troubleshooting Question

Removing Exchange 2010 on a Domain Controller

Avatar of bhieb
bhieb asked on
Active DirectoryExchange
12 Comments1 Solution1388 ViewsLast Modified:
OK let's not get into the why so much as I've spent hours on the phone with Microsoft, and others.  The conclusion is that the Domain Controller that Exchange resides on (not recommended for precisely this reason), is corrupt beyond repair. I can't remove the DC role as exchange still exists.  I'm going on 3 months limping along, and even the Exchange install still has legacy x400 public folders and crap we don't want/need. Even if I could somehow patch it back together I think a fresh start may be the better option here.

So this isn't so much a question, as it is a request for validation of my steps.

1. Dismount the mailboxes, and be sure they go down Clean. Backup the EDB files.
2. Uninstall Exchange via add/remove. Since AD replication is not happening I will likely have to manually remove from the other DC using the below steps.

3. Right Click on ADSIEdit and Click Connect to

4. Connect to “Default Naming Context”

5. Navigate to the following objects and Delete them.

DC=Domain,DC=Com -> OU=Microsoft Exchange Security Groups 

DC=Domain,DC=Com -> CN=Microsoft Exchange System Objects

6. Right Click on ADSIEdit and Click Connect to

7. Connect to “Configuration”

8. Navigate to the following objects and Delete them.

CN=Configuration,DC=Domain,DC=Com -> CN=Services -> CN=Microsoft Exchange

CN=Configuration,DC=Domain,DC=Com -> CN=Services -> CN=Microsoft Exchange Autodiscover

3. Once I verify that exchange is truly gone. Remove the AD role as well. Again probably won't go away cleanly so I'll follow in the event it doesnt.

Once both the DC and exchange are no longer in the domain. I'll start the rebuild.

1. Install new exchange server. It is going into a new VM, and I planned to put all the roles on one. We won't be doing a DAG ever as in the next 6 months I will be moving people to a hosted solution probably Office365.  One question here is there any reason not to give the new box the same IP and name as the old one? If I've verified by ADSI edit that it is truly gone. This will just save some work on apps that use SMTP to send email either by name or address.

2. Once installed create an empty mailbox for all the users that had one before.

3. Setup OWA, and reissue certs, and set up internal relays for other app servers.

4. Mount EDB's that were backed up during uninstall as Recovery DB and restore.

5. Finally get a full night's sleep.

Does anyone see any glaring issues here?
Join our community to see this answer!
Unlock 1 Answer and 12 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 12 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros