Tuesday, November 17, 2015

Restoring Exchange 2013 After Restoring Broken Trust

Hi folks,

I have another adventure to be shared with you. I had an experience when my Exchange server has lost trust with the AD domain. It has been improperly rejoined back to AD by removing AD account to the computer and re-adding it back to the AD by creating a new AD object which resulted in the brand new SID and default group membership.

As you probably know Exchange 2013 (as other versions since 2000) keeps all its configuration settings in the Configuration partition in the AD. After such rejoin a server couldn't retrieve information from the AD and as the result it wasn't able to start any of services.

The resolution of this problem was simple add server back to the following Exchange-related security groups and restarting it (to update access ticket with groups' SIDs):

After server restart I noticed that all the services have restarted successfully and Test-ServiceHealth along the Event Viewer showed no error.

I hope you'll find it helpful.