IT Consulting Company successfully exports Exchange mailboxes without using Exchange Server and AD
Foresight Information Systems is an IT consulting company based in Bedford, New Hampshire, US. It provides technology consulting, services and sales to small businesses. A client of Foresight was using Exchange Server 2016 with Windows Server 2012 as an on-premises setup.
A ransomware had attacked the server, corrupting the database and wiping all user accounts from Exchange. This situation disrupted email connectivity of 57 users in the client organization and could plausibly result in permanent loss of the users’ mailbox data.
IT administrator in the organization had maintained backup of the database, which was found in a restorable state. The administrator restored Exchange database from the backup, but, didn’t want to mount it, as it was not clear whether the recovered database was completely free from infection. So he didn’t want to take risk, as earlier, the ransomware had managed to breach spam and antivirus filtering while the database had been functioning.
A plausible solution for restoring email connectivity in this situation could be to extract individual mailboxes from the database file and remap them to user accounts in a new blank EDB file. This would take at least a few days and require significant manual efforts, affecting overall business productivity and having higher chances of error.Root Cause Analysis
Vulnerability analysis of the server setup found that the ransomware had exploited Windows systems hidden network shares that are primarily used for performing remote administrative operations on the server.
The malware had used network shares along with administrator-level Valid Accounts to access the networked system over server message block to corrupt the database and wipe user accounts from Exchange. Business Need
Foresight needed a solution that could speed up restoration of its client’s Exchange mailbox connectivity and reduce manual efforts. Solution
Foresight team was evaluating tools that could solve this problem when it came across Stellar Converter for EDB – a tool specializing in restoration of Exchange mailboxes without using Exchange Server and AD. It directly opens EDB file and exports mailboxes in PST format through a precise mailbox conversion mechanism.
A similar case describing use of the software for restoring mailboxes from an LTO archived EDB file gave Foresight team sufficient confidence to attempt a trial run.
The team kept Exchange Server offline and used Stellar Converter for EDB to scan the database file. A set of firewalls restricting specific inbound connections for file transfer was used to allow software access to the EDB file on offline server.
Stellar Converter for EDB was able to parse the database and further allowed extraction of the Exchange mailboxes as PST. Next, Foresight team used the software to also export the PST file to its client organization’s new cloud platform and import mailbox data in new user accounts. The tool helped Foresight in quick, precise, and hassle free restoration of Exchange mailbox connectivity for its client. Key Benefits
Stellar Converter for EDB helped Foresight to reinstate access to client’s Exchange database while saving several days of effort. The tool served reliably throughout the EDB to PST conversion task, and it also helped client organization to export mailboxes to user accounts on cloud.