OK let's not get into the why so much as I've spent hours on the phone with Microsoft, and others. The conclusion is that the Domain Controller that Exchange resides on (not recommended for precisely this reason), is corrupt beyond repair. I can't remove the DC role as exchange still exists. I'm going on 3 months limping along, and even the Exchange install still has legacy x400 public folders and crap we don't want/need. Even if I could somehow patch it back together I think a fresh start may be the better option here.
So this isn't so much a question, as it is a request for validation of my steps.
1. Dismount the mailboxes, and be sure they go down Clean. Backup the EDB files.
2. Uninstall Exchange via add/remove. Since AD replication is not happening I will likely have to manually remove from the other DC using the below steps.
2. Open ADSIEDIT
3. Right Click on ADSIEdit and Click Connect to
4. Connect to “Default Naming Context”
5. Navigate to the following objects and Delete them.
DC=Domain,DC=Com -> OU=Microsoft Exchange Security Groups
DC=Domain,DC=Com -> CN=Microsoft Exchange System Objects
6. Right Click on ADSIEdit and Click Connect to
7. Connect to “Configuration”
8. Navigate to the following objects and Delete them.
CN=Configuration,DC=Domain,DC=Com -> CN=Services -> CN=Microsoft Exchange
CN=Configuration,DC=Domain,DC=Com -> CN=Services -> CN=Microsoft Exchange Autodiscover
3. Once I verify that exchange is truly gone. Remove the AD role as well. Again probably won't go away cleanly so I'll follow http://support.microsoft.com/kb/555846
in the event it doesnt.
Once both the DC and exchange are no longer in the domain. I'll start the rebuild.
1. Install new exchange server. It is going into a new VM, and I planned to put all the roles on one. We won't be doing a DAG ever as in the next 6 months I will be moving people to a hosted solution probably Office365. One question here is there any reason not to give the new box the same IP and name as the old one? If I've verified by ADSI edit that it is truly gone. This will just save some work on apps that use SMTP to send email either by name or address.
2. Once installed create an empty mailbox for all the users that had one before.
3. Setup OWA, and reissue certs, and set up internal relays for other app servers.
4. Mount EDB's that were backed up during uninstall as Recovery DB and restore.
5. Finally get a full night's sleep.
Does anyone see any glaring issues here?