRuntime maxRequestLength= "10240">
Configuration/Use
Migrating mailboxes can be performed on the Exchange Server 2007 server running the Transporter Suite connector components, or on a migration workstation. To migrate mailboxes using the Transporter Management Console 1. Using the Microsoft Transporter for Lotus Domino MMC, in the left pane, select Migrate/Mailboxes. You may be prompted for the password associated with the ID file of the user that Lotus Notes is configured to use. If the password is required, enter it. 2. The middle pane will display the list of users from the Domino directory and associated Active Directory accounts similar to the following:
100
Note: In the example shown here, the South Administrator user has a match with an account in the Active Directory; South User does not. Trying to migrate a mailbox for which there is no matching Active Directory account will cause the migration to ignore the mailbox. In the right pane, choose a mailbox or a set of mailboxes, and then click Migrate Selected Mailbox(es). A screen is displayed introducing the migration. Click Next. 3. On the second screen, browse for a Private Information store (mailbox database) to house the mailbox. Optionally, browse for a specific Client Access Server that the injection should occur on. Finally, it is possible to migrate mail within a specific date range. Select the date range, then click Next. Note: Date filtering only applies to mail messages. It will not filter calendar, tasks, or contacts. For more information on client-side filtering, see Filteringin the Troubleshooting Mailbox Migration section later in this document. 4. The third screen summarizes change to occur. Click Migrate to begin.
101
To migrate mailboxes using the Transporter Command Shell 1. Use a command of the form: Move-DominoMailbox Identity 'Notes Canonical Name'
102
There are many optional switches to control mailbox creation and location, which Client Access Server to use, as well as filtering options. Sample output is shown here:
2. If you want to restrict which items are migrated at a more granular level, use the Transporter Command Shell commands. Switches to the command include: ExcludeContacts: Prevents the migration of Contacts -ExcludeEmail: Prevents the migration of Mail messages -ExcludeSchedule: Prevents the migration of Calendar items -ExcludeTask: Prevents the migration of Task items EmailStart and -EmailEnd: Allows for the filtering of objects based on their Received time 3. Additionally, pipeline filtering allows filtering on almost any property of a message. To use pipeline filtering, your commands will be of the form:
$allitems = Move-DominoMailbox Identity 'Notes Canonical Name' -ToPipeline
4. You can then access the items using the variable specified, copying them to another variable before re-importing using MoveDominoMailbox again.
103
A sample of the type of data contained in a meeting request (many of these attributes contain additional data) is shown here:
Note: Encrypted messages will not be migrated, as seen in the sample screen captures. Even with Reader permission on the source mail database, without the keys associated with the ID file that owns the database, decryption is not possible.
104 Microsoft Transporter Suite for Lotus Domino 104
Users should be warned that encrypted messages will not be migrated, and may choose to bulk decrypt such items in their mailbox. IBM provides some guidance on bulk decrypting items in the article How to Remove Encryption from Documents (http://www-1.ibm.com/support/docview.wss? rs=899&uid=swg21089495). Note: You can direct Move-DominoMailbox to use a particular global catalog in the Transporter Command Shell or in Transporter Suite for Lotus Domino MMC. Note: If you do specify a particular global catalog, changes can only be made to objects in the domain that the global catalog resides in. For example, if you specify a global catalog in DomainA, and a matching user is found in DomainB, it cannot be updated. This switch may be useful (especially in a single domain-forest) to cause changes to be made on a defined Global Catalog, but be aware of the limitations.
Post-migration tasks
Domino Person documents are not automatically updated in the Domino Directory by Directory Synchronization. Instead, Directory Synchronization may synchronize the newly updated user object back to the Domino Directory as a separate Person document even though the original user identity already exists in Domino. To avoid potential issues, you may follow these steps: If the user continues to require access to the Domino environment (for example, to use Notes/Domino applications), you must manually update the original Person document attributes to be the same as those on the synchronized copy. This will let users still use the Notes client to send mail and look up Free/Busy information for the migrated user. Finally, you should remove the additional synchronized Person document from the Domino Directory. If the user does not require continued access to the Domino environment, you can copy the attributes either from the Domino Directory to the synchronized copy, or vice-versa. o If you copy attributes from the old Person document to the new one, and then remove the old Person document, make sure that you copy all the FullName entries. This will help reduce potential issues with Group membership in Domino and in Notes client Personal Address Books.
Note: Changes to the user object in Active Directory (updating a phone number for example) will overwrite the newly created Person document in the Domino Directory.
105
Prerequisites
The Transporter Suite has been installed. The Lotus Notes client has been installed (preferably as a single-user installation) and configured with an ID file that has permissions to read the default address book (NAMES.NSF) and any other address books containing users who are to be migrated, as well as permissions to read the databases to be migrated. This is known as Reader access in Domino parlance. Required permissions are as shown:
The databases to be migrated should not be locally encrypted, unless the client is configured with an ID file capable of decrypting the database. The Active Directory user used to perform the migration must have permission to impersonate the users to inject mail into their mailboxes. This permission can be set using a Exchange Management Shell command of the form:
Add-ADPermission Identity 'DN_of_ClientAccessServer' -User 'domain\username' -ExtendedRights ms-Exch-EPI-Impersonation
106
The sample here shows how to add this permission on each CAS in the organization.
For organizations that have message size limits greater than 4 MB, the maximum attachment size for Web services must be increased. We recommend that you increase this limit during migration. This is done by editing the web.config file in the exchweb\EWS subdirectory of the ClientAccess directory on each CAS, adding a line similar to the following in the <system.web> section (this line sets the maximum to 10 MB): <httpRuntime maxRequestLength= "10240">
Configuration/Use
Migrating PAB and Archive data can be performed on the Exchange 2007 server running the Transporter Suite connector components, or on a migration workstation. The migration of PABs and Personal archives is straightforward, given the correct information. The possible difficulty arises in what method to use to capture these files to a central location for administrator-driven migration. Typically, Personal Address Book files are the NAMES.NSF files from client workstations. Similarly, Personal Archive files are located in the \ARCHIVE subdirectory of a clients \NOTES\DATA folder. Shared installations on workstations should create these folders under users Documents and Settings directory (on Microsoft Windows platforms) so that collection from these locations could be automated. On other operating systems, these files are generally located under the users root directory. It is possible to script the import of these items using the Microsoft Transporter Shell cmd-lets, but care should be taken to make sure that the correct files are imported into the correct users mailboxes.
107 Microsoft Transporter Suite for Lotus Domino 107
Having end-users perform this task before migration eliminates the need to migrate PAB files individually, when this function is available in the client. For users that do not have this functionality in the client, you will have to migrate the PAB separately. To migrate a Personal Address Book using the Transporter Management Console 1. In the left pane, click Toolbox, and then, in the middle pane, double-click Migrate Notes Personal Address Book.
108
2. On the second screen, enter the following information: Mail archive to extract: Browse for the personal address book file to be migrated. Typically, this is the NAMES.NSF from the client workstation. Domino mail domain: Contacts in Domino may not contain the Domino domain information, if the contacts are in the same domain as the PAB owner. Entering the domain of the user here guarantees that contacts will remain usable after migration. Personal Address Book Owner: Browse for the user to determine the mailbox that the contact data will be migrated to. Target Exchange Mailbox Database: If the user has not yet had a mailbox created, one will be created on the server that you browse. Specify Client Access Server: Optionally, a specific CAS can be used to inject the mail. This lets you reduce the number of servers that require the impersonation change. 3. Click Next. The third screen displays a summary of the actions to be performed. Click Next. Screen captures of this process follow:
109
To migrate a Personal Address Book using the Transporter Command Shell Use a command of the form: Move-NotesMailArchiveToExchange DominoMailDomain 'Domino domain' -ContentOwner 'smtp_address@of.user' SourceFileName 'source_path' Sample output follows:
110
A note on addressing
Addresses stored in Personal Address Books (and in mail from Personal Archives) cannot be replied to unless the Notes address has been copied to the associated user or contact object in Active Directory. Ordinarily, this copying of addresses will occur during Directory Synchronization and as part of the function of Move-DominoUser. The Domino routing engine also does fuzzy address matching, which means that it may resolve to users whose names have been modified. For example, the following may resolve, depending on configuration setting on the Domino side. Contact: John T Smith/Certifier Person document: John Smith/Certifier During a Move-DominoUser operation, all addresses in the FullName field of the Person document associated with the user being moved will be copied to Active Directory. Generally, old names and addresses are in the FullName field, so this would not be a problem but there may be cases when the names and addresses are not. To resolve this issue, just create a new address on the Active Directory user or contact object.
Migrating Archives
To migrate a Notes Mail Archive using the Transporter Suite 1. In the left pane, click Toolbox, and then, in the middle pane, double-click Migrate Notes Mail Archive.
2. On the second screen, enter the following information: Mail archive to extract: Browse for the archive file to be migrated. Domino mail domain: Messages in Domino may not contain the Domino domain information, if the message remains in same domain from sender to recipient. Entering the domain of the user here guarantees that messages will still be able to be replied to after migration. Archive owner: Browse for the user to determine the mailbox that the archived data will be migrated to.
111 Microsoft Transporter Suite for Lotus Domino 111
Target Exchange Mailbox Database: If the user has not yet had a mailbox created, one will be created on the server that you browse. Specify Client Access Server: Optionally, a specific CAS can be used to inject the mail. This lets you reduce the number of servers that require the impersonation change. Filter Options: Optionally, mail can be filtered to a date range. 3. Click Next. 4. The third screen is a summary screen. Click Next.
