Exchange 2016 Install Issue
-
@Dashrender said in Exchange 2016 Install Issue:
Just so I understand the environment.
You had/have
AD server - still have
Exchange 2013 - now gone
Exchange 2016 - now goneIs that right?
Assuming it is, now you're trying to add a new Exchange server back into this environment, on a new server, so you'll end up with
AD server
Exchange serverQuestion - do you still have the old data from Exchange 2013/2016? that you need to put into this new Exchange server?
I don't. We're considering it a complete loss. Silver lining is we'll get the funding to protect ourselves now, and the opportunity to build everything into VM's.
-
@G-I-Jones said in Exchange 2016 Install Issue:
@Dashrender said in Exchange 2016 Install Issue:
Just so I understand the environment.
You had/have
AD server - still have
Exchange 2013 - now gone
Exchange 2016 - now goneIs that right?
Assuming it is, now you're trying to add a new Exchange server back into this environment, on a new server, so you'll end up with
AD server
Exchange serverQuestion - do you still have the old data from Exchange 2013/2016? that you need to put into this new Exchange server?
I don't. We're considering it a complete loss. Silver lining is we'll get the funding to protect ourselves now, and the opportunity to build everything into VM's.
Is there a reason you are returning to onsite Exchange instead of moving to O365 or some other hosted solution?
-
Is there a reason you are returning to onsite Exchange instead of moving to O365 or some other hosted solution?
Money.
-
@G-I-Jones said in Exchange 2016 Install Issue:
Is there a reason you are returning to onsite Exchange instead of moving to O365 or some other hosted solution?
Money.
As in you already have the Exchange licenses, so it's mostly a non cash setup situation?
-
How many users do you have? how many workstations? How many file shares - are permissions used a lot in those file shares?
perhaps, it would be worthwhile to start your AD all over again?
-
As in you already have the Exchange licenses, so it's mostly a non cash setup situation?
Nail on the head.
-
@Dashrender said in Exchange 2016 Install Issue:
How many users do you have? how many workstations? How many file shares - are permissions used a lot in those file shares?
perhaps, it would be worthwhile to start your AD all over again?
I'm gonna power through this build first and see how it goes.
-
@G-I-Jones said in Exchange 2016 Install Issue:
@Dashrender said in Exchange 2016 Install Issue:
Just so I understand the environment.
You had/have
AD server - still have
Exchange 2013 - now gone
Exchange 2016 - now goneIs that right?
Assuming it is, now you're trying to add a new Exchange server back into this environment, on a new server, so you'll end up with
AD server
Exchange serverQuestion - do you still have the old data from Exchange 2013/2016? that you need to put into this new Exchange server?
I don't. We're considering it a complete loss. Silver lining is we'll get the funding to protect ourselves now, and the opportunity to build everything into VM's.
So why not setup a fully new AD domain and reinstall Exchange there then? It would be the best course of action as it will be clean.
-
@dbeato We may have to, but like I said I'm going to power through this build first, and we'll see how it goes.
-
@G-I-Jones said in Exchange 2016 Install Issue:
@dbeato We may have to, but like I said I'm going to power through this build first, and we'll see how it goes.
Do it side by side. Setup another AD in another Server and work through it. I bet the new one will go much faster.
-
@dbeato My plan is to just roll back the snapshot of the AD we have now to when we first built it pre-Exchange. Giving me a blank canvas if it comes to that.
-
@G-I-Jones said in Exchange 2016 Install Issue:
@dbeato My plan is to just roll back the snapshot of the AD we have now to when we first built it pre-Exchange. Giving me a fresh canvas if it comes to that.
This is a horrible idea. Rolling back AD is almost never a good idea.
-
@JaredBusch please elaborate.
-
@JaredBusch said in Exchange 2016 Install Issue:
@G-I-Jones said in Exchange 2016 Install Issue:
@dbeato My plan is to just roll back the snapshot of the AD we have now to when we first built it pre-Exchange. Giving me a fresh canvas if it comes to that.
