Exchange 2010 is on an older SBS 2011 server we are in the process of decommissioning. I have a new DC already in place that is the FSMO holder, and I had installed an Exchange 2016 server on another 2016 Windows standard server. So it's part of the topology, has its fingers all through AD, but timing hasn't allowed us to do the actual mailbox migration yet, so all mailboxes are still on the old server.
This weekend someone hacked an account and got ransomware going in their environment. Not that big of a deal, they have a Datto on site, so the file shares on the domain controllers we could restore easily. The SQL, Exchange, and terminal servers were infected though. Easily enough to recover, the hack happened after the backups on Saturday night.
The SQL and Exchange were hyper-v guests, the terminal an older physical server.
SQL was easy, I exported the VHDX file, mounted it in place of the corrupted one, booted up and we're going just fine. Terminal, since it's older, and is being replaced in about 8 months, I decided to P2V, and that's now running just fine as a virtual guest on their host server (Windows 2019 standard for the Hyper-V host).
But even Datto is totally unable to get the Hyper-V exchange server to boot. I've done a dozen different things at their direction, exporting as Gen2 (which it was originally), Gen1, BIOS, UEFI, creating a new temp gen2 Hyper-V guest and doing a bare metal restore to it, doing a new temp gen1 Hyper-V guest and doing a bare metal restore to that.
Everything fails at boot. I even did the boot edit to allow for "last known good" and safe mode and no driver detection, all still fails.
Looks like Datto gave up, no more response for about 20 hours and I've just been repeating variations of a theme today for all the above.
Originally I wanted it restored, then when they said they probably can't get it running as a Gen 2, but maybe as a Gen 1, I figured fine, at least then if it boots, I can uninstall Exchange to clean up AD, remove the server from the domain, delete the guest and VHD and start over.
But we can't get that going at all.
Now I'm wanting to simply remove it from AD to whatever extent I can. I know that it can be messy when trying to remove a solo failed exchange and get AD cleaned out to allow a reinstall and such, but I've never had THIS situation. Two Exchange servers, one that won't boot, but didn't actually DO anything yet, everything still running on the other mail server that's operating just fine.
Is this a situation that I can work through ADSIEDIT and prune references to the new server out without screwing things up?
Worst case scenario I can always use my Kernel for Exchange server, export everything to a PST, totally clean out AD of all Exchange, then do a "first install" of the new server and import the PST's, but I'd really rather do a migration.
Can someone point me to which parts of the AD tree I can delete to remove the unused exchange server? Or at least confirm that I don't want to do even that?
Going to keep trying the normal recovery here with the Datto, but if clearing out the dead server from AD won't be too bad of a deal, I'll save a lot of time and effort doing it that way.
Thanks for any ideas.