Solved

Demote and remove exchange from old server

Posted on 2014-03-21
20
933 Views
Last Modified: 2014-04-08
I have an old server that has been offline for more than 6 months. Now I need to cleanup my network to get this server removed as a DC and Exchange server. The server is Windows Server 2003, the current DCs are 2008 R2.
I have confirmed that the network is set to a Server 2003 functional level.

When I try to 'dcpromo' the server, or 'Replicate Now' in AD Sites and Services, I received one of the two following errors:

The RPC Server is unavailable.

or

Insufficient attributes were given to create an object. This object may no exist because it may have been deleted and already garbage collected.

I have already tried 'repadmin /removelingeringobjects...'
I have disabled the setting for Strict Replication on the old server

How can I get the old server replicated or at least able to demote adn remove exchange cleanly?
0
Comment
Question by:jjwolven
  • 8
  • 7
  • 4
  • +1
20 Comments
 
LVL 35

Accepted Solution

by:
Mahesh earned 250 total points
ID: 39946578
There is no point to bring this server online

There are two things you need to do
1st just cleanup metadata from active directory for failed server with ntdsutil
http://support.microsoft.com/kb/216498

another thing, Exchange 2003 (I guess it is Exchange 2003) need to be  cleanup from adsiedit.msc

I hope you have only exchange 2003 server that is dead and you may be on Exchange 2010
http://support.microsoft.com/kb/833396
http://technet.microsoft.com/en-us/library/gg576862(v=exchg.141).aspx

Mahesh
0
 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 39946579
Hi,

"old server that has been offline for more than 6 months", that means it has passed the tombstone life period. so it will not replicate for sure.

Are you not using exchange any more ?
0
 

Author Comment

by:jjwolven
ID: 39946683
The old server has Exchange 2007.
This is a new client, so the old IT people aren't talking, so I'm not sure.
The old server is in DNS as an exchange server, but there is also another server that is the (current) Exchange server (Exchange 2010)
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 39947092
Since you are able to work with Exchange 2010 and Exchange 2007 being offline, I don't see any harm in removing Exchange 2007 from ORG

Process for active directory cleanup remains same as stated earlier

Just make ensure that all of your users mailbox on Exchange 2010 and then you can remove the server
The above TechNet article is applicable to Exchange 2003 and 2007 also
Also check below links
http://arstechnica.com/civis/viewtopic.php?f=17&t=219725
http://social.technet.microsoft.com/Forums/exchange/en-US/b365aa9b-350f-481a-9222-9e5595946da8/how-to-remove-exchange-2007-from-ad-manually

Mahesh
0
 
LVL 11

Assisted Solution

by:NetoMeter Screencasts
NetoMeter Screencasts earned 250 total points
ID: 39947099
If you are going to remove the Exchange 2007, you can try to demote the old DC using "Dcpromo /forceremoval".

Demoting/Promoting a Domain Controller with Exchange server is not supported, but in your case you are planning to remove the machine from the network anyway. Instead of proceeding right away with ADSIEdit, I would rather try demoting the DC first.

Once you have the DC demoted, clean AD. This includes:
- Check with NTDSUTIL and perform metadata cleanup if necessary
- Check and remove the old DC server object in Sites and Services snap-in (if it's still listed there)
- Check whether the DC is still listed in the Name Servers in the AD integrated DNS zone and remove it
- Make sure that DHCP and static IP clients are not pointing to this server as DNS server (primary, secondary, tertiary position)

Then, you can proceed with uninstalling the Exchange 2007 server.
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 39947148
@NetoMeter:

You should not demote Dc 1st
Its not supported, you need to demote exchange 1st

Since server is out of network more than 6 months, you will not get any benefit by taking it online, even if you take online your 2008 R2 ad will not entertain \ communicate it
What i mean to say if you try to uninstall Exchange 2007 by taking server online, changes invoked by Exchange uninstallation process will not be accepted by 2008 R2 active directory due to outdated data (lingering data) and nothing will be removed from live 2008 R2 AD
Further more running dcpromo /forceremoval will just remove AD from itself and again nothing is communicated to live AD (That is why it is called forceremoval), so what possible difference \ benefit you can make by taking server online and running  forceremoval switch as opposed to keeping it offline and directly cleanup metadata ?
You will not achieve any thing by taking server online...

Hence I'd suggest that just  remove every thing from adsiedit and make AD clean as far as possible

Mahesh
0
 
LVL 11

Expert Comment

by:NetoMeter Screencasts
ID: 39947163
There are two options:
1. Use ADSIEdit to clean manually AD.
2. Try to gracefully remove the old DC and then decommision the old Exchange 2007.

If option 2 fails, you can proceed with option 1.

Now, it doesn't matter that dcpromo on exchange server is not supported as this server will be removed one way or another. The forced DC removal will work for sure, and you should be aware of this, Mahesh.

There will be no replication with this DC anymore as it is demoted. At that point, if Exchange 2007 connects successfully to the existing and functioning DC/GC that's fine - JJWOLVEN can proceed with the Exchange 2007 decommissioning. If this doesn't happen, he can proceed with removing the Exchange 2007 object in ADSIEdit.

