If a hacker compromises the system Exchange Server runs on, immediately take corrective actions.
Options to mediate the hack include removing the system from the network, resetting all local account passwords and the passwords for the admin domain accounts, running antimalware software to clean the system or even taking the system offline.
But once a system has been hacked, it's hard to trust that system after restoring Exchange 2010. Even if you run antimalware and get a clean bill of health, there's always concern when something with your Exchange 2010 database misbehaves -- the hackers remain.
With Exchange Server's architecture, the physical servers are commodities that can be swapped out or replaced. To restore Exchange 2010 database, treat the hacked server as if it failed, and perform disaster recovery steps to replace it. This gives you a clean server with a fresh installation of Exchange 2010.
If your Mailbox server role is hacked, you should be concerned about potential data loss in end users' mailboxes. However, the restore procedures for data loss in Exchange require that you take appropriate steps before the attack to back up your data. Even a highly available Exchange Server deployment using database availability group members to create data redundancy doesn't suffice for all scenarios. Lagged database copies and backups enable you to recover Exchange from a rogue administrator or hacker's attack on your data.
Restore a corrupted domain account
What happens after restoring an Exchange backup?
Back up Exchange data to recovery storage groups
How to restore Exchange 2010 administrative permissions after a migration
Dig Deeper on Microsoft Exchange Server 2010
Related Q&A from Richard Luckett
Some folders in a mailbox on Exchange Server 2013 are not showing up on the folder list in the OWA virtual directory but do appear in other views. Continue Reading
We have a Client Access Server and Mailbox Server on Exchange 2013 and we want to install an Edge Transport role on another machine. I joined the ... Continue Reading
How can I enable Outlook Anywhere to allow internal use for all users and external use for only some users in Exchange 2013? Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.