112
113
To migrate a Notes Mail Archive using the Transporter Command Shell Use a command of the form: Move-NotesMailArchiveToExchange DominoMailDomain 'Domino domain' -ContentOwner 'smtp_address@of.user' -SourceFileName 'source_path' Sample output follows:
114
Troubleshooting
Troubleshooting Directory Synchronization
Verify that all prerequisites have been met, especially the permissions noted. Double-check the permissions as discussed in the Configuring Two-Way DirSync section. If Lotus Notes was not installed in single-user mode, Directory Synchronization may crash on startup because it cannot find the correct NOTES.INI file to start the client. You can specify the location of the NOTES.INI file using the Transporter Command Shell, using a command of the form: Set-DominoDirectoryConnector Identity 'Identity of connector' -NotesINIFile path_to_Notes.INI Verify that the Location document of the client is not Disconnected and the Home/Mail server on the Servers tab points to the Domino Directory bridgehead server as shown:
Directory Synchronization really consists of two separate processes: an extractor, and an importer. Running synchronization from the Transporter Command Shell or the Microsoft Transporter for Lotus Domino MMC causes these processes to run in parallel. It is possible to run the extractor and then the importer serially using specific commands as shown in the following sections. Remember that all commands should be run from the
115 Microsoft Transporter Suite for Lotus Domino 115
\Program Files\Microsoft Transporter Tools\Bin directory. The Microsoft Exchange Directory Connector Service for Lotus Domino should be stopped before you run these commands.
Domino to Exchange
To extract changed users from Domino, and apply mapping rules: DXA C ExchangeDominoConnector.xml N DXA -W1 To extract all users (perform a Full Reload) from Domino, and apply mapping rules: DXA C ExchangeDominoConnector.xml N DXA -W1 -L Each of these commands will generate an EXCHANGE.TXT in the \Program Files\Microsoft Transporter Tools\Bin\Temp directory. To import the results of the extraction: DXA C ExchangeDominoConnector.xml N DXA R0
Exchange to Domino
To extract changed users from the Active Directory, and apply mapping rules: DXA C ExchangeDominoConnector.xml N DXA W0 To extract all users (perform a Full Reload) from Domino, and apply mapping rules: DXA C ExchangeDominoConnector.xml N DXA W0 -L Each of these commands will generate a DOMINO.TXT in the \Program Files\Microsoft Transporter Tools\Bin\Temp directory. To import the results of the extraction: DXA C ExchangeDominoConnector.xml N DXA R1 The generated files in each case contain the data that will be imported into the remote directory. If any of the processes fail, you are a step closer to determining what the problem might be. You can increase the amount of logging generated during DirSync by modifying the \Program Files\Microsoft Transporter Tools\Bin\ExchangeDominoConnector.xml file. The text to include is shown here:
<!-- Exchange Domino Directory Connector Configuration --> <exchangedominoconnector> <connectorfilelog> <logroot>..\Logs\</logroot> <verbose> True </verbose> </connectorfilelog> <devices>
116 Microsoft Transporter Suite for Lotus Domino 116
connectoreventlog,connectorfilelog </devices> <dxa> <domino> <logging> True </logging> </domino> <exchange> <logging> True </logging> </exchange> </dxa> </exchangedominoconnector>
Once this information has been entered, save the file, and then restart the Microsoft Exchange Directory Connector Service for Lotus Domino for the changes to take effect. Note: You must create a \Program Files\Microsoft Transporter Tools\Logs directory manually. Once created, however, this directory will contain rapidly-generated log file whenever Directory Synchronization runs. If you plan on customizing (or have customized) the mapping tables between the systems, revert to the default tables and check whether the problem still exists. If not, the problem is likely the syntax of the mapping tables. For additional information, see also the appendix in this document titled Customizing Directory Synchronization.
117
Note: Membership of the remotely-homed group must be available for the client to successfully query it: From Outlook, you can query free/busy information for an Active Directory-homed group that contains Domino users. However, you cannot do the same for Domino-homed groups.
118
From Notes, you can query free/busy information for a Dominohomed group that contains Exchange users. However, you cannot do the same for Active Directory-homed groups.
119
120
121
122
User name should contain the exchange SMTP address for the user Mail System should be set to Other Internet Mail Domain should be blank Forwarding Address should be set to the exchange SMTP address with the local Domino domain Internet Address should be set to the external SMTP address for the user You must then change the Mail System to Notes to check the remaining values:
Mail Server should be set to the server hosting ExCalCon (the server listed on the Foreign Domain document) Mail File should be blank Format preference should be set to Prefers MIME
Calendar domain should be set to the exchange domain (the name listed on the Foreign Domain document)
123
124
Free/Busy query from downstream Domino server for an Exchange user debug logging (from downstream server)
Server polls, waiting for a response from Calendar Connector [0468:0048-0A38] SchSrvRetrieveWait> Polling request to server CN=Domino-North/O=Domino Org [0468:0048-0A38] SchSrvRetrieveWait> Returning 2A3Eh [0468:0048-0A38] SchSrvRetrieveWait> and flagging as NOT completed Calendar Connector has received a response from the upstream server [0790:000C-0DEC] SchContainer_Build> enter [0790:000C-0DEC] SchContainer_Build> Num objects to build 1 [0790:000C-0DEC] Obj_NewFromCanonical> Object size is 99 bytes [0790:000C-0DEC] Obj_NewFromCanonical> Creating schedule object for CN=exuser7-1/O=Exchange@Exchange, error = 0h [0790:000C-0DEC] Obj_NewFromCanonical> Object size is 8 bytes [0790:000C-0DEC] Obj_NewFromCanonical> Adding sched list object to schedule for CN=exuser7-1/O=Exchange@Exchange [0790:000C-0DEC] SchContainer_Build> Exit error=0h, XmitStatus=0h [0790:000C-0DEC] SchContainer_Free> Called with hCntnr = 2AC8h [0790:000C-0DEC] SchContainer_Free> Making recursive call to free parent container [0790:000C-0DEC] SchContainer_Free> Called with hCntnr = 2A7Dh Server polls again [0468:0048-0A38] SchSrvRetrieveWait> Polling request to server CN=Domino-North/O=Domino Org [0468:0048-0A38] SchSrvRetrieveWait> Returning 2A3Eh [0468:0048-0A38] SchSrvRetrieveWait> and flagging as NOT completed Calendar Connector finishes up [0790:000C-0DEC] SchContainer_Free> Freeing hCntnr = 2AC8h [0790:000C-0DEC] SchMsgQHandles_Free> InputQ: 10D48h
125 Microsoft Transporter Suite for Lotus Domino 125
[0790:000C-0DEC] SchMsgQHandles_Free> OutputQ: 10DF0h Server receives the response from Calendar Connector after this poll request [0468:0048-0A38] SchSrvRetrieveWait> Polling request to server CN=Domino-North/O=Domino Org [0468:0048-0A38] SchScanRqstCallback> Request completed in container 2A7Dh [0468:0048-0A38] SchWaitRqst> Request completed on container 2A7Dh [0468:0048-0A38] SchMsgQHandles_Free> InputQ: 10DF0h [0468:0048-0A38] SchMsgQHandles_Free> OutputQ: 10D48h [0468:0048-0A38] SchContainer_Free> Called with hCntnr = 2A7Dh [0468:0048-0A38] SchContainer_Free> Freeing hCntnr = 2A7Dh [0468:0048-0A38] SchSrvRetrieveWait> Return 1 new schedules [0468:0048-0A38] SchSrvRetrieveWait> Returning 2A3Eh [0468:0048-0A38] SchSrvRetrieveWait> and flagging as completed [0468:0048-0A38] ODSTree_HostToCanAppend> Adding root object [0468:0048-0A38] ODSTree_HostToCanAppend> Creating schedule object for exuser7-1@max-jr-domain.local@Domino Domain, error = 0h: No error [0468:0048-0A38] ODSTree_HostToCanAppend> Adding sched list object to schedule for exuser7-1@max-jr-domain.local@Domino Domain [0468:0048-0A38] SchODSTree_Build> Num entire objects n=1 [0468:0048-0A38] SchContainer_Free> Called with hCntnr = 2A3Eh [0468:0048-0A38] SchContainer_Free> Freeing hCntnr = 2A3Eh
Free/Busy query from downstream Domino server for an Exchange user debug logging (from upstream server)
Server receives the request from the client, destined for the remote domain Opened session for Domino-South/Domino Org (Release 7.0) [046C:0045-08EC] SchSrvRetrieveAsync> dwOptions = 12h [046C:0045-08EC] SchCntnr_New> hCntnr = 2B62h, returned: No error [046C:0045-08EC] SchSrvRetrieveAsync> Queue request for gateway ExchangeFreeBusy [046C:0045-08EC] SchCntnr_New> hCntnr = 2B66h, returned: No error [046C:0045-08EC] SchMsgQHandles_New> Opening queues for EXCHANGEFREEBUSY [046C:0045-08EC] SchMsgQHandles_New> InputQ: 11998h, error = 0h: No error [046C:0045-08EC] SchMsgQHandles_New> OutputQ: 11A34h, error = 0h: No error [046C:0045-08EC] SchQueueRetrieveRqstAsync> Request queued in container 2B66h [046C:0045-08EC] SchSrvRetrieveWait> Polling request for gateway ExchangeFreeBusy Exchange Calendar Connector receives the request from Server, posts request to Exchange and awaits a response [04FC:0002-0658] SchCntnr_DupHandle> hOrigCntnr = 2B66h, hDupCntnr = 2B5Bh, returned: No error
126 Microsoft Transporter Suite for Lotus Domino 126