The point is, that Exchange information is stored in Active Directory. If Exchange 2007 connects to the functioning DC and the old DC is gone (force removed), there is a chance for a nice and smooth Exchange removal and it's worthy the try.

Again, option 1 is always available, and you can just unplug the server and proceed with ADSIEdit.
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 39947302
If you run dcpromo /forceremoval 1st, your Exchange 2007 installation will break definitely
Then there is no clean uninstall of exchange 2007

Now if you try to uninstall Exchange 2007 1st, you may get connected to working GC\DC, but chances are very rare and its highly possible that exchange uninstallation will fail due to fact that Ad and Exchange is installed on same box (Real pain) where AD is already dead on the box

Hence removal of Exchange and AD from Adsiedit is the best possible option which will save the time and uninstallation attempts and troubleshooting
The old box is already going to be scrap
So instead of playing with that why don't one can remove it from adsiedit diretly
0
 
LVL 11

Expert Comment

by:NetoMeter Screencasts
ID: 39947325
#If you run dcpromo /forceremoval 1st, your Exchange 2007 installation will break definitely
#Then there is no clean uninstall of exchange 2007

That's not true :) Where did you get the "definitely" part, Mahesh?

#why don't one can remove it from adsiedit diretly

I've already explained that - point 1 and 2.
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 39947356
You can run Exchange Server 2003 on either a member server or on a domain controller. After you install Exchange Server 2003 on a server, do not change the role of the server. For example, if you install Exchange Server 2003 on a member server, do not use the Dcpromo tool to promote the server to a domain controller. Or, if you install Exchange Server 2003 on a domain controller, do not use the Dcpromo tool to demote the server to a member server. Changing the role of a server after you install Exchange Server 2003 may result in loss of some Exchange functionality and is not supported

Reprinted from below article and i believe it will remains true for all next exchange versions up to Exchange 2013
http://support.microsoft.com/?kbid=822179

Check more article on same topic:
http://smtp25.blogspot.com/2009/08/exchange-2007-installed-on-domain.html
http://www.petri.co.il/forums/showthread.php?t=28009
http://technet.microsoft.com/en-us/library/aa997407(v=exchg.80).aspx

Mahesh
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 
LVL 11

Expert Comment

by:NetoMeter Screencasts
ID: 39947369
That's exactly what I've said - it is not supported. I've done it and a lot of people have done it as well.

This server is about to be removed. You don't care about loss of data from it. One way is to try and remove it the right way - Point 2, the other way is to unplug it and use ADSIEdit - Point 1 (which you can always resort to).
0
 

Author Comment

by:jjwolven
ID: 39951713
I tried uninstalling exchange and could not find the uninstall files.  I browsed and found then, but received the following error:
Please use the Control Panel to change your Microsoft Exchange Server installation.

My uninstall was through the Control Panel
0
 
LVL 11

Expert Comment

by:NetoMeter Screencasts
ID: 39952647
That's fine. Did you demote the DC first?
0
 

Author Comment

by:jjwolven
ID: 39953710
I tried, but cannot. I receive the following error:

Insufficient attributes were given to create an object. This object may no exist because it may have been deleted and already garbage collected.
0
 
LVL 11

Expert Comment

by:NetoMeter Screencasts
ID: 39953854
Too bad! What I suggested is, running "dcpromo /forceremoval".

If you've uninstalled the Exchange server before demoting the Domain Controller,  then you've wasted your opportunity for a graceful decommissioning of the old Exchange server.

Just unplug the server and proceed with option 1 - use adsiedit to clean AD  from the DC and Exchange server.
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 39954206
Have you got succeeded to uninstall Exchange server ?
I guess it is uninstalled gracefully only

It now doesn't matter whether you remove server directly from network or you could run dcpromo /forceremoval

No matter how you remove the server, you need to cleanup metadata with ntdsutil for failed server because forceremoval switch will remove AD from local server only
0
 
LVL 11

Expert Comment

by:NetoMeter Screencasts
ID: 39957132
#No matter how you remove the server, you need to cleanup metadata with ntdsutil for failed
#server because forceremoval switch will remove AD from local server only

Again, that's not true, Mahesh. The current DCs are 2008 R2. If you want to update your knowledge on this topic, you might find helpful the following link:

http://technet.microsoft.com/en-us/library/cc816907%28WS.10%29.aspx#bkmk_graphical

This means that you need to simply delete the removed DC in ADUC (Active Directory Users and Computers) - Metadata Cleanup is performed automatically in this case.

In addition, you need to delete the Server Object in Sites and Services and make sure it is not listed as a Name Server (removing it from the name servers list should be done automatically as well).
0
 

Author Comment

by:jjwolven
ID: 39957326
I have not been able to get Exchange uninstalled.
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 39958218
@Netometer:
The process you mentioned is technically called Metadata cleanup only, no matter in which way you do it
The point here is that you need to cleanup metadata and not how to do metadata cleanup.

@JJWolven:
The best way to deal with your situation is like I said earlier just cleanup every thing from ADSIEdit

Mahesh.
0
 
LVL 11

Expert Comment

by:NetoMeter Screencasts
ID: 39958423
The point is, that recommending NTDSutil metada cleanup in this particular case - Server 2008 DCs, is plain stupid.
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now