Copy Microsoft Online-specific Active Directory user attributes from one user to another

I’m working on an advanced Office 365 migration project where the domain that gets synchronized with Office 365 isn’t the domain where the Exchange servers live. The problem is that Exchange-specific attributes that are synchronized up to Office 365 in most migration scenarios aren’t available in this domain.

In summary, we have a resource domain that contains user accounts, and three additional domains (in different forests) that contain legacy Exchange environments. The goal is to retire legacy Exchange environments in favor of Exchange Online and to collapse the other domains into the single resource domain. One problem with this scenario is that the legacy domains contain attributes that aren’t available in the resource domain since it was never extended to contain Exchange-specific attributes. Adding those attributes doesn’t solve the problem of propagating Exchange-specific user attribute values to Exchange Online, since those values are populated only in the legacy domains, and don’t make their way, automatically, to the resource domain.

While it would be possible to set up something like FIM 2010 to manage attribute transfer, the faster and sufficient-to-purpose way is just to copy those source values into the resource domain, and allow Microsoft Online Directory Synchronization tool to propagate them to Office 365.

Microsoft already provides some scripts that perform post staged-migration mailbox clean up in the legacy Exchange environments (to convert a mailbox user to a mailbox-enabled user and update mail, legacyExchangeDN, msExchMailboxGuid, and proxyAddresses attributes), and i took the vbs version of that script and used it as a base to create a new script – CopyMSOLAttributes.vbs.

The script takes 4 or 5 parameters:

1. Source user domain controller FQDN
2. Source user alias (SAMAccountName)
3. Target user domain controller FQDN
4. Target user alias (SAMAccountName)
5. AllowAliasMismatch parameter

The first four are required, the fifth one is optional. If source alias and target alias do not match, the AllowAliasMismatch parameter is required for the script to proceed. It would be tragic if the wrong user’s attributes were overwritten accidentally! Well, maybe not tragic in the theatrical sense of the word, but definitely inconvenient.

The script copies the following attributes from source user to target user:

1. legacyExchangeDN
2. proxyAddresses
3. mail
4. msExchMailboxGuid
5. targetAddress

In the case of proxyAddresses, it doesn’t remove any if they already exist on the target user – instead it just adds what it finds in the source user. In my testing, duplicate items aren’t added to the proxyAddresses list – i guess AD is smart enough to disallow such behavior.

This script is available for download on Codeplex.