[046C:0045-08EC] SchSrvRetrieveWait> Returning 2B62h [046C:0045-08EC] SchSrvRetrieveWait> and flagging as NOT completed [04FC:0000-08D4] SchContainer_Free> Called with hCntnr = 2B5Bh [04FC:0000-08D4] SchContainer_Free> Making recursive call to free parent container [04FC:0000-08D4] SchContainer_Free> Called with hCntnr = 2B66h [04FC:0000-08D4] SchContainer_Free> Freeing hCntnr = 2B5Bh EXCALCON: SchContainer_DupHandle on schMsgReqMsg.hMsgCntnr 2B66 EXCALCON: schMsgReqMsg.hMsgCntnr 2B66 duplicated to hDupCntnr 2B5B EXCALCON: SchContainer_GetRequest on hDupCntnr 2B66/2B5B EXCALCON: SchContainer_GetRequest on hDupCntnr 2B66/2B5B got hRqst 105CC EXCALCON: Requested calender from 05/10/2007 08:30:00 AM to 10/25/2007 08:30:00 AM for 1 Exchange users EXCALCON: Requesting calendar for CN=exuser7-1/O=Exchange@Exchange (exuser7-1@max-jr-domain.local) EXCALCON: MQGet on hInputQ 11998 EXCALCON: Received response for CN=exuser7-1/O=Exchange@Exchange (exuser7-1@max-jr-domain.local) EXCALCON: Schedule_NewFromSchedList on hDupCntnr 2B66/2B5B EXCALCON: MQPut on hOutputQ 11A34 EXCALCON: SchContainer_Free on hDupCntnr 2B66/2B5B Server receives the response from Exchange Calendar Connector after this poll request, and sends to the downstream server [046C:0045-08EC] SchSrvRetrieveWait> Polling request for gateway ExchangeFreeBusy [046C:0045-08EC] SchScanRqstCallback> Request completed in container 2B66h [046C:0045-08EC] SchWaitRqst> Request completed on container 2B66h [046C:0045-08EC] SchMsgQHandles_Free> InputQ: 11A34h [046C:0045-08EC] SchMsgQHandles_Free> OutputQ: 11998h [046C:0045-08EC] SchContainer_Free> Called with hCntnr = 2B66h [046C:0045-08EC] SchContainer_Free> Freeing hCntnr = 2B66h [046C:0045-08EC] SchSrvRetrieveWait> Return 1 new schedules [046C:0045-08EC] SchSrvRetrieveWait> Returning 2B62h [046C:0045-08EC] SchSrvRetrieveWait> and flagging as completed [046C:0045-08EC] ODSTree_HostToCanAppend> Adding root object [046C:0045-08EC] ODSTree_HostToCanAppend> Creating schedule object for CN=exuser7-1/O=Exchange@Exchange, error = 0h: No error [046C:0045-08EC] ODSTree_HostToCanAppend> Adding sched list object to schedule for CN=exuser7-1/O=Exchange@Exchange [046C:0045-08EC] SchODSTree_Build> Num entire objects n=1 [046C:0045-08EC] SchContainer_Free> Called with hCntnr = 2B62h [046C:0045-08EC] SchContainer_Free> Freeing hCntnr = 2B62h Closed session for Domino-South/Domino Org Databases accessed: 0 Documents read: 0 Documents written: 0
Note: The Exchange Free/Busy Connector is very dependent on directory objects. From the Exchange/Active Directory side, the TargetAddress of a user or contact object defines the Availability realm in Exchange Server. The InternetAddress must be in Fullname field in Domino, because of the way lookups are handled. The following is an illustration of how the process works when an Outlook 2007 client requests Free/Busy information for a Domino user. A detailed explanation with suggested verification steps follows. To simplify the diagrams, the Mailbox/Public Folder server is also running the CAS role.
128
Domino Server
Exchange Calendar Connector (Microsoft supplied)
BUSYTIME.NSF
CLUBUSY.NSF
or -
f e
b m
Availability Service
Outlook 2007
a. Outlook 2007 contacts Availability. Note: AutoConfiguration must be functioning correctly. Verification Use the Outlook 2007 Test E-mail AutoConfiguration tool. b. Availability determines that Free/Busy information for this attendee will be in a Public Folder.
129 Microsoft Transporter Suite for Lotus Domino 129
Note This is determined from the AvailabilityAddressSpace of the attendee. Verification Use Exchange Management Shells Get-AvailabilityAddressSpace command to verify that the Access Method is Public Folder Problem Availability maintains a list of unavailable Public Folder servers. If all servers are listed as unavailable, no Free/Busy information will be retrieved from Public Folders. c. Public Folder store sends a notification to the Exchange Free/Busy connector, and locks the record. Note: The Exchange Free/Busy connector logs into the Public Folders at startup and requests this notification. Verification Use Exchange Management Shells Set-TransporterEventLogLevel LoggingLevel High -Identity DominoFreeBusyConnector\RequestToPartner command to increase diagnostic logging, and look in the Application Event log for Request to Partner events. d. The Exchange Free/Busy Connector (NOTESCAL component) requests Free/Busy information for the attendee, just as a Notes client would using the Lotus Notes API. Verification Turn on debug logging on the Domino server to verify that requests are being made. At the Domino console, type: SET CONF DEBUG_SCHED_ALL=1 e. If the attendee is local to this server, the Domino Server checks in BUSYTIME.NSF (or CLUBUSY.NSF if on a cluster) for a record. If the attendee is not local, skip to step . Note: Records are placed in these databases by the Schedule Add-in Task. This task is not used during Free/Busy lookups. Verification Previously turned up debug logging on Domino. f. If data is present for a local attendee it will be returned to the server, otherwise a Not Found error is returned to the server. Skip to step . Verification Previously turned up debug logging on Domino. g. If the attendee is not local to this server, the request is passed to the Calendar Connector Add-in Task on the Domino Server. Note: The request is routed to the NOTESSCHEDGATEWAY message queue. Verification Previously turned up debug logging on Domino. h. The Calendar Connector looks in the Name and Address book (or Directory Assistance database) to determine the appropriate server to route the request to. Note: The request is sent the same as a Notes client. Verification Turn up debug logging on the remote Domino server.
130 Microsoft Transporter Suite for Lotus Domino 130
i.
The remote server follows a similar pattern from step to fetch the Free/Busy data, which will be returned to the Calendar Connector task, otherwise a Not Found error is returned. Verification Previously turned up debug logging on Domino. The Calendar Connector task then passes this back to the Notes server process. Verification Previously turned up debug logging on Domino.
j.
k. Free/Busy data is returned via the Notes API to the Exchange Free/Busy Connector Service. Verification Use Exchange Management Shells Set-TransporterEventLogLevel LoggingLevel High -Identity DominoFreeBusyConnector\ResponseFromPartner command to increase diagnostic logging, and look in the Application Event log for Response from Partner events. l. The Free/Busy message for the attendee is updated in the Schedule+ Free/Busy Public Folder, and the lock on the record is cleared. Verification Use MFCMAPI to view the state of the associated Free/Busy message. m. Free/Busy data is returned to the Availability Service. Verification Use an Outlook 2003 client to query if correct results are returned to an Outlook 2003 client, the problem is likely Availability4. n. Free/Busy data is returned to Outlook 2007 to render.
Outlook 2003 queries Public Folders directly, bypassing Availability on Exchange 2007 servers.
131
The following is an illustration of how the process works when a Lotus Notes client requests Free/Busy information for an Exchange user, a detailed explanation follows.
j
Domino Server
Domino Server
CLUBUSY.NSF
CLUBUSY.NSF
or -
BUSYTIME.NSF
BUSYTIME.NSF
or -
Availability Service
a. Lotus Notes looks up Free/Busy by calling an API directly against the Home server of the requestor. Verification Turn on debug logging on the Domino server to verify that requests are being made. At the Domino console, type: SET CONF DEBUG_SCHED_ALL=1 b. If the attendee is over in Exchange Server, the request is passed to the Calendar Connector Add-in Task on the Domino Server to be routed to the server hosting the Exchange Calendar Connector Add-in Task. Note: The request is routed to the NOTESSCHEDGATEWAY message queue destined for the server whose name matches the Calendar Server attribute of the Foreign Domain document matching the attendees Foreign Domain. Verification Previously turned up debug logging on Domino.
132
c. The Calendar Connector Add-in Task connects to the appropriate server, and makes the same API call as a connecting client would. Verification Previously turned up debug logging on Domino, also, turn up debug logging on the remote Domino server. d. The request is passed to the Exchange Calendar Connector Add-in Task on the Domino Server. Note: The request is routed to the message queue whose name matches the Calendar System attribute of the Foreign Domain document matching the attendees Foreign Domain. Verification: Previously turned up debug logging on Domino. Problem: Could be one of the following: Person document-related (if not using the default DirSync) Foreign Domain document-related. Mail database template-related (some versions do not query for Free/Busy information the same way).
e. The Exchange Calendar Connector Add-in Task tries to make an RPC connection to the Exchange Free/Busy Connector Service on the Transporter machine, and requests the Free/Busy data. Note: If the attempt fails, a new connection attempt is made on the next request. A Not Found error is returned. Verification: Turn up debug logging for the Exchange Calendar Connector Add-in Task on the Domino Server. At the Domino console, type: UNLOAD ExCalCon LOAD ExCalCon exchangeserver calendarsystem 2 Problem: f. Could be: firewall block ports Exchange Free/Busy server not started as LocalSystem
The Calendar Connector Server looks to the Public Folder store for the Free/Busy message of the recipient. Note: A lookup for the legacyExchangeDN of the recipient is made to find the appropriate Free/Busy message. Verification Use Exchange Management Shells
Set-TransporterEventLogLevel LoggingLevel High -Identity DominoFreeBusyConnector\RequestFromPartner
command to increase diagnostic logging, and look in the Application Event log for Request From Partner events. g. The Free/Busy message for the attendee is returned from the Schedule+ Free/Busy Public Folder.
133
Verification Use Outlook 2003 to verify the Free/Busy information stored in the Public Folder5. h. An RPC connection attempt to the Exchange Calendar Connector Add-in Task on the Domino server is made, and the Free/Busy data is returned. Note: If the attempt fails, a new connection attempt is made on the next request. Verification: Use Exchange Management Shells Set-TransporterEventLogLevel LoggingLevel High -Identity DominoFreeBusyConnector\ResponseToPartner command to increase diagnostic logging, and look in the Application Event log for Response to Partner events. Problem: If the Domino servers Domino name is different to the NetBIOS name, connectivity issues may occur. If the Domino server is not running as a service as LocalSystem, connectivity issues may occur. i. The Free/Busy message for the attendee is returned to the server. Verification Previously turned up debug logging on Domino. j. Free/Busy data is returned to the Calendar Connector Add-in Task on the original server. Verification Previously turned up debug logging on Domino.
k. The Free/Busy message for the attendee is returned to the original server. Verification Previously turned up debug logging on Domino. l. Free/Busy data is returned to the Lotus Notes client to render.
