Here’s an interesting problem that will come up for you from time to time when doing Exchange server migrations. If you go to move mailboxes using the mailbox migration wizard built into Exchange, you’ll find that the wizard will fail on moving any mailboxes that have had their Active Directory account disabled. This can be a problem especially if you still want to keep that e-mail in your new Exchange server because you plan on re-enabling that account at a later date.
The reason this happens is because when you disable a mailbox you might lose the msExchMasterAccountSID attribute off of the account. To fix this you can just regenerate this attribute. It’s fairly easy to do. Just go into the account in the Active Directory Users and Computers console and go to the properties of the account. Then you can go to the Exchange Advanced tab and click on Mailbox Rights. In there you will find the SELF object listed as one of the users and then just add the Associated External Account permission to it.
This will fix the problem however you will have to wait for a long time before you can move the mailboxes again. According to Microsoft you might have to wait up to at least 2 hours before the mailboxes will be ready to move due to directory replication and Exchange cache refresh latencies. But then once you wait and come back, you will see that the mailboxes move like a charm.
This doesn’t help you however if you have a billion disabled mailboxes to move. Going into each mailbox individually and modifying it could literally take forever and a day. So instead Microsoft has a way for you to do it for large amounts of disabled accounts. You can find their instructions here in their knowledgebase article. Happy migrating!