Solved: Second domain controller with Exchange 2007 have a...

eaus · ‎05-11-2016

Setup:

SRV1 = 2003 R2 domaincontroller

SRV2 = 2003 R2 domaincontroller with Exchange 2007 SP3

Scenario:

After some sort of disk crash on SRV2 it reports event ids 1084 and 2108, and isn't synchronizing with the other domain controller anymore. E.g. I have to reset a users password on both SRV1 and SRV2, however mail flow etc. is working fine.

After the crash I created a virtual thrid domaincontroller and set it to only replicate -from- SRV1, just in case..

Possible solution?

The crash happened around 25-26th of April, and my latest full backup of the server was on April 16th. Is it possible to restore system state from April 16th to the SRV2 DC/Exchange-server in question, and will it then synchronize with the other DCs rightfully afterwards? WITHOUT losing any AD/Exchange data?

Could I simply copy the NTDS.DIT from a working domain controller?

I have found some documents regarding actually demoting the domain controller functionality of a DC running Exchange 2007, could this be my best option?

Fresh install of Exchange 2010 on a new server and start migrating? This is last resort because we may very well be moving to Office 365 within a few weeks.

What other options do I have?

Colin_Weaver · ‎05-12-2016

You should probably get Microsoft advice on this and maybe even ask them to look specifically at your NTDS.DIT issue and not the question about effect of System State Restore against Exchange

1) The System State restore itself won't touch the Exchange database - BUT it might affect Exchange in a way that stops Exchange from running if anything to do with the installation itself has been changed since the backup. (We cannot confirm if this is likely to be an issue)

2) If you restore the system state there is no guarantee it will fix the issue, because things like computer accounts etc are reset periodically (by AD in the background), if you go back to an older backup you might be going back to an earlier version of computer account (or other critical AD object/property) and if that happens the machine in question will still not be able to connect to AD even if the restore works.( Because the state of AD itself willl be newer in the rest of your production environment than it is in the backup set and you will have introduced an inconsistency by restoring)

Whatever you do take a specific backup of the Exchange data (and any other critical data on the system first).

View solution in original post

Colin_Weaver · ‎05-12-2016

You should probably get Microsoft advice on this and maybe even ask them to look specifically at your NTDS.DIT issue and not the question about effect of System State Restore against Exchange

1) The System State restore itself won't touch the Exchange database - BUT it might affect Exchange in a way that stops Exchange from running if anything to do with the installation itself has been changed since the backup. (We cannot confirm if this is likely to be an issue)

2) If you restore the system state there is no guarantee it will fix the issue, because things like computer accounts etc are reset periodically (by AD in the background), if you go back to an older backup you might be going back to an earlier version of computer account (or other critical AD object/property) and if that happens the machine in question will still not be able to connect to AD even if the restore works.( Because the state of AD itself willl be newer in the rest of your production environment than it is in the backup set and you will have introduced an inconsistency by restoring)

Whatever you do take a specific backup of the Exchange data (and any other critical data on the system first).

VOX

Second domain controller with Exchange 2007 have a corrupt NTDS.DIT