On startup (and at the maintenance interval specified on the connector property pages), the Exchange Free/Busy Connector Service searches the Active Directory for user and contact objects that it will handle requests for. Once this list is gathered, Free/Busy items are created in the Schedule+ Free/Busy Public Folder. It is possible that these items are not created correctly. To check for the presence of them items, use MFCMAPI. To see logging information, use this command in the Exchange Management Shell: Set-TransporterEventLogLevel LoggingLevel High -Identity DominoFreeBusyConnector\General
Outlook 2003 queries Public Folders directly, bypassing Availability on Exchange 2007 servers.
134
and look in the Application Event log for General events. Debug logging from the Domino calendaring components is quite verbose, and it can quickly scroll off the Domino console. It is possible to save such logging to a text file by adding an entry to the NOTES.INI (or SERVER.INI) file (or using the Domino console). A restart of the server is required to enable the functionality. To save to a text file, add this line to the Domino servers NOTES.INI:
DEBUG_OUTFILE=C:\output.txt
To stop debug messages being reported on the console, and to the text file, at the Domino console, type: SET CONF DEBUG_SCHED_ALL=0 The following three pages contain annotated output of a remote Notes client querying for an Exchange Server users Free/Busy information.
135
Free/Busy query from downstream Domino server for an Exchange Server user debug logging (from downstream server) Server receives the request from the client
[0468:0048-0A38] [0468:0048-0A38] [0468:0048-0A38] [0468:0048-0A38] [0468:0048-0A38] [0468:0048-0A38] [0468:0048-0A38] [0468:0048-0A38] [0468:0048-0A38] SchSrvRetrieveAsync> dwOptions = 12h SchCntnr_New> hCntnr = 2A3Eh, returned: No error RetrieveSchedule> dwOptions = 12h, pDetails=Yes, piCalList=No RetrieveSchedule> Detail 0: Categories RetrieveSchedule> Detail 1: Chair RetrieveSchedule> Detail 2: Location RetrieveSchedule> Detail 3: Room RetrieveSchedule> Detail 4: Subject SchCntnr_New> hCntnr = 2A7Dh, returned: No error
Server finding the schedule information for the Notes user that issued the query (from BUSYTIME.NSF)
[0468:0048-0A38] GetEventList> Got event info for user CN=South Administrator/O=Domino Org (ReplicaID: 85257266:006D28A4) [0468:0048-0A38] Schedule_AddSchedList> Disregarding out of bounds appointment 05/03/2007 01:00:00 PM - 05/03/2007 02:00:00 PM [0468:0048-0A38] Schedule_AddSchedList> Disregarding out of bounds appointment 05/03/2007 01:30:00 PM - 05/03/2007 02:30:00 PM
Server not finding the schedule information for the Exchange Server user
[0468:0048-0A38] [0468:0048-0A38] [0468:0048-0A38] [0468:0048-0A38] RetrieveSchedule> Error getting schedule list for exuser7-1@max-jr-domain.local: Can't find schedule record for requested user SchSrvRetrieveAsync> Can't find schedule for exuser7-1@max-jr-domain.local locally, lookup name next SchContainer_Free> Called with hCntnr = 2A7Dh SchContainer_Free> Freeing hCntnr = 2A7Dh
Server performing a lookup against NAMES.NSF (or configured Directory Assistance database) for the Exchange Server user
[0468:0048-0A38] LookupNamesAndFindDestServer> Name expanded from exuser7-1@max-jr-domain.local to CN=exuser7-1/O=Exchange [0468:0048-0A38] LookupNamesAndFindDestServer> Found CalendarDomain override for exuser7-1@max-jr-domain.local, try again with CN=exuser71/O=Exchange@Exchange
Server handing request over to the Calendar Connector add-in task (Notes process)
This occurs after the lookup on the Foreign Domain document
[0468:0048-0A38] [0468:0048-0A38] [0468:0048-0A38] [0468:0048-0A38] [0468:0048-0A38] [0468:0048-0A38] [0468:0048-0A38] [0468:0048-0A38] [0468:0048-0A38] [0468:0048-0A38] [0468:0048-0A38] [0468:0048-0A38] [0468:0048-0A38] [0468:0048-0A38] [0468:0048-0A38] SchSrvRetrieveAsync> Queue request to server CN=Domino-North/O=Domino Org SchCntnr_New> hCntnr = 2A7Dh, returned: No error SchMsgQHandles_New> Opening queues for NOTESSCHEDGATEWAY SchMsgQHandles_New> InputQ: 10D48h, error = 0h: No error SchMsgQHandles_New> OutputQ: 10DF0h, error = 0h: No error SchQueueRetrieveRqstAsync> Request queued in container 2A7Dh SchSrvRetrieveWait> Found 1 schedules immediately SchSrvRetrieveWait> Return 1 new schedules SchSrvRetrieveWait> Returning 2A3Eh SchSrvRetrieveWait> and flagging as NOT completed ODSTree_HostToCanAppend> Adding root object ODSTree_HostToCanAppend> Creating schedule object for CN=South Administrator/O=Domino Org, error = 0h: No error ODSTree_HostToCanAppend> Adding sched list object to schedule for CN=South Administrator/O=Domino Org ODSTree_HostToCanAppend> Adding profile object to schedule for CN=South Administrator/O=Domino Org SchODSTree_Build> Num entire objects n=1
136
Opening queues for NOTESSCHEDGATEWAY InputQ: 10D48h, error = 0h: No error OutputQ: 10DF0h, error = 0h: No error hOrigCntnr = 2A7Dh, hDupCntnr = 2AC8h, returned: No error
Server receives the response from Calendar Connector after this poll request
[0468:0048-0A38] [0468:0048-0A38] [0468:0048-0A38] [0468:0048-0A38] [0468:0048-0A38] [0468:0048-0A38] [0468:0048-0A38] [0468:0048-0A38] [0468:0048-0A38] [0468:0048-0A38] [0468:0048-0A38] [0468:0048-0A38] [0468:0048-0A38] [0468:0048-0A38] [0468:0048-0A38] [0468:0048-0A38] SchSrvRetrieveWait> Polling request to server CN=Domino-North/O=Domino Org SchScanRqstCallback> Request completed in container 2A7Dh SchWaitRqst> Request completed on container 2A7Dh SchMsgQHandles_Free> InputQ: 10DF0h SchMsgQHandles_Free> OutputQ: 10D48h SchContainer_Free> Called with hCntnr = 2A7Dh SchContainer_Free> Freeing hCntnr = 2A7Dh SchSrvRetrieveWait> Return 1 new schedules SchSrvRetrieveWait> Returning 2A3Eh SchSrvRetrieveWait> and flagging as completed ODSTree_HostToCanAppend> Adding root object ODSTree_HostToCanAppend> Creating schedule object for exuser7-1@max-jr-domain.local@Domino Domain, error = 0h: No error ODSTree_HostToCanAppend> Adding sched list object to schedule for exuser7-1@max-jr-domain.local@Domino Domain SchODSTree_Build> Num entire objects n=1 SchContainer_Free> Called with hCntnr = 2A3Eh SchContainer_Free> Freeing hCntnr = 2A3Eh
Free/Busy query from downstream Domino server for an Exchange Server user debug logging (from upstream server) Server receives the request from the client, destined for the remote domain
137 Microsoft Transporter Suite for Lotus Domino 137
The first column is the PID of the process generating the debug log this may help in troubleshooting.
