0

Stages of AD Changes When Installing and Uninstalling Exchange

This is a post to capture the stages of change in Active Directory when the first Exchange server is installed, and opposingly when the last Exchange server is uninstalled.  We will not get into any specific details about the individual changes made to AD, rather this is a 20,000 foot view.

Starting Configuration

A brand new lab was created using Windows Server 2016 for the DCs and Exchange servers.  The standard process was used to install the AD DS components, then promote the machine to a DC.

This is a very vanilla configuration with no further modifications, apart from joining the Exchange servers to the domain and installing all available updates at the time of writing.

The required Exchange 2016 prerequisites were installed onto the Exchange servers, and the servers restarted.

An elevated cmd prompt was used for each of the Exchange activities and the command line was used to install and uninstall.  Exchange 2016 CU20 was used as it was the latest Exchange 2016 release at the time of writing.

The below shows the properties of a user object, not that there are none of the detailed msExch attributes are present.  There are only three with the prefix msExch.

User Account Attributes Prior to Schema Extension

The AD structure is also at its defaults.  Advanced view is enabled so we could see the Attribute Editor.  Note there are no Exchange specific containers or OUs.

Default Active Directory Layout - No Exchange OUs or Containers

PrepareSchema Completed

The first step is to prepare the AD schema and add in the Exchange attributes.

Setup.exe /IAcceptExchangeServerLicenseTerms /PrepareSchema

In the below image, the PrepareSchema operation has been executed.  This added the Exchange attributes to the underlying AD schema. Note that the Exchange organisation has not yet been created.

There is no CN=Microsoft Exchange listed under the highlighted CN=Services container.

Exchange PrepareSchema Has Completed - Note There is No Exchange Organisation

If we also check the same user object, we can now see the plethora of msExch attributes:

PrepareSchema Completed - msExch Attributes Now Present

PrepareAD Completed

Next up we run the /PrepareAD command. Note that since there is no existing Organisation we need to specify it, else setup fails.

Setup.exe /IAcceptExchangeServerLicenseTerms /PrepareAD

Running /PrepareAD - Organization Name Is Missing

Let's add in the OrganizationName parameter, and re-run the command.

Setup.exe /IAcceptExchangeServerLicenseTerms /PrepareAD /OrganizationName:Wingtiptoys

Running /PrepareAD - Organization Name Has Been Specified

Multiple actions are completed in the directory service, one of those being the creation of the Exchange organisation.

Note we have the CN=Microsoft Exchange container and below it, CN=Wingtiptoys created in AD.

All of the expected logical elements are visible in AD.

PrepareAD Completed and Organization Has Been Created

Additionally, the required container and OU were created in AD.  This are Microsoft Exchange System Objects (MESO) and the Microsoft Exchange Security Groups (MESG) respectively.

They are highlighted in the image below.

MESO and MESG Created in AD

This is only a single domain in this forest so /PrepareDomain as not specified.

Installing First Exchange Server

Since we are installing Exchange 2016, there is a single internal role that we can select - Mailbox.  Exchange 2013 was the last version where you could split out the Mailbox and CAS roles, but that was not the standard recommendation and the guidance has been multi-role for many years.

Setup.exe /IAcceptExchangeServerLicenseTerms /Mode:Install /Roles:Mailbox

Running Setup To Install First Exchange Server

As a side note, this was going to be a 2013 based lab, but  the VMs were provisioned with Exchange 2013 in the name.  It is Windows 2016 and Exchange 2016 so don't get hung up on the server name.  Call the server "Steve" it that would be better for you.

Once the server install has completed, you can now see its object listed in AD.

This is under the CN=Servers container, and is highlighted below.

Excahange Server Installed - Visible In Servers Container

Uninstalling Last Exchange Server

For the required actions required to prepare for the server removal, please review the detailed section below.

Once you have done the necessary work, you can then uninstall the last Exchange server.

Setup.exe /IAcceptExchangeServerLicenseTerms /Mode:UnInstall

In the below, we are using the path statement to find setup.exe in the Exchange install folder.

Removing Last Exchange Server Using Command Line

Once the uninstall has finished, let's go back and look at the properties of the CN=Microsoft Exchange container to see if there are any changes.

Note that we are not able to get the properties of the container, an error is returned.

