Exchange 2016: Manual removal of an Exchange server (single server)

Foreword

This series of articles deals with the manual removal of an Exchange 2016 server from the Active Directory. This procedure should only be used in special cases. The following cases come into question:

• There was already an Exchange installation "earlier" that is incomplete or faulty
• The Exchange server has burned down and cannot be restored via disaster recovery (no backup available, AD computer account deleted)
• A new Exchange Server is to be installed in a mishandled Active Directory in which one or both of the above points apply

The procedure described below must be carried out with caution and is FINAL. So please read carefully and make sure you create a backup of the domain controller.

If the Exchange Server computer account still exists, a disaster recovery should be attempted first. Manual removal is a last resort.

Surroundings

This article refers to an Active Directory in which the only Exchange 2016 server has been destroyed and cannot be restored from the backup. However, the domain controller on another server is still intact. So let's assume that the Exchange server named FWCOMEX1 was first struck by lightning, as a result of which the server burned down and a water pipe broke due to the heat, flooding the server:

After a recovery no longer worked because the AD computer account had already been deleted and all recovery attempts had failed, it is now time to start all over again. There is even a small glimmer of hope for the data. So FWCOMEX1 has been buried with dignity:

Procedure

The order in which you proceed doesn't really matter, I'll start with the DNS. All of the steps mentioned here take place on the domain controller FWCOMDC1.

Remove DNS entries

Depending on the configuration, there are several entries in the DNS that point to the broken Exchange server. The entries can usually be easily identified using the IP address. These entries are deleted:

Depending on the configuration, an SRV record for Autodiscover may also exist in the DNS zone. This will also be deleted:

The same applies to the reverse lookup zone, everything with the IP of the Exchange server is deleted (if available)

Delete configuration from Active Directory

After the DNS entries have been deleted, the Exchange configuration can be deleted from the Active Directory configuration partition. To do this, first connect to the configuration partition using ADSIEdit:

Under "Services" you will find the two entries "Microsoft Exchange" and "Microsoft Exchange Autodiscover". Both are deleted:

Then connect to the naming context. The entries "Microsoft Exchange Security Groups" and "Microsoft Exchange System Object" are now deleted here:

Continue with the "Active Directory Users and Computers" console. All Exchange system mailboxes are deleted in the Users OU:

The Exchange configuration is already history.

Resetting the attributes of user accounts

The AD user accounts also contain attributes that refer to the Exchange Server. The easiest way to reset the attributes is via PowerShell, as there are quite a few attributes involved. For a single user it works with the following command:

Get-ADUser frank | Set-ADUser -Clear msExchAddressBookFlags,msExchArchiveGUID,msExchArchiveName,msExchArchiveQuota,msExchArchiveWarnQuota,msExchBypassAudit,msExchCalendarLoggingQuota,msExchDumpsterQuota,msExchDumpsterWarningQuota,msExchELCMailboxFlags,msExchGroupSecurityFlags,msExchHomeServerName,msExchMailboxAuditEnable,msExchMailboxAuditLogAgeLimit,msExchMailboxGuid,msExchMailboxSecurityDescriptor,msExchMDBRulesQuota,msExchModerationFlags,msExchPoliciesIncluded,msExchProvisioningFlags,msExchRecipientDisplayType,msExchRecipientSoftDeletedStatus,msExchRecipientTypeDetails,msExchTextMessagingState,msExchTransportRecipientSettingsFlags,msExchUMDtmfMap,msExchUMEnabledFlags2,msExchUserAccountControl,msExchWhenMailboxCreated,showInAddressBook,proxyAddresses,legacyExchangeDN

The following command can be used for all users:

Get-ADUser -filter * | Set-ADUser -Clear msExchAddressBookFlags,msExchArchiveGUID,msExchArchiveName,msExchArchiveQuota,msExchArchiveWarnQuota,msExchBypassAudit,msExchCalendarLoggingQuota,msExchDumpsterQuota,msExchDumpsterWarningQuota,msExchELCMailboxFlags,msExchGroupSecurityFlags,msExchHomeServerName,msExchMailboxAuditEnable,msExchMailboxAuditLogAgeLimit,msExchMailboxGuid,msExchMailboxSecurityDescriptor,msExchMDBRulesQuota,msExchModerationFlags,msExchPoliciesIncluded,msExchProvisioningFlags,msExchRecipientDisplayType,msExchRecipientSoftDeletedStatus,msExchRecipientTypeDetails,msExchTextMessagingState,msExchTransportRecipientSettingsFlags,msExchUMDtmfMap,msExchUMEnabledFlags2,msExchUserAccountControl,msExchWhenMailboxCreated,showInAddressBook,proxyAddresses,legacyExchangeDN

Now the Exchange configuration of the mailboxes is also history.

Delete computer account

If the computer account of the Exchange Server still exists, it can also be deleted:

Installing a new Exchange Server

Before a new Exchange Server with a new name is installed, the Active Directory should be prepared once via the command line so that the necessary entries are created again.

There is a separate article on this.