Opened session for Domino-South/Domino Org (Release 7.0) [046C:0045-08EC] SchSrvRetrieveAsync> dwOptions = 12h [046C:0045-08EC] SchCntnr_New> hCntnr = 2B62h, returned: No error [046C:0045-08EC] SchSrvRetrieveAsync> Queue request for gateway ExchangeFreeBusy [046C:0045-08EC] SchCntnr_New> hCntnr = 2B66h, returned: No error [046C:0045-08EC] SchMsgQHandles_New> Opening queues for EXCHANGEFREEBUSY [046C:0045-08EC] SchMsgQHandles_New> InputQ: 11998h, error = 0h: No error [046C:0045-08EC] SchMsgQHandles_New> OutputQ: 11A34h, error = 0h: No error [046C:0045-08EC] SchQueueRetrieveRqstAsync> Request queued in container 2B66h [046C:0045-08EC] SchSrvRetrieveWait> Polling request for gateway ExchangeFreeBusy
Exchange Calendar Connector receives the request from Server, posts request to Exchange Server and awaits a response
[04FC:0002-0658] SchCntnr_DupHandle> hOrigCntnr = 2B66h, hDupCntnr = 2B5Bh, returned: No error [046C:0045-08EC] SchSrvRetrieveWait> Returning 2B62h [046C:0045-08EC] SchSrvRetrieveWait> and flagging as NOT completed [04FC:0000-08D4] SchContainer_Free> Called with hCntnr = 2B5Bh [04FC:0000-08D4] SchContainer_Free> Making recursive call to free parent container [04FC:0000-08D4] SchContainer_Free> Called with hCntnr = 2B66h [04FC:0000-08D4] SchContainer_Free> Freeing hCntnr = 2B5Bh EXCALCON: SchContainer_DupHandle on schMsgReqMsg.hMsgCntnr 2B66 EXCALCON: schMsgReqMsg.hMsgCntnr 2B66 duplicated to hDupCntnr 2B5B EXCALCON: SchContainer_GetRequest on hDupCntnr 2B66/2B5B EXCALCON: SchContainer_GetRequest on hDupCntnr 2B66/2B5B got hRqst 105CC EXCALCON: Requested calender from 05/10/2007 08:30:00 AM to 10/25/2007 08:30:00 AM for 1 Exchange users EXCALCON: Requesting calendar for CN=exuser7-1/O=Exchange@Exchange (exuser7-1@max-jr-domain.local) EXCALCON: MQGet on hInputQ 11998 EXCALCON: Received response for CN=exuser7-1/O=Exchange@Exchange (exuser7-1@max-jr-domain.local) EXCALCON: Schedule_NewFromSchedList on hDupCntnr 2B66/2B5B EXCALCON: MQPut on hOutputQ 11A34 EXCALCON: SchContainer_Free on hDupCntnr 2B66/2B5B
Server receives the response from Exchange Calendar Connector after this poll request, and sends to the downstream server
[046C:0045-08EC] SchSrvRetrieveWait> Polling request for gateway ExchangeFreeBusy [046C:0045-08EC] SchScanRqstCallback> Request completed in container 2B66h [046C:0045-08EC] SchWaitRqst> Request completed on container 2B66h [046C:0045-08EC] SchMsgQHandles_Free> InputQ: 11A34h [046C:0045-08EC] SchMsgQHandles_Free> OutputQ: 11998h [046C:0045-08EC] SchContainer_Free> Called with hCntnr = 2B66h [046C:0045-08EC] SchContainer_Free> Freeing hCntnr = 2B66h [046C:0045-08EC] SchSrvRetrieveWait> Return 1 new schedules [046C:0045-08EC] SchSrvRetrieveWait> Returning 2B62h [046C:0045-08EC] SchSrvRetrieveWait> and flagging as completed [046C:0045-08EC] ODSTree_HostToCanAppend> Adding root object [046C:0045-08EC] ODSTree_HostToCanAppend> Creating schedule object for CN=exuser7-1/O=Exchange@Exchange, error = 0h: No error [046C:0045-08EC] ODSTree_HostToCanAppend> Adding sched list object to schedule for CN=exuser7-1/O=Exchange@Exchange [046C:0045-08EC] SchODSTree_Build> Num entire objects n=1 [046C:0045-08EC] SchContainer_Free> Called with hCntnr = 2B62h [046C:0045-08EC] SchContainer_Free> Freeing hCntnr = 2B62h Closed session for Domino-South/Domino Org Databases accessed: 0 Documents read: 0 Documents written: 0
138
If a message leaves the Outbox or Drafts folder, it has been successfully handed off to Transport. When in Transport, it is in a queue somewhere. The Queue Viewer tool from the Toolbox in Exchange Management Console lists currently in-use queues, messages in those queues, and if the queue is blocked, a reason for the blockage.
139 Microsoft Transporter Suite for Lotus Domino 139
In this case, a single message is in queue for default-first-site-name. This queue is an SMTP Relay to a Remote Active Directory Site, and is in Retry mode. Scroll across to see the Last Error column. In this case, the text from Last Error is:
451 4.4.0 Primary target IP address responded with: 421 4.2.1 Unable to connect. Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts.
Double-clicking he queue reveals a list of messages in the queue; doubleclicking a message reveals yet more information as shown:
140
It can be seen that a significant amount of diagnostic information can be collected from the Queue Viewer tool, and it should be the first tool used once it has been determined that the message has been successfully submitted. Once the message leaves the Exchange Server organization, the problem may be in Domino.
141
Dead messages generally contain sufficient information to determine the problem as shown:
142
143
To determine the state of queues on Domino, you can send a command to the Domino Console:
TELL ROUTER SHOW
144
For more information about NDRs, see Understanding Non-Delivery Reports (http://technet.microsoft.com/en-us/library/bb232118.aspx) on the TechNet Web site. This page also contains a list of the commonly seen status codes from Exchange Server 2007 with possible causes and potential solutions.
It is also possible to log all protocol exchanges between SMTP clients and servers using the following cmd-lets:
Set-SendConnector ProtcolLogging Verbose Set-ReceiveConnector ProtocolLogging Verbose
Logs can be found in the \Program Files\Microsoft\Exchange Server\Transport Roles\Logs\Protocol directory. For additional information about protocol logging, see Managing Protocol Logging (http://technet.microsoft.com/en-us/library/aa997624.aspx) on the TechNet Web site.
145
Domino
The Routers logging level can be controlled using the Server Configuration document. Under Router/SMTP / Advanced / Controls, set the Logging level to Verbose to obtain the most information. An extract from a Server configuration document is shown here:
146
Notes to Outlook
Non-HTML messages may lose some formatting. Notes 6.x and newer clients should generate HTML for Exchange Server users under most circumstances. Text effects (highlighting, shadow text, emboss, and extrude) are lost. Spacing between lines is not maintained. Mail that is configured to 1.5 line spacing displays double spacing in Outlook 2007. Indents are not maintained. Table border thickness and colors are not maintained. Blank cells are removed from tables. Messages lose the expiration date information (ExpireDate field in Notes). Notes Rich Text (NRT) meeting requests are displayed as plain text in Outlook. Reminders on meetings are always set to 15 minutes before the meeting, regardless of the original setting. Meetings with custom recurrence patterns are converted to an e-mail message, rather than meeting requests. This includes Move to nearest weekday functionality. Meeting invitations may include an iCal attachment. This attachment can be ignored.
Both
Recurring meetings between Outlook and Lotus Notes users cannot be updated because the two systems process recurring meetings differently. To update recurring meetings, cancel the original meeting and then create a new meeting. Meeting counter-proposals/propose new time between Outlook and Lotus Notes users do not work. Lotus Notes users receive a tentative acceptance instead of a counter proposal. Addressing may look incorrect in Accept/Decline responses because of differences in interpretation of the iCal standard.
147
Rooms and Resources in Domino cannot be booked by Exchange Server users because of differences in interpretation of the iCal standard. Encrypted mail must be over S/MIME. Configuration of the certificate authorities and key exchange is beyond the scope of this document. For a more thorough examination of troubleshooting mail flow in Exchange Server 2007, see Transport and Mailflow Issues (http://technet.microsoft.com/en-us/library/bb123974.aspx) on the TechNet Web site.
148
149
150
Logging
See the section on General PowerShell Information later in this document for general information about how to log output from the Move-DominoUser cmdlet.
If the Active Directory account performing migration of Domino groups does not have the necessary permissions on Exchange Server in the domain hosting the target organizational unit, the migration tool will display the following error message: Permission denied in Exchange Server 2007 The Domino groups will be successfully migrated to Universal groups, but the new groups will not be mail-enabled. There are two ways to resolve this situation: Find the groups that were just created, delete them, and run the migration again with the appropriate permissions. Find the groups that were just created and manually mail enable them through the Exchange Admin Console using an account with the appropriate permissions. You can work around some Active Directoryrelated connectivity problems by specifying a different global catalog using the -GlobalCatalog switch: Move-DominoGroupToAD Identity 'Notes Canonical Name' -PrimaryDirectory 'mergemode' TargetOU 'OU=orgunit,DC=domain,DC=com' GlobalCatalog gcname
Logging
See the section on General PowerShell Information later in this document for general information about how to log output from the Move-DominoGroupToAD cmd-let.
152
153
An error such as You are not authorized to perform that operation indicates that the user associated with the ID file used to access the Domino server does not have Reader or higher permissions on the database to be migrated.
Database corruption
Corrupted databases may not present day-to-day problems for clients, but may be exposed by migration, because migration tries to read every item in a database. Generally, database maintenance on Domino is performed daily, however this can be changed. If errors are generated during extraction, running a series of commands against the database to check for and correct corrupted records is recommended. The commands only run on a local copy of a Notes database, so are generally run on the server hosting the mailbox database. If the databases are in use, the tools will fail.
C:\Program Files\Lotus\Notes\nfixup databasename.nsf f C:\Program Files\Lotus\Notes\nupdall databasename.nsf r C:\Program Files\Lotus\Notes\ncompact databasename.nsf
These tools may not repair all documents within a database, or the problem may be in the logic the Transporter Suite uses when extracting documents. In most cases, the extraction logic will skip over items that cannot be understood or read correctly, with warnings generated indicating the type of problem that occurred. It may be possible to copy documents to another database, and re-attempt extraction. If this is not possible, contact Microsoft Help and Support (http://go.microsoft.com/fwlink/?LinkId=31845) for help. To diagnose and troubleshoot such issues will generally require a copy of the NSF in question.
