Link Active Directory and SBS Server management after a NDR attack.

Posted on 2005-04-12
Last Modified: 2013-12-03

One of my customers has a Windows 2003 SBS server. Problems occured when they had some form of attack on the server where it started to relay mail to 895 people 895 times!! One of the recipients was the main address of the customer@domain so this e-mail kept returning and the server was being a relay..

After stopping the SMTP & POP services, broadband came back up with an acceptable response time. However, on following the details as laid out in the Microsoft KB, we had to delete the mailstore which the customer had no problems with as they do not keep e-mails after they have been responded to and all information is held within their own business process software.

Here is the problem now.....

The users still show up in Server Management but there are no entries for them in Active Directory. Adding a new user through Server management is OK but all the settings that the users have are lost as we need to create a new computer for them. When they then login it is taking about 15 - 20 minutes.

The question that I have, is it going to be quicker and cleaner to perform a re-install of SBS after a full wipe of the server or are there any tools available to help  us in getting this customer up and running quickly with minimum data loss?

How do we link the Active Directory so that the users appear in there with Exchange? If I try and add user Carol again into the AD, it states that she already exists but she does not appear!!

Help would be really appreciated on this one as I'm out of my depth here.

Question by:tpsheehan
    LVL 21

    Assisted Solution

    A restore of a backup should be the fastest solution.

    If there is none, you should back it up now to save what is left. After that, try a Active Directory Recovery via the boot menu (press F8 during boot until the menu appears)...

    Hope that helps...

    Author Comment

    Customer is using online backups for just their business process system and did not want to backup the system state with the additional costs associated with that so I can't do a restore of the system state.

    We are talking about putting in a replacement server to give us time to get to the bottom of the problem to keep the customer happy.

    Will try the F8 option when we have swapped out the server. Any other idea's floated will all be considered.


    LVL 9

    Expert Comment

    If you get an answer indicating that a user exist when trying to create it then they maybe have been moved into another OU. Try to make a search on a few users that you know should exist and see where they are stored in AD. Also a user that appears in Exchange have to appear in AD if we talking Exchange 2000+ since there is no separate storage for users in Exchange

    Author Comment

    Had to go to a funeral so haven't done anything els eon this yet. I'm going to do a server swapout tomorrow and have a play with their server tomorrow afternoon.

    Will try the search solution first to see if we can find the users - if not will try the F8 solution.

    LVL 9

    Accepted Solution

    Just a comment about what JBlond suggests, you are aware of that he is suggesting a Active Directory restore. That mean that you need to have a good backup of your system state to be able to perform that.
    Can you also explain more what you mean that you see the users in server management but not AD. Do you have Exchange 5.5?

    Author Comment

    Tried the above but ended up having to do a re-install of the server. Thanks for your advice anyway.


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    6 Surprising Benefits of Threat Intelligence

    All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

    Preface Having the need * to contact many different companies with different infrastructures * do remote maintenance in their network required us to implement a more flexible routing solution. As RAS, PPTP, L2TP and VPN Client connections are no…
    I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
    Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now