Exchange 2013: How to completely remove all settings from Active Directory
Exchange 2013: How to completely remove all settings from Active Directory
If you want to completely wipe all traces of Exchange Server 2013 from your Active Directory then follow this simple instructions. This has worked thus far for me but perhaps I missed something so feel free to provide any feedback you may have.
Removing Exchange from AD is not something you might want to do carelessly. It should be obvious that wiping this information should be equivalent to starting your whole Exchange Infrastructure from scratch. This may result on losing mailboxes, emails, settings, email deliverability, etc. If you are familiar with the risks and understand what you are doing that’s fine, but if any of this sounds new to you then you should be most careful and seek professional help.
We are going to use the ADSIEdit tool which is used to edit Active Directory Metadata/Schema/etc. This is probably more delicate that messing with the Windows Registry so please proceed with extreme caution.
You’ll find this method is usually a last resort in some extreme cases like:
a) The uninstaller failed halfway and there is no power that can help you (or you were doing an initial enterprise installation and the installer failed halfway and now you have an unclean installation from which you can’t proceed)
or
b) You have a server that is kaput so you can’t run the uninstaller and remove it from AD (which in this case you might just want to remove some entries not entire subtrees like we’ll do here.)
I. Remove the entire Microsoft Exchange Configuration
First, open ADSIEdit (which you can find on your start menu. Once opened go to Action -> Connect to and there select Configuration like shown here:
Navigate to this path to delete the following two Exchange Subtrees:
- CN=Configuration,DC=DOMAIN,DC=LOCAL
- CN=Services
- CN=Microsoft Exchange (DELETE)
- CN=Microsoft Exchange Autodiscover (DELETE)
- CN=Services
Once you are done open the connection but this time to the “Default Naming Context” in order to delete the Exchange security groups and objects:
- CN=Default naming context,DC=DOMAIN,DC=LOCAL
- CN=Microsoft Exchange Security Groups (DELETE)
- CN=Microsoft Exchange Security Objects (DELETE)
II. Remove automatically generated users / groups
There are a few Active Directory users that are generated automatically by Exchange. Some serve as Discovery services, others are used to monitor the health of the system. Regardless these will no longer be needed if you have permanently removed Exchange from your organization:
- DiscoverySearch Mailbox{GUID}
- Exchange Online-ApplicationAccount
- FederatedEmail.GUID
- Migration.GUID
- *SystemMailbox{GUID}
- *HealthMailboxGUID
III. Remove settings from a server
If you have access to your Exchange server you can delete a few things to leave it almost in pre-Exchange state. I strongly suggest you simply start from a fresh Windows Installation as it is hard to truly leave a server in a pre-exchange state.
Delete the location you installed Exchange server:
C:\Program Files\Microsoft\Exchange Server
Remove all IIS sites created by Exchange Server:
Launch the IIS-Manager and delete the front and back end web sites.
Registry keys:
Just to name a few well known ones:
- HKLM\Software\Microsoft\ExchangeServer
- HKLM\CurrentControlSet\Services\MSExchange*
Love
Can we use Let's Encrypt, the free and open certificate authority?
Hola! gracias por la info, me sirvió el comando sacandole el nombre del server. En mi caso, fue una migración…
Yes 3rd option helped me too. I removed the WC key Values from config file then started working.
I know this is from 2014. But really, thank you!