Other errors such as Could not load folder cache for the user (smtp_address@of.user) may suggest permissions problems. You can verify permissions by going to the URL: https://clientaccessservername/owa, and logging in as the user in question. Note: The impersonation of the user owning the mailbox cannot be performed if the user account is disabled. For multiple-forest topologies where the account forest is separate from the Exchange Server forest, accounts in the Exchange Server forest are disabled. To migrate, you should enable the accounts, perform the migration, and then disable the accounts again. If the problem appears to be a permissions issue, check permissions on the mailbox store object using the following cmd-let in the Exchange Management Shell: Get-ExchangeServer mailboxservername | Get-ADPermission fl > path_to_save_text_file Then, review the generated file. It has been seen (although not yet understood why) that in some cases a Deny ACL has been set for the Exchange Servers group, as shown in the following output (the clues to the problems are highlighted in bold): User : Domain_name\Exchange Servers Identity : mailboxservername Deny : True AccessRights : {ExtendedRight} ExtendedRights : {ms-Exch-Store-Read-Write-Access} IsInherited : False Properties : ChildObjectTypes : InheritedObjectType : InheritanceType : All User : Domain_name \Exchange Servers Identity : mailboxservername Deny : True AccessRights : {ExtendedRight} ExtendedRights : {ms-Exch-Store-Read-Access} IsInherited : False Properties : ChildObjectTypes : InheritedObjectType : InheritanceType : All User : Domain_name \Exchange Servers Identity : mailboxservername Deny : True AccessRights : {ExtendedRight} ExtendedRights : {ms-Exch-Store-Transport-Access} IsInherited : False Properties : ChildObjectTypes :
155
Filtering
It is possible using the Transporter Command Shell to inject only a subset of items. In the simplest form, items can be filtered by type. Passing one or more of the following switches to Move-DominoMailbox controls simple filtering. -ExcludeContacts: Prevents the migration of Contacts -ExcludeEmail: Prevents the migration of Mail messages -ExcludeSchedule: Prevents the migration of Calendar items -ExcludeTask: Prevents the migration of Task items -EmailStart and -EmailEnd: Allows for the filtering of objects based on their Received time This simple filtering can narrow the problem to a group of messages of a particular type in a particular date range, which may be sufficient to exclude the messages from injection. These excluded messages obviously would not appear in the Exchange Server mailbox. More complex filtering can be performed using pipeline filtering to reduce the number of messages that would be excluded from migration. A sequence of commands can be used to extract from Domino, save to a binary file, and filter before importing. For example: Perform the extraction: Move-DominoMailbox Identity 'Notes Canonical Name' ToPipeline | Export-TransporterBinary TargetFilePath 'path' -TargetFilePrefix 'prefilter' Filter messages: Import-TransporterBinary SourceFileName 'path\prefilter.tbin' | ForEach-Object Process { if ($_.Subject ne 'subject' { echo $_ } } | Export-TransporterBinary TargetFilePath 'path' -TargetFilePrefix 'postfilter' Perform the injection: Import-TransporterBinary SourceFileName 'path\postfilter.tbin' | Move-DominoMailbox Similarly, it is possible to log each item as it is injected (although injection will be significantly slower, because a new injection session occurs for each message): Dump interesting item details, and continue with injection: Move-DominoMailbox Identity 'Notes Canonical Name' ToPipeline | ForEach-Object Process { echo $_.Subject; echo $_.SourceUID; $_ | Move-DominoMailbox } Now, if an item cannot be transformed/injected just before the appearance of the warning message, the Subject and SourceUID (the Notes Document ID) will be displayed.
156 Microsoft Transporter Suite for Lotus Domino 156
Such a list can be given to an end-user before migration if this test is performed in the lab before the migration.
A note on addressing
Addresses stored in Personal Address Books (and in mail from Personal Archives) will not be reply-able, unless the Notes address has been copied to the associated user or contact object in the Active Directory. Ordinarily, this copying of addresses will occur during Directory Synchronization and as part of the function of Move-DominoUser. The Domino routing engine also does fuzzy address matching, meaning it tries to resolve users whose names have been modified. For example, the following two users may resolve to the same entity, depending on configuration setting on the Domino side. Contact: John T Smith/Certifier Person document: John Smith/Certifier During a Move-DominoUser operation, all addresses in the FullName field of the Person document associated with the user being moved will be copied to Active Directory. Generally, old names/addresses are in the FullName field, so this would not be a problem but there may be cases when the names/addresses are not. To
157 Microsoft Transporter Suite for Lotus Domino 157
resolve this issue, just create a new address on the Active Directory user or contact object.
Logging
See the section on General PowerShell Information later in this document for general information about how to log output from the Move-DominoMailbox cmd-let. Using the PowerShell filtering procedures noted earlier, it may be possible to filter out the items causing the issue. If this is not possible, contact Microsoft Help and Support (http://go.microsoft.com/fwlink/?LinkId=31845) for help. To diagnose and troubleshoot such issues will generally require a copy of the NSF in question, or a TBIN (Transporter Binary) file containing the objects that are not transformed/injected correctly.
158
Personal Archives
In the Transporter Command Shell, you can perform extraction only using a command of the form: $allitems = Get-NotesMailArchive DominoMailDomain 'Domino domain' -ContentOwner 'smtp_address@of.user' SourceFileName 'source_path' It is also possible to perform extraction to a binary file:
Get-NotesMailArchive DominoMailDomain 'Domino domain'
Common
For both PAB and Personal Archives, injection can be performed using a command similar to: $allitems | Add-ExchangeItem And to import (inject) the binary file: Import-TransporterBinary SourceFileName 'sourcefilename' | Add-ExchangeItem
159 Microsoft Transporter Suite for Lotus Domino 159
Extraction issues
Corrupted databases may not present day-to-day problems for clients, but may be exposed by migration, because migration tries to read every item in a database. Database maintenance on local Notes databases is not usually performed. If errors are generated during extraction, running a series of commands against the database to check for and correct corrupted records is recommended. The commands only run on a local copy of a Notes database. If the databases are in use, the tools will fail.
C:\Program Files\Lotus\Notes\nfixup databasename.nsf f C:\Program Files\Lotus\Notes\nupdall databasename.nsf r C:\Program Files\Lotus\Notes\ncompact databasename.nsf
These tools may not repair all documents within a database, or the problem may be in the logic the Transporter Suite uses when extracting documents. In most cases, the extraction logic will skip over items that cannot be understood or read correctly, with warnings generated indicating the type of problem that occurred. It is also possible that the wrong database template has been applied to a PAB or archive file. You can apply a new database template in the Notes client by locating the database on the workspace, right-clicking to bring up the shortcut menu, and choosing Database/Replace Design, and then choosing the design to apply. Personal Address Books should use the PERNAMES.NTF (Personal Address Book), and Personal Archives should use the MAILx.NTF (version-specific Mail template).
It may be possible to copy documents to another database, and re-attempt extraction. If this is not possible, contact Microsoft Help and Support
160 Microsoft Transporter Suite for Lotus Domino 160
(http://go.microsoft.com/fwlink/?LinkId=31845) for help. To diagnose and troubleshoot such issues will generally require a copy of the NSF in question.
Transformation/Injection issues
The troubleshooting methodology for transformation/injection issues when migrating Personal Address Books and Personal Archives is the same as for Migrating Mailboxes. See the Transformation/Injection Issues in Troubleshooting Mailbox Migration.
Logging
See the section on General PowerShell Information later in this document for general information about how to log output from the MoveNotesPABToExchange and Move-NotesMailArchiveToExchange cmd-lets.
161
Appendixes
Customizing Directory Synchronization
Like the Lotus Notes Connectors from earlier versions of Exchange Server, the Microsoft Transporter Suite for Lotus Domino provides a Directory Connector component that synchronizes one or more Domino directories with Active Directory. Synchronization is bidirectional and can include contacts as well as mailboxes. The names and addresses of distribution lists (Notes "groups") can be synchronized; however, the membership of the DL or group is not carried in the shadow entry, and all distribution list/group expansion will be done on the system where the distribution list or group is maintained. As delivered, the product synchronizes a useful subset of the many attributes supported by the two directories. This section explains how attributes are synchronized, and how you can customize the process to meet local requirements. Through customization, you can do either of the following: Change the list of attributes that are synchronized between Domino and Exchange Server 2007, adding or removing attributes. Change the way attributes are mapped between the systems. The synchronization process uses four control files, which are located in the \Program Files\Microsoft Transporter Tools\Config\Connector folder. The files are: DominoAttributes.tbl: Maps Domino attributes to intermediate schema attributes. ExchangeAttributes.tbl: Maps Active Directory attributes to intermediate schema attributes. DominotoExchangeRules.tbl: Defines the rules for constructing values in the Directory Connector namespace targeted for Active Directory. ExchangetoDominoRules.tbl: Defines the rules for constructing values in the Directory Connector namespace targeted for the Domino directory. Notes: If you edit these files using Notepad or another Text Editor, make sure that you save backup copies of the shipped files. Do not use the Tab key when making changes all white-space characters should be entered using the space key. Make sure that directory synchronization is not active when editing the files stop the Microsoft Exchange Directory Connector Service for Lotus Domino. If you add attributes to the synchronized schema or change any mapping rules for existing attributes, we recommend you to perform a full directory reload in both directions.
162 Microsoft Transporter Suite for Lotus Domino 162
Schema definition (the Attributes.tbl) files determine the subset of the native directory attributes that are synchronized. Each line in the file that is not blank or a comment defines a single attribute. The first column is a short name or tag for a directory attribute used in the mapping rules. The second column has the maximum field length for the purpose of directory synchronization. The total of all field lengths must not exceed approximately 9500 characters. The third column contains the internal name for the attribute in the directory. The Lotus Domino Directory's schema definition includes a fourth column, which is used in specific cases, such as a Read-only attribute. Consider the following extract from the DominoAttributes.tbl file: MailSys 4 MailSystem ReadOnly MailSys is the internal attribute name 4 is the maximum length of the attribute MailSystem is the Domino attribute name ReadOnly indicates that this attribute cannot be written back to the Domino directory
Table 1 shows the default information in the DominoAttributes.tbl. This file defines how attributes are mapped between the Domino directory and the Directory Connector
163
Table 1: DominoAttributes.tbl
Connector Name
(Friendly Name) FULLNAME MAILDOMAIN CALDOM MAILSRV MailSys COMPANY DEPARTMENT FIRSTNAME LASTNAME OFFICE ALIAS SecALIAS
Size Limit
(Length) 220 31 32 32 4 64 64 64 64 128 64 128
Behavior Flag
(Key Attribute Field)
FullName MailDomain CalendarDomain MailServer MailSystem CompanyName Department FirstName LastName Location ShortName FullName ForMailNickname Escape FirstValue ForMailNickname ReadOnly NoDefault
64 256 16 6 32 20 20 20 20 128
$$UNID $$DN $$USN MiddleInitial JobTitle OfficePhoneNumber CellPhoneNumber OfficeFAXPhoneNumber ResourceFlag FullName Escape FirstValue ForNotesAddress FirstValue ForSmtpAddress Escape FirstValue ForSmtpAddress AddMailDomain
SmtpLocal SmtpLocEsc
128 128
FullName ShortName
256 256 12 64 20 20 12 12
20 20 20 32 12 20 40 6 32
Table 2 shows the default information in the ExchangeAttributes.tbl. This file defines how attributes are mapped between Active Directory and the Directory Connector.
