Remove Active directory from Exchange 2010

To demote your 2012 server with Exchange installed on it from being a Domain Controller, follow the steps in this article: http://technet.microsoft.com/en-au/library/jj574104.aspx

I would remove all the AD DS related roles and features as well:
- Active Directory Module for Windows PowerShell feature
- AD DS and AD LDS Tools feature
- Active Directory Administrative Center feature
- AD DS Snap-ins and Command-line Tools feature
- DNS Server
- Group Policy Management Console

Microsoft does not support having Exchange installed on a 2012 DC so it's a good thing you're doing this now, however it still may not fix your Exchange issues. See how you go after you demote the DC.

VB ITS; thanks for your information; are you sure this can be done as non-destructive for my exchange environment on that same server ?

NO IT CAN NOT. It is not supported by MS

VB ITS: Exchange 2010 with minimal sp3 is supported on Windows 2012 ?

VB ITS; thanks for your information; are you sure this can be done as non-destructive for my exchange environment on that same server ?

Honestly I can't tell you as I've never seen Exchange installed on a 2012 DC before, simply because it's not supported by Microsoft.

Take a backup of the server and your other DC before making any changes to AD.

VB ITS: Exchange 2010 with minimal sp1 is supported on Windows 2012 ?

Nope, only Exchange 2010 SP3 is supported on Server 2012.

VB ITS: see this article from Microsoft:

http://blogs.technet.com/b/exchange/archive/2012/09/25/announcing-exchange-2010-service-pack-3.aspx

"Support for Windows Server 2012: With Service Pack 3, you will have the ability to install and deploy Exchange Server 2010 on machines running Windows Server 2012."

Answering a question on Experts exchange and then when questioned saying "Honestly I can't tell you as I've never seen Exchange installed on a 2012 DC before, simply because it's not supported by Microsoft."  Is not REALLY an expert comment.

VB ITS:

Now I understand before repsonse to fast;

1) Exchange 2010 sp3 is supported to install on a windows 2012 server but

2) Active driectory is NOT supported to install on Exchange 2010 server

You originally asked about Exchange 2010 SP1 :)

I'll assume it was a typo. Yes, as stated in my previous reply Exchange 2010 SP3 is fully supported on Server 2012.

You can also see the Supported operating system platforms matrix in this link for verification: http://technet.microsoft.com/library/ff728623(v=exchg.150).aspx

VB ITS:

Now I understand before repsonse to fast;

1) Exchange 2010 sp3 is supported to install on a windows 2012 server but

2) Active driectory is NOT supported to install on Exchange 2010 server

Correct.

@MAS I'm not sure how successful that will be given that his current Exchange environment appears to be having issues talking to AD.

VB ITS: it was my mistake (wrong servicepack). Confusion fixed ;)

OK; experts: so what we need to do:

1) Backup exchange server with AD and backup other Domain controller (create image)
2) remove active directory from exchange server
3) remove exchange from server
4) install "fresh" exchange server on same server


My questions:

1) What tools do you use to backup the mailboxes and rules created (signatures, automatic replies etc.)
2) When I remove Exchange everything is lost and i need to create new mailboxes per user and import the pst backup to it. Other things to keep in mind ?

Thanks

Just sticking my $0.02 in to the mix.

Neilsr is totally correct - you will break Exchange if you Demote or Promote a server with Exchange already installed in it.

Following MAS's advice would be the best way forward for you.

VB_ITS - your advice (if followed here) would have resulted in Exchange being massively broken.  Please stick to answering questions where you have the knowledge to answer them rather than using a search engine to try and answer them for you.

Alan

Try the steps in MAS's comment first.

If you can move the mailboxes over to the new Exchange server then great, no need to worry about the above.

MAS: problem is  when I reboot the first server with AD on it and afterwards the second server with exchange and active directory everything is ok for 2 days. But some strange things happen ;

1) The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server (domaincontroller). The target name used was domain\domaincontroller. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Ensure that the target SPN is only registered on the account used by the server. This error can also happen if the target service account password is different than what is configured on the Kerberos Key Distribution Center for that target service. Ensure that the service on the server and the KDC are both configured to use the same password. If the server name is not fully qualified, and the target domain (domainname) is different from the client domain (domainname), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.

2) The average of the most recent heartbeat intervals [482] for request [Ping] used by clients is less than or equal to [540].
Make sure that your firewall configuration is set to work correctly with Exchange ActiveSync and direct push technology. Specifically, make sure that your firewall is configured so that requests to Exchange ActiveSync do not expire before they have the opportunity to be processed

3) This happended when there was a time difference of 4 hours between de Active Directory Server and Exchange server with also AD on it.

4) We also do not have mappings anymore at the client site; only ip addresses pointing to the server are possible in stead of domainname\foldername

5) When I create a new dns name; after the errors it disappears in AD.

So it looks like hudge AD problems.

Any suggestions at the above mentioned errors ?

"3) This happended when there was a time difference of 4 hours between de Active Directory Server and Exchange server with also AD on it."

There should never be a time difference between computers in an Active Directory environment.  Allways use Windows Time Sync between all servers/workstations and the PDC Emulator.

AD/Kerberos will break if there is more than around 5 mins of time differential.

You need ALL machines to have the same exact date/time on them.

@this_is_is
The question that you asked was answered with my first post.  You can not do it.

What you are asking now is issues with server connectivity and probably replication and should be asked in a separate question.

Th assignment of points here is totally wrong.  The Answer was provided by myself right at the beginning.  YOU CAN NOT UNINSTALL AD On an exchange server.

Neilsr - I agree with you.  As you have already raised an RFA - it should get handled in there.

Mods - IMHO comment http:#40557615 should be awarded the lion's share of the points.

Neilsr; part of the question is: if it is possible or not. Your first answer is also an answer (not possible) but I was looking for a possible solution to fix this problem.

MAS has offered 3 different solutions to get the work done, so he gets my points.

Apart from that rating is good not excellent. Please let us know if you are not clear on our comments so it will help you in future.
Please request admin to open the question (by clicking "Request Attention") for you and reassign the points and rating.

@thisis_it - I would have at least awarded some points to Neilsr then - awarding him nothing is a slap in the face for providing you with an answer that is correct.  If you had followed other expert's advice e.g., demoting the server, you would be in a really bad way right now.

Alan

Alan; you are right; how can i reopen this one and change my points ?

Agree with Alan and Neilsr.  Nelsr deserve points.
Click on "Request Attention" and request admin to open the question for you.

Neilsr: sorry; you also earn point. I have asked to reopen this question.

Ok; thanks for assisting.

My pleasure.