XADM: What to do if the Service Account is Deleted

- Microsoft Exchange Server, version 4.0 - Microsoft Exchange Server, version 5.0

SUMMARY

The Microsoft Exchange services require a Windows NT domain account to start. This account is called the Microsoft Exchange Service Account. This article explains what to do if the Service Account is deleted by mistake.

MORE INFORMATION

The Service Account is given permissions on the Microsoft Exchange Directory during the setup process. The Service Account, by default, has permissions over all objects in the Directory. Windows NT accounts in the Directory are referred to by their SID values and not their names.

If the Service Account is deleted from the Windows NT Accounts database, none of the Microsoft Exchange services will be able to start. Even if this Service Account is recreated with the identical name and password, the SID value associated with this account will not be the same as that of the previous account. Thus, when a Microsoft Exchange service tries to start, using this new account, because the SID value of this new account is different from that saved in the Directory, the service will not have access to the Directory objects and will not be able to start.

RESOLUTION

The only recommended solution to this problem is to restore the Windows NT Security Database (SAM) from a recent backup. This will restore the deleted Service Account with its original SID value and all the Microsoft Exchange services will be able to start.

If a backup of the SAM is not available, the only other alternative is to reinstall Microsoft Exchange Server on all servers affected by the loss of the Service Account.

It will be possible to save information from the Microsoft Exchange Information Store (PRIV.EDB and PUB.EDB) but the Directory will need to be recreated, resulting in the loss of all Directory specific information (custom recipients, distribution lists, mailbox details, connectors, and so forth).