Delete Exchange Computer Account from Active directory in production Environment

Problem:

Exchange computer accounts have been deleted, from active directory. The network administrator deleted the OU (Organizational Unit) where all Exchange computer accounts in.

Side effects:

No mail flow, outage for E-mail, Exchange application logs showing following errors 9187, 9186

Solution:

• Log into exchange server locally and take then exchange servers out the domain,
  
• Reboot the exchange servers
  
• Re-join the exchange servers back to the domain
  

Notes:

• Each Windows-based computer maintains a machine account password history containing the current and previous passwords used for the account. When two computers attempt to authenticate with each other and a change to the current password is not yet received, Windows then relies on the previous password. If the sequence of password changes exceeds two changes, the computers involved may be unable to communicate, and you may receive error messages (for example, "Access Denied" error messages when Active Directory replication occurs).
  
• Resetting a computer account breaks that computer's connection to the domain and requires it to rejoin the domain. In my scenario this was done on Exchange server. The computer account was reset and there was no way to log into the server, except server itself locally. Taking the server out from domain rebooting it, adding the server back to the domain worked. All exchange services were up and running after joining to domain with same name. Remember renaming Exchange will break the exchange and there will be no way to bring exchange back to the live from death, this is of course not supported by Microsoft.
  

Event Type: Error Event Source: MSExchangeSA Event Category: General Event ID: 9187 Date: 4/7/2008 Time: 2:12:44 PM User: N/A Computer: RCOBHSCHI010 Description: Microsoft Exchange System Attendant failed to add the local computer as a member of the DS group object 'cn=Exchange Domain Servers,cn=Users,dc=smtp25,dc=org'. Please stop all the Microsoft Exchange services, add the local computer into the group manually and restart all the services. For more information, click http://www.microsoft.com/contentredirect.asp.

Event Type: Warning Event Source: MSExchangeSA Event Category: General Event ID: 9186 Date: 4/7/2008 Time: 2:27:44 PM User: N/A Computer: RCOBHSCHI010 Description: Microsoft Exchange System Attendant has detected that the local computer is not a member of group 'cn=Exchange Domain Servers,cn=Users,dc=smtp25,dc=org'. System Attendant is going to add the local computer into the group. The current members of the group are 'CN=CH,OU=Computers,OU=CH Rich VA,DC=smtp25,DC=org; CN=CH,OU=Computers,OU=CH Wilkes PA,DC=smtp25,DC=org; CN=CH,OU=Computers,OU=CH MilfCT,DC=smtp25,DC=org; CN=CH,OU=Computers,OU=CH High NC,DC=smtp25,DC=org; CN=CH,OU=Computers,OU=CH Lee VA,DC=smtp25,DC=org;; CN=CH,OU=Computers,OU=CH Charles SC,DC=smtp25,DC=org; CN=CHNY,OU=Computers,OU=CH White NY,DC=smtp25,DC=org; '. For more information, click http://www.microsoft.com/contentredirect.asp.

Oz ozugurlu,
Systems Engineer
MCITP (EMA), MCITP (SA),
MCSE 2003 M+ S+ MCDST
Security Project+ Server+
oz@SMTp25.org

http://smtp25.blogspot.com