If you would like to read the next part in this article series please go to Generating Active Directory Accounts using the mailbox information in the Mailbox Database (Part 2)
Introduction
What can you do with a single mailbox database? In a disaster scenario where we have lost our single Domain Controller and we do not have any backup, an Exchange Server mailbox database can be useful to save some time during the rebuild process. The mailboxes have some information about the associated user account and we can use this information to create new users and connecting them to the mailboxes.
However, it will not save the administrator in this kind of disaster to join all workstations/servers into the new domain, recreate the permissions and etc…
This article can be useful also when you want to create a lab environment using Virtual Server or any kind of virtualization software and we don’t want to restore the production DC’s system state in the lab.
Scenario…
We are going to use the same scenario for both articles, the difference between them is the process involved of generating the Active Directory users account from a mailbox database.
Our scenario will be a company with a single Active Directory and one Exchange Server (Figure 01). In this first article this will be an Exchange Server 2007 and in the second it will be an Exchange Server 2003. The only Active Directory server has crashed and we do not have any Active Directory or a System State backup available.
Figure 01: We have a single domain controller without backup and a disaster occurs
To generate the Active Directory users’ accounts the mailbox database must be in a clean shutdown state, as shown in Figure 02.
Figure 02: Running eseutil /mh <database> against the database to validate the state of this database
We can summarize the steps needed to build this new environment as follows:
-
Create the Active Directory Domain.
-
Create the Exchange Server infrastructure.
-
Mount the old database.
-
Create a list of disconnected mailboxes on an LDF file.
-
Use this newly created LDF file to create Active Directory accounts.
-
Match the new users created with the disconnected mailboxes.
Creating the environment from scratch
We have to create the environment even though the crash was only in the Active Directory server. This is because all Exchange Server information stored in the Active Directory does not exist any more. We have to do these steps:
-
Build a new server and install Active Directory.
-
Create the backup agenda for this server because we don’t want to do this entire job again.
-
Install a new server for Exchange Server 2007 and install it (preparing Forest and Active Directory), you can use the following article to help in this process, Installing Exchange 2007 (Part 1).
Mounting the old database and looking at the disconnected mailboxes
Now that we have a brand new environment with Active Directory and Exchange Server installed from scratch, let’s mount the database from the old environment to bring up the users’ data. To accomplish this task:
-
Open the Exchange Management Console.
-
Expand Server Configuration.
-
Click on Mailbox, and in the Result Pane, click on the current server.
-
Click on the database called Mailbox Database, and then click on Properties in the Toolbox Actions.
-
Remember the Database path for the next step, and check the option This database can be overwritten by a restore. Click OK. (Figure 03)
Figure 03: The default mailbox database will be overwritten by the production database from the old environment
Now, let’s go to the path where the current database is located and we will remove the current database file (mailbox database.edb). Then, we will copy our old database on to the same path and we will rename it “Mailbox database.edb”. After that we can go back to the Exchange Management Console, click on the dismounted database and click on Mount Database in Toolbox Actions.
Listing the disconnected mailboxes and generating the Active Directory Users
We have just brought the old database into the new Exchange Server and all the users’ data are in this mounted database. Let’s look at the Disconnected the Mailbox Databases, but right before that we should force a scan in the Active Directory for the disconnected mailboxes. We can do that using the cmdlet Clean-MailboxDatabase –Identity <database>, as shown in Figure 04.
Figure 04: Listing the Mailbox databases and running the clean-mailboxdatabase cmdlet
To see the disconnected mailboxes, we can open the Exchange Management Console, expand Recipient Configuration, and then click on Disconnected Mailbox item, as shown in Figure 05.
Figure 05: All disconnected mailboxes
The next step is to use a script that will gather the information from the disconnected mailboxes and create an LDF file that will be used to create the Active Directory users accounts. This script can be found in the Exchange Server 2007 help file or at this address. Let us copy the content of that script and save the file as CreateLdifFromDisconnectedMailboxes.ps1 under Scripts folders, as shown in Figure 06.
Figure 06: Saving the script to be used through Exchange Management Shell
Using that script we are able to create an LDF file from the disconnected mailbox information. The only parameter that we have to specify in the script is which OU (Organizational Unit) will be used to create the new users (Figure 07). The script syntax is shown below:
.\CreateLdifFromDisconnectedMailboxes.ps1 –ContainerDN “<LDAP path of the OU that will receive the new accounts>”
Figure 07: Running the script to create a LDF file, the ouput file can be found at c:\ldifout.ldf
The result will be an LDF file that contains information on how to create the users. This information came from the disconnected mailboxes (Figure 08).
Figure 08: LDF file content that will be used by ldifde tool
Time to create the users using the current LDF file! To do that we will use ldifde tool (Figure 09) with the following syntax:
Ldifde –I –f <full-path-of-the-LDF-file>
Figure 09: Creating the Active Directory users
We can go to Active Directory Users and Computers and validate if we have got new users in the OU that we designated in the script CreateLdifFromDisconnectedMailboxes.ps1 . (Figure 10)
Figure 10: The newly created users
Our next step will be matching and joining the recently created users with the disconnected mailboxes (Figure 11). We will accomplish this task using the following cmdlet:
Get-MailboxStatistics | where { $_.DisconnectDate –ne $null } | Connect-Mailbox –Database “<database-name>”
We can accept each mailbox connection answering Y or we can type in A to say Yes to all connections.
Figure 11: Connecting the new users with the disconnected mailboxes
Now, all disconnected mailboxes are connected with the new users. We can see all mailboxes in the Exchange Management Console, as shown in Figure 12.
Figure 12: The new users
Okay, now we have a brand new environment with new accounts generated from the disconnected mailboxes. The next job on the list would be joining all workstations in the new domain, setting up permissions on file servers and, etc…
Conclusion
In this first article we saw how to create new Active Directory users from an Exchange Server 2007 database. This article may come in handy when we do not have any Active Directory backup or DC’s System State and any other Domain Controller. The process described in this article will save some time when creating the new users and connecting them to the old content.
If you would like to read the next part in this article series please go to Generating Active Directory Accounts using the mailbox information in the Mailbox Database (Part 2)
Wow, thank you very much. This article helped me not to lose all email accounts and ad-users.