Export and Import Users

In previous versions of Exchange, moving a user from one Key Management server to another was a complicated process. Users were requested to decrypt their existing e-mail before moving, for example, and old keys could not be recovered. In Exchange 2000, KMS features the ability to export and import users within your organization, either individually or in groups, with administrative ease.

Important   As a precautionary measure, the KMS database should be backed up before exporting and importing users. For complete information, see Back Up and Restore Exchange.

Exchange KMS Key Export/Import Wizard provides clear instructions for exporting and importing users and simplifies the process for administrators. The following security measures are built into the KMS exporting/importing process:

• You cannot move users from a Key Management server until you specify the destination (importing) Key Management server.
• Users cannot be imported until they have been exported from another Key Management server.
• All information is exported in an encrypted file. This exported file can be imported only by the designated destination Key Management server. (To undo your actions, the file can also be imported by the server that originally exported it.)
• Before you begin, you must save the certificate of the destination Key Management server. This certificate is used to encrypt all exported Advanced Security information.

Note   Only users running Outlook 2000 SR1 can be exported.

To export and import KMS users from one Key Management server to another:

1. Save the KMS Certificate
2. Export Users
3. Import Users
4. Recover Keys

Important   To avoid potential system complications, move a user's mailbox within 24 hours of importing their Advanced Security information to another server. You should not attempt to revoke certificates or recover keys for users until their mailboxes have been moved and their keys have been successfully imported.