Table 2: ExchangeAttributes.tbl
Connector Name
(Friendly Name) DN LegacyDN OBJECTID USNCreated COMPANY DEPARTMENT NAME DispName FIRSTNAME ALIAS OFFICE LASTNAME UNID TA Mail NOTESADDR InetAddr PriSMTP SecSMTP FwdAddr Initials Title Phone MobilePhn
165
Size Limit
(Length) 256 256 32 12 64 64 128 128 64 64 64 64 128 256 256 128 256 256 256 256 6 32 20 20
Behavior Flag
(Key Attribute) ReadOnly ReadOnly ReadOnly ReadOnly
ReadOnly
ReadOnly
Fax ZIP Pager Comment Country EmpId Empnum Emptype Offcity Offstate Offstreet HomePhone StrtAddr Suffix Website
20 16 20 64 20 20 12 12 20 20 32 20 40 6 32
facsimileTelephoneNumber postalCode Pager Comment Co employeeID EmployeeNumber EmployeeType L St StreetAddress HomePhone homePostalAddress generationQualifier wwwHomePage
Mapping rule files define how attributes from one schema are mapped to attributes in the other schema. Each non-blank, non-comment line is a rule that assigns a value to a single attribute in an entry in the target directory. The right-hand side of the rule is a string expression made up of string constants, numeric constants, references to attributes in the source directory, and built-in string manipulation functions.
DominoToExchangeRules.tbl
The following rules for mapping Domino attributes to Active Directory attributes are shipped in \Program Files\Microsoft Transporter Tools\Config\Connector\DominoToExchangeRules.tbl. Spaces have been added to improve readability. Alias = ISEQUAL( Alias, "", ISEQUAL( InetAddr, "", SecALIAS, Strip( InetAddr, "@", "L", "R" ) ), Alias ) DispName = ISEQUAL( Resource, "", X500( FullName, "CN" ), Strip( FullName, ";", "L", "R" ) ) Name = Strip( FullName, ";", "L", "R" ) LastName = ISEQUAL( LastName, "", ISEQUAL( FirstName, "", X500( FullName, "CN"), "" ) , LastName) NOTESADDR = NotesLocal "@" MailDomain TA = ISEQUAL( FwdAddr, "", ISEQUAL( CFGPARM("DominoSmtpDomain"), Strip( InetAddr, "@", "L" ), InetAddr, ISEQUAL(SmtpLocal, "", SmtpLocEsc, SmtpLocal) "%" MailDomain "@" CFGPARM("DominoSmtpDomain")), FwdAddr ) Mail = InetAddr PriSMTP = InetAddr SecSMTP = ISEQUAL( CFGPARM("DominoSmtpDomain"), Strip( InetAddr,
166 Microsoft Transporter Suite for Lotus Domino 166
"@", "L" ), "", ISEQUAL(SmtpLocal, "", SmtpLocEsc, SmtpLocal) "%" MailDomain "@" CFGPARM("DominoSmtpDomain")) Note: that there are no explicit mappings between attributes where the internal schema names match in the ExchangeAttributes.tbl and DominoAttributes.tbl. When the internal schema names match, an implicit copy is performed. For example, in the DominoAttributes.tbl, the StreetAddress attribute is mapped to the StrAddr internal schema name. In the ExchangeAttributes.tbl, the homePostalAddress is mapped to the same internal schema name. Information in one directory will be copied to the appropriate field in the other directory. This is equivalent to mappings in the rule files like:
StrAddr = StrAddr
Is equivalent to the following pseudo-code (Note: Each function is described in greater detail toward the end of the document): If the FwdAddr attribute is empty, then If the text after the @ in the InetAddr attribute matches the value of the DominoSmtpDomain configuration parameter, then Set the TargetAddress to the value in the InetAddr attribute Otherwise (so it did not match) If the SmtpLocal attribute is empty, then Set the TargetAddress to the value in the SmtpLocEsc attribute, appending %, the value of the MailDomain attribute. @ and the value of the DominoSmtpDomain configuration parameter Otherwise (so the SmtpLocal contained data) Set the TargetAddress to the value in the SmtpLocal attribute, appending %, the value of the MailDomain attribute. @ and the value of the DominoSmtpDomain configuration parameter Otherwise (so the FwdAddr contained data) Set the TargetAddress to the value in the FwdAddr attribute
167 Microsoft Transporter Suite for Lotus Domino 167
End If you assume that the Person document representing a Domino user does not have either a defined Forwarding Address, or Internet Address, and that these attributes are set: Mail Domain: Domino Fullname: Bob Johnson/Certifier Bob Johnson Robert Johnson We also need to know the Domino SMTP domain associated with the Domino domain. For the purposes of this example, assume its domino.contoso.com. Working through the example above, the resulting TargetAddress will be:
Bob_Johnson/Certifier%Domino@domino.contoso.com
This is consistent with the addressing Domino would produce using a default Global Domain document, and ensures that the Domino Router can route the message correctly. It can be seen that quite complex string manipulation can be performed using the rules, but note that if the syntax is not correct, no Directory Synchronization will be performed. The DN (Distinguished Name) mapping rule actually provides only a portion of the eventual full DN created for the Notes entry in Exchange Server. The full DN is constructed by concatenating the DN of the Import Container where Notes custom recipient entries are stored, with the DN fragment created by the mapping rule. The following rules for mapping Exchange Server attributes to Domino directory attributes are shipped in \Program Files\Microsoft Transporter Tools\Config\Connector\ExchangeToDomi noRules.tbl.
168
ExchangeToDominoRules.tbl
FullName = X500(LegacyDN, "cn", 2) ISEQUAL( X500(CFGPARM("legacyExchangeDN"), "cn", 1), X500(LegacyDN, "cn", 1), "/" X500(LegacyDN, "cn", 1), "/" CFGPARM("ForeignDomain")) ";" DispName ";" Alias ";" FwdAddr LastName = ISEQUAL( LastName, "", Alias, LastName ) UNID = GUID2UNID( OBJECTID ) CALDOM = CFGPARM("ForeignDomain") MAILSRV = CFGPARM("DominoServer")
Mapping Functions
Mapping Rules use a simple macro language that allows you to define how to create entries in different directory systems. An important part of the macro language is the mapping functions that manipulate a series of arguments you supply and return a result in the form of a string. Your mapping rules can combine this result with other constant strings and function calls to build up the overall result of the rule. Mapping functions operate on strings and numeric constants. Strings can be either attribute tags (the short names defined in the schema definition file) from the source directory, or string literals. A string literal is an actual sequence of characters enclosed in quotation marks, such as "Star Mart", ".", or even " " (three spaces). Note: that you do not use the real attribute names in mapping rules you use the internal schema attributes defined in the schema definition files.
FUNCTION_NAME( arguments )
For example:
LEFT (Fullname, 4)
If this LEFT function is coded in a mapping rule, it will return the left-most four characters of the contents of the Fullname field in the source directory. Functions can be combined with each other or with string literals, allowing you to create arbitrarily complex result strings. A rule and the resulting string it returns can be as long as 2,048 characters.
Description
Used for function names Used to indicate optional arguments. If an optional argument is omitted, its default value is
Microsoft Transporter Suite for Lotus Domino 169
assumed.
The following list contains all of the built-in mapping functions showing their syntax, a description, and examples of the result it produces. Although the examples use only string literals as arguments, remember that each argument can itself be an arbitrarily complex string expression, including nested function calls.
Function: AND()
Returns the concatenation of two non-null strings, or the null string if either of the strings involved is null.
Syntax
AND( exp1,exp2 )
Examples
Function AND( "A", "B" ) AND( "", "B" ) AND( "A", "" ) Result "AB" "" ""
Function: CFGPARM()
CFGPARM returns the value of a parameter in the ExchangeDominoConnector.XML file. Exp1 specifies the parameter whose value is to be returned; exp2 specifies the section within the INI file. If the section is omitted, then the DXA's (Directory Synchronization Agents) home section (for example DXANOTES) is used. If neither the section nor the parameter is found, the result is an empty string.
Syntax
CFGPARM( exp1[,exp2] )
Examples
Function
CFGPARM( "executable" ) CFGPARM( "locale", "dxm" )
Result
"lsdxamex.exe" "English"
Function: ISEQUAL()
ISEQUAL returns the value of val1 if exp1 equals exp2, otherwise it returns the value of val2. ISEQUAL is not case-sensitive.
Syntax
ISEQUAL( exp1, exp2, val1, val2 )
Examples
Function Result
170
ISEQUAL( "remote", "remote", "R", "L" ) ISEQUAL( "remote", "local", "R", "L" ) ISEQUAL( "remote", "REMOTE", "R", "L" )
Function: LEFT()
LEFT returns the left-most length characters of field. If field has fewer than length characters, the result is padded on the right with the pad character. The default pad character is a blank.
Syntax
LEFT ( field, length, [, pad] )
Examples
Function
LEFT ( "416-555-0123", "3" ) LEFT ( "triple", "9" ) LEFT ( "triple", "9", "x" )
Result
"416" "triple " "triplexxx"
Function: LOWER()
LOWER returns the value of field with any uppercase letters converted to lower-case.
Syntax
LOWER ( field )
Examples
Function
LOWER ( "Contoso" ) LOWER ( "Bonnie" )
Result
"contoso" "bonnie"
Function: NAMEF()
If field contains a person's name in a specified format, NAMEF returns the person's first name or initial. Two styles are supported: The name is in the form "First Middle Last". The name is in the form "Last, First Middle". The default style is 1 if field does not contain a comma, 2 if it does. Initials or strings of initials are treated as first or middle names. If a name has only one part, it is considered both first and last name, regardless of the style.
