Solved

AD replication tombstone - exchange query

Posted on 2008-06-11
5
414 Views
Last Modified: 2010-04-21
We have had a replication failure and the server in question has gone into stand alone mode.  i have searched these pages and the received wisdom is to demote the server, clear off any reference to the AD on it (plus the primary DC) and then re-promote and start replication.

this is fine.  however - the server in question is also our exchange server for that site, and i would appreciate some reassurance that doing what i have outlined above wont interfer with exchange operations?

Its a windows 2003 server with exchnage 2003 on it as well.
Many thanks in advance

alex
0
Comment
Question by:Brookdaleal
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 16

Expert Comment

by:Redwulf__53
ID: 21760194
You don't have any choice...
Your Exchange services should survive the operation.
Well, since it is never recommended to combine AD and Exchange (and now you know why), you might consider adding a new server as domain controller after you demote the Exchange server, instead of promoting it again.
0
 

Author Comment

by:Brookdaleal
ID: 21760297
thanks for the quick reply!  
If i demoted this server, it would leave the Primary domain controller on that site (called server A) and this server as a member server, and third member server running SQL (server C)
would you suggest promoting serve C or could we just leave the PDC (server A) on its own?
i guess the risk is that if the PDC goes down, there's no-one else around to run the shop?

thanks!
alex
0
 
LVL 16

Accepted Solution

by:
Redwulf__53 earned 300 total points
ID: 21760558
Thinking about it a bit more, you may run into a couple of problems.
I suggest following this method for safest result:
-Disconnect the Exchange box from the network
-Make sure server A holds all FSMO roles (seize the roles if necessery)
-On server A: in AD Users& Computers, move the server B account to the Computers OU, and remove the membership from the "Domain Controllers" Group.
-On server A: in AD Sites And Services, remove all references to Server B
-On server A: in DNS, remove all records referring to server B
-Do not delete the computer account from AD, as Exchange server is linked to that account!
-Stop all Exchange services and set startup type to "disabled"
-Run DCPromo, and mark the server as last domain controller in the domain.
-Restart. The server will now be stand-alone
-Reconnect the server to the network, and make it member of the domain (again). It should now reconnect to its still existing account in AD, so it's exchange server group memberships should still be intact.
-Start the Exchange services.

Good luck!

PS about redundancy: combining AD with SQL may also not be a good idea... especially if you need high availability of either... ultimately it's your own choice, but now you've experienced it's not a good idea to combine roles, you may convince your managers to invest in another Windows license. If you virtualize it, the additional hardware cost would be minimal.

0
 

Author Comment

by:Brookdaleal
ID: 21761015
thanks for the pointers!

i dont plan to do this until either tomorrow night or the weekend when people are off line... whats the EE protocol on closing this question before testing out... can i leave open for a few days in case i have further questions?
thanks
alex
0
 

Author Closing Comment

by:Brookdaleal
ID: 31466154
there were some really useful caveats here - and some good general advice about server setup.  thanks for the help!
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
There are times when we need to generate a report on the inbox rules, where users have set up forwarding externally in their mailbox. In this article, I will be sharing a script I wrote to generate the report in CSV format.
how to add IIS SMTP to handle application/Scanner relays into office 365.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question