Removing Last Exchange Server Using Command Line. Now You See It....

After a refresh, note that it is totally gone, and is not present at all in the CN=Services hierarchy.

Removing Last Exchange Server Using Command Line. Now You Don't

Note though that while some things in AD can be removed, some things can not be deleted.  Changes to the schema are one example. Even after Exchange has been uninstalled those changes can not be deleted.  At best you can deactivate the custom classes that you added.

In short: Uninstalling the last Exchange server removes the organization.

 

Cheers,

Rhoderick

 

 

Uninstalling Last Exchange Server - Detailed Steps

For those that are interested the below outlines the steps which are required to uninstall the last server.

You can not just uninstall the last Exchange server without removing multiple mailboxes etc.  All of these items need to be cleaned up before setup allows the uninstallation routine to continue.

For example, if we try to uninstall without doing the necessary work it fails.  This is shown below.

setup.exe /IAcceptExchangeServerLicenseTerms /Mode:Uninstall

Unable To Uninstall Last Exchange Server - This mailbox database contains one or more mailboxes

Uninstall can't continue. Errors:
This mailbox database contains one or more mailboxes, mailbox plans, archive mailboxes, public folder mailboxes or arbitration mailboxes, Audit mailboxes. To get a list of all mailboxes in this
database, run the command Get-Mailbox -Database <Database ID>. To get a list of all mailbox plans in this database, run the command Get-MailboxPlan. To get a list of archive mailboxes in this database, run the command Get-Mailbox -Database
<Database ID> -Archive. To get a list of all public folder mailboxes in this database, run the command Get-Mailbox -Database <Database ID> -PublicFolder. To get a list of all arbitration mailboxes in this database, run the command
Get-Mailbox -Database <Database ID> -Arbitration. To get a list of all Audit mailboxes in this database, run the command Get-Mailbox -Database <Database ID> -AuditLog. To disable a non-arbitration mailbox so that you can delete the
mailbox database, run the command Disable-Mailbox <Mailbox ID>. To disable an archive mailbox so you can delete the mailbox database, run the command Disable-Mailbox <Mailbox ID> -Archive. To disable a public folder mailbox so that you
can delete the mailbox database, run the command Disable-Mailbox <Mailbox ID> -PublicFolder. To disable a Audit mailbox so that you can delete the mailbox database, run the command Get-Mailbox -AuditLog | Disable-Mailbox. Arbitration
mailboxes should be moved to another server; to do this, run the command New-MoveRequest <parameters>. If this is the last server in the organization, run the command Disable-Mailbox <Mailbox ID> -Arbitration
-DisableLastArbitrationMailboxAllowed to disable the arbitration mailbox. Mailbox plans should be moved to another server; to do this, run the command Set-MailboxPlan <MailboxPlan ID> -Database <Database ID>. It was running the
command 'Remove-MailboxDatabase 'CN=Mailbox Database 0449210338,CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Wingtiptoys,CN=Microsoft xchange,CN=Services,CN=Configuration,DC=Wingtiptoys,DC=ca' -whatif'.

For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.UnwillingToRemoveMailboxDatabase.aspx

Need to remove:

  • Mailboxes
  • Arbitration Mailboxes
  • Audit Mailboxes

Before you waste time re-running Exchange setup many times, test to see if all the resources have been removed from the last mailbox database in the org.  For example:

Remove-MailboxDatabase "Mailbox Database 0449210338" -WhatIf

Note the -WhatIf switch has been added.

We will use  Disable-Mailbox to go through and disable the remaining mailboxes.

Get-Mailbox | Disable-Mailbox

In order to remove the arbitration mailboxes, we need to add in the DisableLastArbitrationMailbox parameter.

However, it did not like the pipline input.

Get-Mailbox –Arbitration | Disable-Mailbox -DisableLastArbitrationMailboxAllowed

Unable To Pipeline Input To Disable All Arbitration Mailboxes

So Let's get a list of them, and then remove one at at a time.

