Here's our situation: we had one server running Win2003 Server Std that was also the only domain controller. The ntds.dit file (AD database) became corrupted and there was no backup. We scrapped the DC and recreated the domain from scratch, using the SAME domain name and SAME server name.
Now we're down to Exchange. It's 2007 with SP1. It was running happily – just a single server (no frontend/backend). We have the original mail stores and backups of the stores.
I've searched high and low for this exact situation but have found nothing 100% on point. Some people want to migrate from one domain to another, others have corrupted Exchange databases and need to restore. In my case, Exchange was up and running fine, the AD was corrupted and rebuilt. Now I need help: do I completely remove Exchange and reload from scratch? Do I re-run setup /preparead and hope for the best? Are there other tricks to getting our Exchange server running again inside our new AD?
Best Answer
Quite a mess you've made there, eh?
Here's an article that will help you with the process: http://www.msexchange.org/articles_tutorials/exchange-server-2007/high-availability-recovery/generating-active-directory-accounts-exchange-database-part1.html
That article describes exactly the scenario you have.
Basically, you're creating a new AD environment and installing a fresh install of Exchange, moving the "stock" blank database out of the new Exchange install, then mounting up your existing Exchange database and creating new user accounts corresponding to the disconnected mailboxes that Exchange finds in your database. The article talks about using a script to create the user accounts for the disconnected mailboxes. You can do it "by hand" as well, though.
In the future, have a secondary domain controller and backup Active Directory with a recurring online backup. AD databases don't "become corrupt", either. You've probably got a hardware problem on the domain controller computer if you somehow "lost' the DIT file. The database engine underneath AD, ESE, is very solid and doesn't "corrupt" data.
Now, you get to rejoin all your PCs to the domain, start fresh (or fix up the ACLs in) all your user profiles, recreate all your group policy objects, and generally rebuild everything from the ground up. W/o sounding too snarky, I hope that you're seeing that the "cost" of a secondary domain controller and regular backups of Active Directory aren't that high, after all.