Exchange server in an AD backup/restore scenario

Copper Contributor

Hello everyone,

 

I would like to know the best practices and approach to the below situation.

 

  • One Domain Controller in the environment with Two Exchange 2013 servers
  • Due to a failure, the domain controller needs to be restored from a backup (30 days older)

 

Plan will be to restore the AD from a 30+ day old backup. This is a must and noway to change. Due to the 30+ days, i believe there will be a trust relationship error when I try to connect the existing Exchange to the restored AD.

 

1) Is it recommended and supported by Microsoft to reset computer account and rejoin Exchange server in case trust relationship issue comes up

2) What options are there in such a situation to get back Exchange on-track

 

Thank you.

2 Replies
Hello JudeCP,

Apart from the trust relationship there is another problem, AD holds sequence numbers to keep track of all the updates done to an account.

The Exchange Server holds a backup of the Global Catalog but when you restore the DC I'm not sure if the AD accounts in the AD will get the updates from the Exchange Server.

I think the best way solve this is creating a new domain and Exchange server, this of course will require a lot of time.
You will need to recreate all the users, groups, OU's, mailboxes etc.
Then copy the Exchange database from the old Exchange Server, mount it as a restore database and restore all mailbox data into the new Exchange Server.

A broken domain is one of the hardest things to fix and of course the advice would be to create 2 DC's in the future.

@JudeCP From an architecture point of view it is very unusual to have only one DC in an environment, no matter how small the environment is. It's okay to have one DC for LAB environment where you do not care to recover anything.

If you had two DCs in your domain, in this case you just could have built a new DC in the existing domain. Now that you have lost your only DC of the domain and the backup you have is older than 30 days, you do not have any other choice! I would restore the DC and try rebooting the Exchange servers first. If still they are out of the domain, you have to dis-join and rejoin them again. Even if your Exchange severs start talking to the domain from windows perspective, you may face various issues with exchange. Good luck!