Overview
This article outlines how one can migrate / move a Archiver installation to a new Active Directory domain while keeping the same server.
Prerequisites
ENVIRONMENT / MIGRATION ASSUMPTIONS
- Archival is achieved via a journal mailbox
- Using Active Directory
- The same server on which Archiver is installed on in the old domain will be migrated into the new domain
- The same server on which Microsoft SQL Server is installed on in the old domain will be migrated into the new domain
- If using Archive Stores which utilize binary folders, these folders are stored locally on the GFI Archiver server and not on a UNC path in the network
- This procedure might not be suitable for environments with a very high mail flow as it assumes a certain downtime in regard of archival. This might generate a large backlog of emails in the journal mailbox until archival is resumed.
Solution
SECTION 1 - BEFORE STARTING THE GFI ARCHIVER MIGRATION
- Journaling should be enabled within the mail environment of the new domain
- All user accounts should be migrated to the new domain
- It is recommended that the user logon names (sAMAccountName) are kept identical in the new domain
- Journaling should be disabled within the mail environment of the old domain
SECTION 2 - GFI ARCHIVER MIGRATION
- Open the GFI Archiver web page and take a record of the following sections under the [Configuration] tab
- [Roles and Permissions]
- [Archive Restrictions]
- [Access Control]
- [Archive Stores] - summary of each
NOTE: If you are unable to access the console any longer you can use How to Reset Roles and Permissions to set the system back to default permissions. Additionally this step is not required if you are ok with rebuilding a few settings if there are issues with the transfer.
- Wait until all items from the data sources (journal mailboxes) of the old domain have been downloaded and processed
- Check that the journal mailbox is empty and that no new emails are flowing into it
- Wait until the following folders on disk are empty:
- ..\GFI\Archiver\Core\Pickup
- ..\GFI\Archiver\Core\Queue
- ..\GFI\Archiver\MAIS\Pickup
- ..\GFI\Archiver\MAIS\Queue
- Disable all data sources under [Configuration > Mail Servers to Archive]
- Create a backup of the system including data
- Remove all data sources under [Configuration > Mail Servers to Archive] which refer to journal mailboxes in the old domain
- Disable auditing under [Configuration > Auditing] if it is enabled
- Stop all GFI Archiver services and set their startup-mode to [manual]
- Disjoin the Microsoft SQL Server from the old domain and join it to the new domain (note that the server hostname respectively the Microsoft SQL Server instance name must not change!)
- This step falls outside of the scope of GFI Technical Support
- Please make sure to take any necessary precautions for a migration of a Microsoft SQL Server between domains
- Disjoin the GFI Archiver server from the old domain and join it to the new domain
- This step falls outside of the scope of GFI Technical Support
- Start all GFI Archiver services and set their startup-mode to [automatic]
- Run the MAUpdateUsers tool against all databases to allow users to access their mailboxes in GFI Archiver in a transparent way
- This tool can be downloaded from the links provided in the article above: Using the Archiver Update Users Tool
- This tool can only be used if the users' logon name in the new domain is identical to the logon name in the old domain (attribute: sAMAccountName)
- It is recommended to use this tool before resuming archival
- Rebuild the indexes of the Archive Stores after using this tool - this can be done at a later point in time and can take a significant amount of time
- Review all settings under [Configuration] and edit / update as needed
- Leave [Mail Servers to Archive] to last
- If the [Configuration] tab of the web interface cannot be accessed, reset the [Roles and Permission] settings
- Re-enable auditing under [Configuration > Auditing] if auditing was enabled in the old domain
- Open [Configuration > Archive Stores > New Archive Store Settings] and go through the wizard
- GFI Archiver utilizes the objectGUID from Active Directory objects as a reference. This data always changes when migrating domains and cannot be carried over into the new Active Directory domain. Settings which rely on it will not work in the new domain and must be reconfigured manually. Many settings can contain such references, but the following are most vital and must be reviewed, edited / updated before resuming archival:
- [Archive Restrictions]
- [Retention Policies]
- Once all other settings have been reviewed, add new data sources under [Configuration > Mail Servers to Archive] pointing to the new journal mailboxes in the new domain
Testing
After migrating the server to the new domain, review step 11 in the steps above. This verifies the content is configured under the new domain. After Step 12 verify new mail is showing in the Archive tab of the web console.