none
If all domain controller down, what happen or what can we do for exchange server user?

    Question

  • Hello All

    Just try to understand if we have exchange server, when all domain controller down and no able to recover, what will be the worst case?

    First, I think the only way is to rebuild the DC from ZERO. i know it is painful but the question is:

    how about the exchange user? they suppose not able to login and not able to work on their email. So, can i just rebuild the DC and create same user information in active directory. rejoin the exchange server to DC. and try to logon new created user and see if they will connect back to their outlook mailbox? hope some one can answer that. thanks

    Saturday, December 17, 2016 6:13 PM

Answers

  • If ALL domain controllers are down, Exchange will not function.  If you have to re-build the domain from scratch, you will be in big trouble.   Exchange is a "check engine light" for Active Directory.  And if ALL your DCs are down, that light will turn ON.  At a minimum:

    1. Service accounts running Exchange will not work
    2. Users actively running Outlook will not be able to find other people in the system
    3. Calls to your Help Desk will start flooding in

    If you need to re-build AD, then at a high level the impacts are:

    1. All user accounts will have to be re-created
    2. All Active Directory groups will have to be re-created
    3. All client machines will need to re-join the new domain
    4. All member servers (to include Exchange) will need to re-join the new domain
    5. All service accounts will need to be re-created and configured on member servers
    6. All GPOS (Group Policy Obects) will need to be re-created, re-linked and objects moved to their respective OUs.  This post suggests these likely weren't backed up
    7. All OUs will need to be re-built  
    8. Your PKI architecture, if any, will need to be re-built.  Consequence of this, SSL operations will fail, if AD-based certificates were deployed
    9. All users will logon to their computers with fresh new profiles
    10. All users will need to be re-joined to their Exchange mailboxes

    Best Regards, Todd Heron | Active Directory Consultant




    • Edited by Todd Heron Saturday, December 17, 2016 7:59 PM Added more detail
    • Proposed as answer by Dave PatrickMVP Saturday, December 17, 2016 9:34 PM
    • Marked as answer by HKMO Monday, December 19, 2016 3:01 AM
    Saturday, December 17, 2016 7:43 PM

All replies

  • Better to ask about exchange recovery over here.

    https://social.technet.microsoft.com/Forums/office/en-us/home?category=exchangeserver

     

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    Saturday, December 17, 2016 7:06 PM
  • If ALL domain controllers are down, Exchange will not function.  If you have to re-build the domain from scratch, you will be in big trouble.   Exchange is a "check engine light" for Active Directory.  And if ALL your DCs are down, that light will turn ON.  At a minimum:

    1. Service accounts running Exchange will not work
    2. Users actively running Outlook will not be able to find other people in the system
    3. Calls to your Help Desk will start flooding in

    If you need to re-build AD, then at a high level the impacts are:

    1. All user accounts will have to be re-created
    2. All Active Directory groups will have to be re-created
    3. All client machines will need to re-join the new domain
    4. All member servers (to include Exchange) will need to re-join the new domain
    5. All service accounts will need to be re-created and configured on member servers
    6. All GPOS (Group Policy Obects) will need to be re-created, re-linked and objects moved to their respective OUs.  This post suggests these likely weren't backed up
    7. All OUs will need to be re-built  
    8. Your PKI architecture, if any, will need to be re-built.  Consequence of this, SSL operations will fail, if AD-based certificates were deployed
    9. All users will logon to their computers with fresh new profiles
    10. All users will need to be re-joined to their Exchange mailboxes

    Best Regards, Todd Heron | Active Directory Consultant




    • Edited by Todd Heron Saturday, December 17, 2016 7:59 PM Added more detail
    • Proposed as answer by Dave PatrickMVP Saturday, December 17, 2016 9:34 PM
    • Marked as answer by HKMO Monday, December 19, 2016 3:01 AM
    Saturday, December 17, 2016 7:43 PM
  • OK... that's meaning not only Domain Controller start from Zero, is ALL the system including server & client have to be rebuild...everything start form the very beginning. that's terrible...

    However, in my situation, i still have a second DC running and so far don't have large issue. but the DC2 already have replicate issue before the DC1 down, (some of the replication not work, but i just ignore it because everything is running fine before).

    for solution. I know that i can reinstall a fresh windows server as a new domain controller to join DC2. but i just afraid there will have unknow issue when i do this because the Primary DC is dead. (DC2 is not Primary DC)

    Any good suggestion is really appreciate.

    Sunday, December 18, 2016 2:47 PM
  • Shouldn't be a problem. You can perform cleanup before standing up the new one.

    https://technet.microsoft.com/en-us/library/cc816907%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    • Proposed as answer by Todd Heron Sunday, December 18, 2016 11:23 PM
    Sunday, December 18, 2016 2:54 PM
  • Your first post asked what would be the consequence of all domain controllers going down and not able to recover - the answer is a complete rebuild if you have no backups.  I've answered in detail of what the consequences would be in such a scenario as presented by this first problem statement.   You should mark it as such so that it may help others when searching for the same or similar issue.  Your new comment actually presents a whole new question, and so it should be asked in the form of a new question so that it helps others wen searching about this problem.


    Best Regards, Todd Heron | Active Directory Consultant

    Sunday, December 18, 2016 5:02 PM
  • Understand, and thanks Todd
    Monday, December 19, 2016 3:02 AM