This is a horrible idea. Rolling back AD is almost never a good idea.
OMG - THIS, one million times this!
-
@G-I-Jones said in Exchange 2016 Install Issue:
@JaredBusch please elaborate.
AD is extremely time sensitive. By default, a domain joined PC who's time is off more than 5 mins from the AD server, can not authenticate because the server will think it's being attacked.
Computers also generate their own passwords for connectivity to AD - and they update these passwords completely autonomously. So any machine that has updated to a new password since your snapshot, would no longer work on the domain.
There is a process for restoring an old version of AD into a network - but it is rather complex (and something I've never done or seen done).
-
@Dashrender said in Exchange 2016 Install Issue:
@G-I-Jones said in Exchange 2016 Install Issue:
@JaredBusch please elaborate.
AD is extremely time sensitive. By default, a domain joined PC who's time is off more than 5 mins from the AD server, can not authenticate because the server will think it's being attacked.
Computers also generate their own passwords for connectivity to AD - and they update these passwords completely autonomously. So any machine that has updated to a new password since your snapshot, would no longer work on the domain.
There is a process for restoring an old version of AD into a network - but it is rather complex (and something I've never done or seen done).
I literally just rolled back my AD/DC a week ago. The process was very smooth. You just change the time and Boot/re-add every machine to the domain. The latter being the most timely, but it’s really easy.
That’s my experience at least.
-
@G-I-Jones said in Exchange 2016 Install Issue:
@Dashrender said in Exchange 2016 Install Issue:
@G-I-Jones said in Exchange 2016 Install Issue:
@JaredBusch please elaborate.
AD is extremely time sensitive. By default, a domain joined PC who's time is off more than 5 mins from the AD server, can not authenticate because the server will think it's being attacked.
Computers also generate their own passwords for connectivity to AD - and they update these passwords completely autonomously. So any machine that has updated to a new password since your snapshot, would no longer work on the domain.
There is a process for restoring an old version of AD into a network - but it is rather complex (and something I've never done or seen done).
I literally just rolled back my AD/DC a week ago. The process was very smooth. You just change the time and Boot/re-add every machine to the domain. The latter being the most timely, but it’s really easy.
That’s my experience at least.
yeah - you had to readd every PC to the domain - that's the crazy part...
Curious - why did you roll it back?
And if you have so few machines that you don't mind rejoining them all - then really - Just start over. There is Zero benefit to sticking with an AD that has any potential to have problems.
As more or less indicated by my earlier question - the amount of file shares/printer shares/file permissions and devices joined to the domain kinda tell you how much of a PITA setting up a new domain will be, because you have to rebuild all of those things.
-
@G-I-Jones said in Exchange 2016 Install Issue:
@Dashrender said in Exchange 2016 Install Issue:
@G-I-Jones said in Exchange 2016 Install Issue:
@JaredBusch please elaborate.
AD is extremely time sensitive. By default, a domain joined PC who's time is off more than 5 mins from the AD server, can not authenticate because the server will think it's being attacked.
Computers also generate their own passwords for connectivity to AD - and they update these passwords completely autonomously. So any machine that has updated to a new password since your snapshot, would no longer work on the domain.
There is a process for restoring an old version of AD into a network - but it is rather complex (and something I've never done or seen done).
I literally just rolled back my AD/DC a week ago. The process was very smooth. You just change the time and Boot/re-add every machine to the domain. The latter being the most timely, but it’s really easy.
That’s my experience at least.
I have 120 PCs in my environment - I would never want to roll back AD and have to run around like a chicken with my head cut off rejoining those to my domain.
-
Curious - why did you roll it back?
I rolled it back because of the encryption attack.
-
And if you have so few machines that you don't mind rejoining them all - then really - Just start over. There is Zero benefit to sticking with an AD that has any potential to have problems.
My point is that rolling back the AD to when I first built it, (pre Exchange) would both be starting over and give me the peace of mind that it’s a fresh server with no potential problems.
