ADSIEDIT second not-yet-used crashed exchange server out of AD?

Network Specialists
Network Specialists used Ask the Experts™
on
Exchange 2010 is on an older SBS 2011 server we are in the process of decommissioning.  I have a new DC already in place that is the FSMO holder, and I had installed an Exchange 2016 server on another 2016 Windows standard server.  So it's part of the topology, has its fingers all through AD, but timing hasn't allowed us to do the actual mailbox migration yet, so all mailboxes are still on the old server.

This weekend someone hacked an account and got ransomware going in their environment.  Not that big of a deal, they have a Datto on site, so the file shares on the domain controllers we could restore easily.  The SQL, Exchange, and terminal servers were infected though.  Easily enough to recover, the hack happened after the backups on Saturday night.

The SQL and Exchange were hyper-v guests, the terminal an older physical server.  

SQL was easy, I exported the VHDX file, mounted it in place of the corrupted one, booted up and we're going just fine.  Terminal, since it's older, and is being replaced in about 8 months, I decided to P2V, and that's now running just fine as a virtual guest on their host server (Windows 2019 standard for the Hyper-V host).  

But even Datto is totally unable to get the Hyper-V exchange server to boot.  I've done a dozen different things at their direction, exporting as Gen2 (which it was originally), Gen1, BIOS, UEFI, creating a new temp gen2 Hyper-V guest and doing a bare metal restore to it, doing a new temp gen1 Hyper-V guest and doing a bare metal restore to that.

Everything fails at boot.  I even did the boot edit to allow for "last known good" and safe mode and no driver detection, all still fails.

Looks like Datto gave up, no more response for about 20 hours and I've just been repeating variations of a theme today for all the above.

Originally I wanted it restored, then when they said they probably can't get it running as a Gen 2, but maybe as a Gen 1, I figured fine, at least then if it boots, I can uninstall Exchange to clean up AD, remove the server from the domain, delete the guest and VHD and start over.

But we can't get that going at all.

Now I'm wanting to simply remove it from AD to whatever extent I can.  I know that it can be messy when trying to remove a solo failed exchange and get AD cleaned out to allow a reinstall and such, but I've never had THIS situation.  Two Exchange servers, one that won't boot, but didn't actually DO anything yet, everything still running on the other mail server that's operating just fine.

Is this a situation that I can work through ADSIEDIT and prune references to the new server out without screwing things up?

Worst case scenario I can always use my Kernel for Exchange server, export everything to a PST, totally clean out AD of all Exchange, then do a "first install" of the new server and import the PST's, but I'd really rather do a migration.  

Can someone point me to which parts of the AD tree I can delete to remove the unused exchange server?  Or at least confirm that I don't want to do even that?

Going to keep trying the normal recovery here with the Datto, but if clearing out the dead server from AD won't be too bad of a deal, I'll save a lot of time and effort doing it that way.

Thanks for any ideas.

John
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Adam BrownSenior Systems Admin
Top Expert 2010

Commented:
Exchange does not recover well from VHD backups due to its extreme integration with AD. To recover, you will need to run Exchange setup again with the /restoreserver switch to get the replacement server to use the previous server's configuration settings at install. https://docs.microsoft.com/en-us/exchange/high-availability/disaster-recovery/recover-exchange-servers?view=exchserver-2019 goes over the whole process.

For the future, you need to make sure you're protecting things with anti-ransomware: https://www.techradar.com/news/the-best-free-anti-ransomware-tools

Author

Commented:
Ah, so I can just nuke the server from AD computers, ignore the exchange issue altogether, build a new server to put exchange on, then do the recovery install on the new server?  That sounds almost too easy for Microsoft...

We already HAVE many anti ransomware tools in place, but as anyone knows, nothing is 100%...  But in this case, that's especially true when someone hacks a clients apparently weak admin password and has full access to work around anything...  ;)
Senior Systems Admin
Top Expert 2010
Commented:
Ah, so I can just nuke the server from AD computers, ignore the exchange issue altogether, build a new server to put exchange on, then do the recovery install on the new server?

As long as it's the save version. Can't restore Exchange 2010 to Exchange 2013, etc.

Author

Commented:
Thanks.  Everything would be the same version.  Time to let Datto off the hook then and close the recovery ticket.

John
Adam BrownSenior Systems Admin
Top Expert 2010

Commented:
Basically, don't nuke the server object in ADUC, just reset it, create new server with the same name, run setup /recoverserver when installing exchange. If you do choose to nuke the server object, you'll need to clear out the server object in either AD Sites and Services (select view, choose show services node, then go to Microsoft Exchange and follow the path down til you find the servers node, expand that, delete the folder with the server name tied to it) or you'll have an orphaned object in there.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial