Thread: [SOLVED] Massive migration using imapsync, don't know users passwords
View Single Post
  #2 (permalink)  
Old 11-02-2007, 08:43 PM
mmorse mmorse is offline
Moderator
  
Posts: 6,236
Default
Welcome to the forums,

Don't worry, you definitely got other methods than making people admins!

If supported on both ends you should be able to use imapsync plain auth.

So what your seeing is that the admin accounts in the most recent versions automatically have fallback auth set incase your external AD auth is unavailable or configured improperly.
If you've already set up this domain against the AD for auth you could alternatively enable fallback auth for everyone on it:
Code:
 zmprov md migration.domain.com zimbraAuthFallbackToLocal TRUE
Then 'cut' your connection to the AD box.

Some create a domain with local auth just for migration - you can do this from the admin gui of course, but the commands are:
Code:
 zmprov cd migration.domain.com zimbraAuthMech zimbra
When you provision the accounts don't make the password too easy, because even though you're going to use the AD later (&/or change fallbackauth back) it's still not a good idea to have simple pass (you would use ‘’ for like a null if your just going to use AD the whole time)
Code:
zmprov ca user@migration.domain.com password
Obviously you will have more on these lines for account names etc, see:
Zmprov - Zimbra :: Wiki
Zmprov Examples - Zimbra :: Wiki
Bulk Provisioning - Zimbra :: Wiki

So now you have both the shadow accounts & zimbra accounts with known passwords.
Then imapsync from unix boxes (user@domain.com) > zimbra boxes (user@migration.domain.com)

And script a rename of the accounts to the main domain that uses external auth (& no fallback):
Code:
zmprov ra user@migration.domain.com user@domain.com
When your all done just delete that migration.domain.com

---
Note if you are on the Network Edition:
After the account renames they might not make it in-to incremental backups until the next system full backup; either automatic or if you manually start one.
I can't imagine we're talking 2.5K users with more than 10TB, but if you can't do a full system wide backup too often because of disk or tape capacity storage reasons etc; and this is going to be a long migration timeline, you can do them individually:
zmbackup -f -s server.domain.com -a user@domain.com
(server being the mailstore they happen to be on)
Last edited by mmorse; 11-05-2007 at 11:08 PM..
Reply With Quote