Hello, Here is the picture : one forest with 2 domains. In domain A sits an Exchange 2003 server. I've added an Exchange 2010 server in domain B. I've nearly moved all mailboxes and everything works fine. But ... in domain B, I don't see the Microsoft Exchange Security Groups OU. Actually, they do show up but in domain A. Given that when the upgrade is done, domain A will be removed, I guess I'll get into trouble. During the installation process, I've run: setup /PrepareLegacyExchangePermissions setup /PrepareSchema setup /PrepareAD setup /PrepareDomain setup /PrepareDomain:domainB then the GUI setup with no errors Any idea of what I've done wrong, and what to do now ? Can I re-run setup /PrepareAD, maybe with the OU name ? Thanks in advance Christian

The Exchange security groups are only created in one domain. You can move them to Domain B if you want however. That is supported in 2010. ( you may need to restart the System Attendant service afterwards on any 2010 server)

Thanks for the reply. For that purpose, should I use movetree.exe ?

You could. I do not know of any public document that describes the recommened way to do this, so if you encounter any issues after the moves, you may want to call PSS or call them before moving them if there is any concern that something may break. I do know it's supported however.

Hi, With Exchange Server 2010, it creates the Microsoft Exchange Security Groups organizational unit (OU) in the root domain of the forest and assigns specific permissions on this OU. It creates the following security groups within the Microsoft Exchange Security Groups OU: Delegated Setup Discovery Management Exchange All Hosted Organizations Exchange Servers Exchange Trusted Subsystem Exchange Windows Permissions ExchangeLegacyInterop Help Desk Hygiene Management Organization Management Public Folder Management Recipient Management Records Management Server Management UM Management View-Only Organization Management So if Domain A is the root domain, then I recommend you to post the issue in forum for Windows server to consult how to migrate data from root domain to other domain. Also I think it's better to call PSS to get better help. Microsoft Support http://support.microsoft.com/common/international.aspx?RDPATH=dm;en-us;select&target=assistance Similar thread to share with you: Is it possible to demote Root Domain http://social.technet.microsoft.com/Forums/en/winserverMigration/thread/a26b0399-479f-4596-befc-71d1b696be92 Regards, Xiu