Disable Arbitration Mailbox One By One

Fleshing out the names from above, the commands used were:

Disable-Mailbox –Identity "SystemMailbox{1f05a927-b8b0-4318-a3af-9d3f0fee74a5}"      -Arbitration –DisableLastArbitrationMailboxAllowed -Confirm:$false
Disable-Mailbox –Identity "SystemMailbox{bb558c35-97f1-4cb9-8ff7-d53741dc928c}" -Arbitration –DisableLastArbitrationMailboxAllowed -DisableArbitrationMailboxWithOABsAllowed -Confirm:$false
Disable-Mailbox –Identity "SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9}"     -Arbitration –DisableLastArbitrationMailboxAllowed -Confirm:$false
Disable-Mailbox –Identity "Migration.8f3e7716-2011-43e4-96b1-aba62d229136"                -Arbitration –DisableLastArbitrationMailboxAllowed -Confirm:$false
Disable-Mailbox –Identity "FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042"        -Arbitration –DisableLastArbitrationMailboxAllowed -Confirm:$false
Disable-Mailbox –Identity "SystemMailbox{D0E409A0-AF9B-4720-92FE-AAC869B0D201}"         -Arbitration –DisableLastArbitrationMailboxAllowed -Confirm:$false
Disable-Mailbox –Identity "SystemMailbox{2CE34405-31BE-455D-89D7-A7C7DA7A0DAA}"       -Arbitration –DisableLastArbitrationMailboxAllowed -Confirm:$false

Removing the first one went well:

Disable Arbitration Mailbox One By One

Then the rest were removed.

Note at the end we check to see that there are no results found.

Checking No More Arbitration Mailboxes

Remove Audit Mailbox

Now that the arbitration mailboxes were removed, let's then remove the remaining special mailboxes, in this case it is the audit mailboxes that will be removed  next.

Get-Mailbox -AuditLog | Disable-Mailbox -Confirm:$false

Remove Audit Mailbox

Once we have the regular mailboxes, arbitration mailboxes and audit mailboxes removed then it is time to start the uninstall routing.

This is shown below.

Start Uninstall Of Last Exchange Server After All Arbitration And Audit Mailboxes Have Been Removed

Reboot to complete the process, and Exchange is uninstalled.

For reference, this is a portion of my setup log with a reference to Uninstall-ExchangeOranization.

[03/18/2021 00:16:17.0994] [2] Active Directory session settings for 'Remove-WERRegistryMarkers' are: View Entire Forest: 'True', Configuration Domain Controller: 'DC-1.Wingtiptoys.ca', Preferred Global Catalog: 'DC-1.Wingtiptoys.ca', Preferred Domain Controllers: '{ DC-1.Wingtiptoys.ca }'
[03/18/2021 00:16:17.0994] [2] User specified parameters:
[03/18/2021 00:16:17.0994] [2] Beginning processing Remove-WERRegistryMarkers
[03/18/2021 00:16:17.0995] [2] Ending processing Remove-WERRegistryMarkers
[03/18/2021 00:16:17.0996] [1] Finished executing component tasks.
[03/18/2021 00:16:17.0998] [1] Ending processing Uninstall-AdminToolsRole
[03/18/2021 00:16:18.0000] [0] Setup is determining what organization-level operations to perform.
[03/18/2021 00:16:18.0000] [0] Setup has detected a missing value. Setup is adding the value RemoveOrganization.
[03/18/2021 00:16:18.0000] [0] **************

