Configuring Security

Export and Import Users

In previous versions of Exchange, moving a user from one Key Management server to another was a complicated process. Users were requested to decrypt their existing e-mail before moving, for example, and old keys could not be recovered. In Exchange 2000, KMS features the ability to export and import users within your organization, either individually or in groups, with administrative ease.

Important   As a precautionary measure, the KMS database should be backed up before exporting and importing users. For complete information, see Back Up and Restore Exchange.

Exchange KMS Key Export/Import Wizard provides clear instructions for exporting and importing users and simplifies the process for administrators. The following security measures are built into the KMS exporting/importing process:

Note   Only users running Outlook 2000 SR1 can be exported.

To export and import KMS users from one Key Management server to another:

  1. Save the KMS Certificate
  2. Export Users
  3. Import Users
  4. Recover Keys

Important   To avoid potential system complications, move a user's mailbox within 24 hours of importing their Advanced Security information to another server. You should not attempt to revoke certificates or recover keys for users until their mailboxes have been moved and their keys have been successfully imported.