Migrating an Exchange Server to the Cloud? What could possibly go wrong?
Or how a Reg reader battled the dark heart of Active Directory and lived to tell the tale
Who, Me? The weekend is over so ease yourself into the working week with a few words guaranteed to strike fear into the bravest Who, Me? reader: "We were moving to Office 365..."
Today's bang-up-to-date tale of migration mischief comes from a reader we'll call "Ben", who swears the following events were not his doing; he only dealt with the consequences.
Ben's oh-so-trendy company was migrating its ageing on-premises Microsoft Exchange server to the wondrous world of Microsoft's cloud, and things were going swimmingly.
Ben explained: "We had set up the Office 365 accounts but were still using the internal Exchange Server.
"Over the weekend, the mailbox contents of all users were moved, and the DNS entries were changed."
So far, so good. The migration to a cloudy future was going well: "Test messages were sent, and everything seemed to be working correctly."
Being a sensible outfit, Ben's company left the old Exchange Server in place but, after a period running with Office 365, "it was now time to remove the internal Exchange Server."
Active Directory admins of a nervous disposition (and let's face it, are there any other sort?) should look away now.
"First we removed all the users from the internal Exchange Server, with the belief that that would clean up the entries in Active Directory."
The team were sort of right, as Ben explained: "We did not know that removing the users from Exchange would automatically disable the users in Active Directory."
At this point, we should reveal that the Canada-based company in question was a Microsoft Certified Partner.
And as for the company's IT?
"Everything then broke, no one could log in, no user accounts were left enabled that had administrator privileges.
"We had no method that could be used to re-enable the users."
We had a chat with some friendly Microsoft folk about how this sort of cockup could even be possible. After a bit of shuffling of feet (and one denying all knowledge of the dark art of Active Directory administration) we were told that, yes, it could happen.
As users stared at useless login screens, Ben and his team floundered for a few hours, trying to work out how to restore access.
The clue was in the word "restore" as one bright spark remembered there was a user account named "backup" used, well, to do backups.
It had been missed in the Exchange account purge and so was still active.
And the Linux connection? The Microsoft Certified Partner used a server running the open-source operating system to perform backup duties.
The backup software used that Active Directory account, which just so happened to have enough privileges to re-enable the Windows users via Linux LDAP tools.
After all, these days Microsoft just loves open source, right?
Ever snatched victory from the slavering jaws of cloudy defeat? Of course you have – send an email to Who, Me? and tell us all about it. ®