[03/18/2021 00:16:18.0000] [0] Setup will run the task 'Uninstall-ExchangeOrganization'
[03/18/2021 00:16:18.0000] [1] Setup launched task 'Uninstall-ExchangeOrganization -DomainController 'DC-1.Wingtiptoys.ca' -RemoveOrganization $true'
[03/18/2021 00:16:18.0004] [1] Active Directory session settings for 'Uninstall-ExchangeOrganization' are: View Entire Forest: 'True', Configuration Domain Controller: 'DC-1.Wingtiptoys.ca', Preferred Global Catalog: 'DC-1.Wingtiptoys.ca', Preferred Domain Controllers: '{ DC-1.Wingtiptoys.ca }'
[03/18/2021 00:16:18.0004] [1] User specified parameters:  -DomainController:'DC-1.Wingtiptoys.ca' -RemoveOrganization:'True'
[03/18/2021 00:16:18.0004] [1] Beginning processing Uninstall-ExchangeOrganization
[03/18/2021 00:16:18.0012] [1] Loaded component 'Resource Property Schema Component' with 5 task information blocks from 'res://UpdateResourcePropertySchemaComponent.xml'
[03/18/2021 00:16:18.0017] [1] Loaded component 'Active Directory Schema' with 101 task information blocks from 'res://ADSchemaComponent.xml'
[03/18/2021 00:16:18.0030] [1] Loaded component 'Common Global AD Configuration' with 116 task information blocks from 'res://CommonGlobalConfig.xml'
[03/18/2021 00:16:18.0032] [1] Loaded component 'Transport Global AD Configuration' with 32 task information blocks from 'res://TransportGlobalConfig.xml'
[03/18/2021 00:16:18.0034] [1] Loaded component 'Bridgehead Global AD Configuration' with 10 task information blocks from 'res://BridgeheadGlobalConfig.xml'
[03/18/2021 00:16:18.0035] [1] Loaded component 'Client Access Global AD Configuration' with 11 task information blocks from 'res://ClientAccessGlobalConfig.xml'
[03/18/2021 00:16:18.0040] [1] Loaded component 'Mailbox Global AD Configuration' with 27 task information blocks from 'res://MailboxGlobalConfig.xml'
[03/18/2021 00:16:18.0042] [1] Loaded component 'Unified Messaging Global AD Configuration' with 4 task information blocks from 'res://UnifiedMessagingGlobalConfig.xml'
[03/18/2021 00:16:18.0044] [1] Loaded component 'PostPrepForest Global AD Configuration' with 9 task information blocks from 'res://PostPrepForestGlobalConfig.xml'
[03/18/2021 00:16:18.0046] [1] Loaded component 'Domain-specific AD Configuration' with 1 task information blocks from 'res://DomainGlobalConfig.xml'
[03/18/2021 00:16:18.0046] [1] Writing informational script to 'C:\ExchangeSetupLogs\Uninstall-ExchangeOrganization-20210317-2016180046275369279.ps1'
[03/18/2021 00:16:18.0047] [1] Executing: $RoleDomainController = 'DC-1.Wingtiptoys.ca'
[03/18/2021 00:16:18.0055] [1] Executing: $RoleInstallationMode = 'Uninstall'
[03/18/2021 00:16:18.0057] [1] Executing: $RoleInvocationID = '20210317-2016180046275369279'
[03/18/2021 00:16:18.0066] [1] Executing: $RoleIsDatacenter = $False
[03/18/2021 00:16:18.0068] [1] Executing: $RoleIsDatacenterDedicated = $False
[03/18/2021 00:16:18.0071] [1] Executing: $RoleIsPartnerHosted = $False
[03/18/2021 00:16:18.0073] [1] Executing: $RoleProductPlatform = 'amd64'
[03/18/2021 00:16:18.0075] [1] Executing: $RoleRemoveOrganization = $True
[03/18/2021 00:16:18.0087] [1] Reversing task list to uninstall for Exchange.
[03/18/2021 00:16:18.0087] [1] 7 tasks were found to run.
[03/18/2021 00:16:18.0087] [1] Processing component 'Domain-specific AD Configuration' (Configuring the domains for Exchange.).
[03/18/2021 00:16:18.0088] [1] Processing component 'PostPrepForest Global AD Configuration' (Configuring Exchange object versions.).
[03/18/2021 00:16:18.0088] [1] Processing component 'Unified Messaging Global AD Configuration' (Global Unified Messaging settings are being configured.).
[03/18/2021 00:16:18.0089] [1] Processing component 'Mailbox Global AD Configuration' (Configuring global mailbox settings.).
[03/18/2021 00:16:18.0089] [1] Processing component 'Client Access Global AD Configuration' (Configuring global client access settings.).
[03/18/2021 00:16:18.0090] [1] Processing component 'Bridgehead Global AD Configuration' (Configuring global Hub Transport settings.).
[03/18/2021 00:16:18.0090] [1] Processing component 'Transport Global AD Configuration' (Configuring global Transport settings.).
[03/18/2021 00:16:18.0090] [1] Processing component 'Common Global AD Configuration' (Creating Exchange configuration objects in Active Directory.).
[03/18/2021 00:16:18.0090] [1] Executing (non-critical):

Rhoderick Milne [MSFT]

Leave a Reply

Your email address will not be published. Required fields are marked *