Syntax
NAMEF ( field, [, style] )
Examples
Function Result
171
( ( ( ( (
"Shirleen H. Travers" ) "S. H. Travers" ) "SH Travers" ) "Travers, Shirleen H.", "2" ) "Shirleen", "2" )
Function: NAMEL()
If field contains a person's name in a specified format, NAMEL returns the person's last name. Two styles are supported: The name is in the form "First Middle Last". The name is in the form "Last, First Middle". The default style is 1 if field does not contain a comma, 2 if it does. Initials or strings of initials are treated as first or middle names. If a name has only one part, it is considered both first and last name, regardless of the style.
Syntax
NAMEL ( field, [, style] )
Examples
Function
NAMEL NAMEL NAMEL NAMEL NAMEL ( ( ( ( ( "Shirleen H. Travers" ) "S. H. Travers" ) "Shirleen Travers" ) "Travers, Shirleen H.", "2" ) "Shirleen")
Result
"Travers" "Travers" "Travers" "Travers" "Shirleen"
Function: NAMEM()
If field contains a person's name in a specified format, NAMEM returns the person's middle name or initial. Two styles are supported: The name is in the form "First Middle Last". The name is in the form "Last, First Middle". The default style is 1 if field does not contain a comma, 2 if it does. Initials or strings of initials are treated as first or middle names. If a name has only one part, it is considered both first and last name, regardless of the style. Anything that is not identified as a first or last name is considered a middle name.
Syntax
NAMEM ( field, [, style] )
Examples
Function
NAMEM NAMEM NAMEM NAMEM NAMEM
172
Result
"Shirleen H. Travers" ) "S. H. Travers" ) "Travers, Shirleen H." ) "Travers, Shirleen", "2" ) "Travers, Shirleen H.", "2" ) "H." "H." "H." "" "H."
( ( ( ( (
Function: POS()
POS returns the position of the string target within field. If the target is not in the field, POS returns zero.
Syntax
POS ( field, target )
Examples
Function
POS ( "Title: President", "Ti" ) POS ( "Title: President", ":" ) POS ( "Title: President", "Manager" )
Result
"1" "6" "0"
Function: PROPER()
PROPER returns the value of field with lower-case and upper-case letters converted to mixed-case, as if field were a proper name.
Syntax
PROPER ( field )
Examples
Function
PROPER ( "contoso" ) PROPER ( "robert") PROPER ( "o'hara" )
Result
"Contoso" "Robert" "O'Hara"
Function: REPLACE()
This mapping function enables you to remove specific characters from an ID or replace selected characters with substitute characters. It scans field for any characters in the what string and replaces them with the corresponding character from the with string. If the with string is shorter or is not provided (meaning that one or more characters in what have no corresponding characters in with), those characters are elided (removed) from field.
Syntax
REPLACE ( field, what [,with] )
Examples
Function
REPLACE ("James Hendergart"," ","_") REPLACE ("Sales & Marketing"," ",".")
Result
"James_Hendergart" "Sales.&.Marketing "
Function: RIGHT()
RIGHT returns the right-most length characters of field. If field has fewer than length characters, the result is padded on the left with the pad character. The default pad character is a blank.
Syntax
173 Microsoft Transporter Suite for Lotus Domino 173
Examples
Function
RIGHT ( "416-555-0123", "7" ) RIGHT ( "416-555-0123", "8" ) RIGHT ( "node", "5", "@" )
Result
"55-0123" "555-0123" "@node"
Function: STRIP()
STRIP locates the left-most or right-most occurrence of string2 in string1 and removes characters from the right or left, including string2. The value for scanfrom-direction determines whether STRIP looks for the left-most or right-most occurrence of string 2 in string 1; the value for strip-toward- direction determines whether characters are removed from the left or right of where string2 starts. If the either the scan-from-direction or the strip-toward-direction parameter is omitted, the value for the missing parameter is assumed to be the same as the one that is specified. If both these parameters are omitted, the default for both is assumed to be "R" (right).
Syntax
STRIP ( string1, string2, [scan-from-direction] , [strip-toward- direction]), Where [scan-from-direction] = "L" | "R" [strip-toward-direction] = "L" | "R"
Examples
Function
STRIP("Senior Vice President", "Vice", "L") (Note: the leading space) STRIP ("Senior Vice President", "Vice", "R") (Note: the trailing space) STRIP ("Senior Vice President", " " , "L") STRIP ("Senior Vice President", " ", "R") STRIP ("Senior Vice President", " ", "R", "L")
Result
" President" "Senior " "Vice President" "Senior Vice" "President"
Function: SUBSTR()
SUBSTR returns the portion of field starting at position start, with length characters, padded with the pad character if necessary. The default for length is (length of string - start + 1). The default pad character is a blank.
Syntax
SUBSTR ( field, start [,length [, pad] ] )
Examples
Function
174
Result
Microsoft Transporter Suite for Lotus Domino 174
"6" ) "President" "2", "3" ) "ice" "7", "9", "s" ) "residents" "11", "4" ) "dent"
Function: TRIM()
TRIM returns field with leading or trailing blanks removed. Option specifies whether to remove leading blanks (L) trailing blanks (R), or both (B).
Syntax
TRIM ( field [,option] )
Examples
Function
TRIM ( " Title ", "B" ) TRIM ( " Title ", "L" ) TRIM ( " Title ", "R" )
Result
"Title" "Title " " Title"
Function: UPPER()
UPPER returns the value of field with any lower-case letters converted to upper-case.
Syntax
UPPER ( field )
Examples
Function
UPPER ( "Contoso" ) UPPER ( "Bonnie" )
Result
"CONTOSO" "BONNIE"
Function: WORD()
WORD returns m blank-delimited words starting with the nth word in field. WORD returns an empty string if field contains fewer than n words. The default value for m is 1.
Syntax
WORD ( field, n [, m] )
Examples
Function
WORD WORD WORD WORD WORD ( ( ( ( ( "one of a "one of a "one of a "one of a "Shirleen kind", "1" ) kind", "1", "2" ) kind", "3", "2" ) kind", "5" ) H. Travers", "3" )
Result
"one" "one of" "a kind" "" "Travers"
175
Function: X500()
X500 returns the contents of the named field for the specified address. If the address has two or more components with the same field name, the index value is used to specify the correct one. The following X.500-type addresses are supported: Microsoft Exchange Server Canonical (for example, /o=org/ou=site[/cn=container]) Lotus Notes Canonical (for example, cn=name/ou=site/o=org/c=country) Lotus Notes Abbreviated Canonical (e.g. name/site/org/country)
Syntax
X500 ( address, field name [,index] )
Examples
If the value of the DN field is that provided in the sample X500 address below: /o=Contoso/ou=Sales Office/cn=Recipients/cn=Notes_Users The function would provide the following result: Function
X500 ( DN, "ou") X500 ( DN, "o") X500 ( DN, "cn", 2)
Result
"Sales Office" "Contoso" "Notes_Users"
176
Then force a Full Reload to Domino (to update all previously synchronized objects) using a command of the form:
Start-DominoDirectoryConnector Identity 'identity_of_connector' -FullReloadToDomino
The Foreign Domain document described in Configuring Free/Busy Lookup in this document should reflect this new domain name.
If the connector still does not exist, you can use the importedFrom attribute from a contact or user object synchronized by the old connector. A tool such as LDP, ADSIEdit or LDIFDE can be used to gather this value. Strip off the braces surrounding the value from these sources. So if importedFrom is: {BA7D7F52-E730-30E5-8707-D11F06136193} Use: BA7D7F52-E730-30E5-8707-D11F06136193 Once you have the value, before any other synchronization, but after configuration of the connector, in the Transporter Command Shell run the following command: Start-DominoDirectoryConnector Identity 'identity_of_new_connector' -TakeOwnership LegacyConnectorId 'objectGUID_of_old_connector' Note: A Full Reload will occur in each direction, and the objects should be updated on each side.
179
If there are no matches found, indicate that a new user account should be created. Active Directory Group Group migration does not support soft matches. Active Directory Contact Hard match: The first property to match on is Foreign Proxy address (that is, the NOTES: address). Hard match: If there is no match on Foreign Proxy Address, try to match on SMTP address. If no match is found on proxy addresses, there will be no contact match. If you wish to force a match on a contact, give that contact a proxy address that would result in a match.
181
182
Note: Multiple Free/Busy connectors cannot be used to connect to disparate Domino organizations (so Notes organizations that do not already have existing connections).
183
184
For more information about PowerShell see Scripting with Windows PowerShell (http://www.microsoft.com/technet/scriptcenter/hubs/msh.mspx) on TechNet Web site.
Additional Information
If you are working on a complex connectivity problem, you can get additional information and help from the following sources: Microsoft Help and Support Advanced Search (http://go.microsoft.com/fwlink/?LinkId=18175): Search or browse through the Knowledge Base to find information about the various Exchange Server 2007 components. Many Knowledge Base articles provide straightforward answers to frequently asked questions or discuss known issues. Some articles clarify which components and configurations are supported by Microsoft, and others explain how to use troubleshooting tools. You can search the Knowledge Base using keywords, header text, or full text. Microsoft TechNet (http://go.microsoft.com/fwlink/?linkid=54372): TechNet is a central information and community resource designed for IT professionals. The TechNet program includes technical briefings, special offers, the TechNet Web site, and an electronic newsletter in addition to a CD subscription. TechNet offers information about Microsoft strategies and industry trends, provides "how-to" information and software updates for known problems, and serves as a forum for sharing information, ideas, and opinions with other Exchange Server specialists. Exchange Server TechCenter (http://go.microsoft.com/fwlink/? LinkId=34165): You can visit numerous Web sites and newsgroups to obtain information about Exchange Server 2007. Microsoft Help and Support (http://go.microsoft.com/fwlink/?LinkId=31845): If you cannot solve a problem without direct assistance from a support specialist, contact Microsoft Customer Support Services online or by phone.
185