Nov 23 2017 11:27 PM
The root AD forest has multiple sub domains, for example contoso.com is root, child domains, sub1.contoso.com, sub2.contoso.com etc.
Exchange 2016 servers is installed into the root domain, contoso.com with prepearealldomains, so allows mailboxes to be associated AD user objects in the child domains.
There was a issue encountered resulting in no writable DC for child domain sub1.contoso.com. In addition the mailbox database which holds the mailboxes for these child domain is not recoverable.
At the moment, the rest of Exchange is functioning okay.
I want to run Disable-Mailbox, Remove-Mailbox to delete mailbox for the sub1.contoso.com mailbox accounts, or run Set-Mailbox with a -ForwardingSMTPAddress, in order to route emails destined for the child domain users elsewhere. Unfortunately each of these options require the ability to access the mailbox database in question or a child dc in sub1.contoso.com.
Does anyone know how I can set the ForwardingSMTPAddress for these child user accounts mailboxes, or disable/disconnect the mailbox for these users in this scenario?
May 26 2021 03:46 PM
May 26 2021 11:58 PM
From what I recall and checking old emails, I believe we attempted to disable-mailbox with various switched but that resulted in the same issue , e.g. being unable to contact the child domain controller (worth checking though). I don't think ADSI edit was an option for the user object wasn't accessible.
In this instance, I believe the child domain was not recoverable, so we took steps to remove the child domain controller/s and child domain from the forest. Taking this steps obviously has wider implications and depends on whether you're planning to recover your child domain?
If you were to pursue removing the child domain; before doing this, I advise collected the mailbox details to an XML if you can, because you'll likely want to grab the lgeacyexchangedn and proxyaddresses to reapply elsewhere e.g. 'Get-Mailbox -Identity john.smith | Export-clixml c:\temp\jsmithmbxdetails.xml'
As a result, the mailboxes were then disconnected in Exchange and no longer associated to the orphaned AD objects. I believe you could then connect the disconnected mailbox to another AD object.
My notes on the child domain controller and domain removal (obviously use at your own risk and I would recommend testing in a lab first if you're unsure first)....
To Remove Domain Controller
ntdsutil:
type metadata cleanup
type connections
connect to server servernamehere
Type quit
type select operation target
Type list domains
Type select domain number
Type list sites
Type select site number
Type list servers in site
Type select server number
Type quit
Type remove selected server
Type quit
In Active Directory Users and Computers, expand the domain controllers container. Delete the computer object associated with the failed domain controller.
Windows Server 2003 AD might display a new type of question window, asking you if you want to delete the server object without performing a DCPROMO operation . Select “This DC is permanently offline…” and click on the Delete button.
AD will display another confirmation window. If you’re sure that you want to delete the failed object, click Yes to remove the failed server object from DNS.
In the DNS snap-in, expand the zone that is related to the domain from where the server has been removed. Remove the CNAME record in the _msdcs.root domain of forest zone in DNS. You should also delete the HOSTNAME and other DNS records. If you have reverse lookup zones, also remove the server from these zones.
To remove domain:
ntdsutil:
type metadata cleanup
type connections
connect to server servernamehere
Type quit
type select operation target
Type list domains
Type select domain number
Type quit
Type remove selected domain
May 27 2021 07:29 AM
@Ben OwensOh wow, that is so much more detail than I was expecting or even hoping for... thank you!!
In our case, the child DCs are gone legitimately, just apparently not cleaned up properly. Even the parent domain is legacy and probably not long for this world, so I might just wait until it's time to turf the whole thing.
Definitely appreciate you taking the time to go back and look up your notes from three years ago though. If I could buy you a beer, I would!