For security reasons, KMS does not allow you to import users
until they have been exported from another Key Management server.
To export users, you will need to know the location of the
importing server's certificate, which is determined in Save the KMS Certificate.
Important
As a precautionary measure, before exporting users, you should
back up your
KMS database.
On the Start menu, point to
Programs, point to Microsoft Exchange, and then click
System Manager.
In the console tree, click Advanced Security.
In the details pane, right-click Key Manager, point to
All Tasks, and then click Export Users.
In the Key Management Service Login dialog box, type
your password, and then click OK. The default password is
password.
Note You will have to re-type
your password each time you try to perform a task or click a tab in
the Key Manager Properties dialog box.
In Exchange KMS Key Export Wizard, on the Encryption
Certificate screen, type the path of the location of the
destination Key Management server's certificate, or click
Browse to navigate to it.
On the Certificate Thumbprint Verification screen, type
the first eight characters of the saved certificate's thumbprint.
This is a precautionary measure to ensure that the correct
certificate is being used.
On the Export Filename screen, type a file name for the
exported information. KMS will save this file to the exporting
server's Exchsrvr\KMSData directory.
On the User View Selection screen, perform one of the
following tasks:
Choose Display an alphabetic list of user names from the
global address book (the default), and then click Next.
All KMS users on the exporting server will be appear under
Available Users in the User Selection screen. Select
one or more users, and then click Add to move them to the
Selected users column. You can click Details to view
security-specific information about a particular user, such as
enrollment status. Click Next when done selecting
users.
To export a group of users, choose Display mailbox stores,
Exchange servers, and administrative groups of eligible users,
and then click Next. The administrative groups for your
organization will appear on the User Container Selection
screen. Click to expand the appropriate administrative group, and
continue expanding as needed until you can select the desired node
for export. All users in the node you select, and all of its
sub-nodes, will be exported when you click Next.
After the export process is complete, you will get a summary
screen displaying how many users were exported. The following table
describes the different exportation possibilities:
Status
Description
Users could not be revoked (still
exported)
When users are exported, their
certificates are revoked. This field indicates the number of users
who could not have their certificates revoked, most likely because
KMS could not contact the Certificate Services server. Though users
were removed from the KMS database and exported, you should make
sure the old certificates are revoked before these users' keys are
recovered on the destination Key Management
server.
Users had no key history (deleted but
not exported)
This field indicates the number of
users who were in the KMS database, but have not been issued keys.
For example, these are users who were given an enrollment token but
never used it, or users that were removed from the server's KMS
database but not exported. These users can be issued new tokens on
their new server.
Total users exported
This field indicates the number of
users that were successfully exported.