Maxim_Kazmin - Fotolia

Problem solve Get help with specific problems with your technologies, process and projects.

How do I restore my Exchange 2010 database after a hack?

Hackers corrupted my Exchange 2010 files, so now I can't open them. How can I restore my server and prevent this from happening again?

If a hacker compromises the system Exchange Server runs on, immediately take corrective actions.

Options to mediate the hack include removing the system from the network, resetting all local account passwords and the passwords for the admin domain accounts, running antimalware software to clean the system or even taking the system offline.

But once a system has been hacked, it's hard to trust that system after restoring Exchange 2010. Even if you run antimalware and get a clean bill of health, there's always concern when something with your Exchange 2010 database misbehaves -- the hackers remain.

With Exchange Server's architecture, the physical servers are commodities that can be swapped out or replaced. To restore Exchange 2010 database, treat the hacked server as if it failed, and perform disaster recovery steps to replace it. This gives you a clean server with a fresh installation of Exchange 2010.

Microsoft provides the following restore procedures:

Activate a lagged mailbox database copy

Using Windows Server Backup to restore Exchange data

If your Mailbox server role is hacked, you should be concerned about potential data loss in end users' mailboxes. However, the restore procedures for data loss in Exchange require that you take appropriate steps before the attack to back up your data. Even a highly available Exchange Server deployment using database availability group members to create data redundancy doesn't suffice for all scenarios. Lagged database copies and backups enable you to recover Exchange from a rogue administrator or hacker's attack on your data.

Next Steps

Restore a corrupted domain account

What happens after restoring an Exchange backup?

Back up Exchange data to recovery storage groups

How to restore Exchange 2010 administrative permissions after a migration

Dig Deeper on Exchange Server setup and troubleshooting

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

What plans do you have in place to protect your Exchange database?
This is a poor article that is hyped to attract people to read it (click bait, in other words). Why focus on Exchange 2010 and not Exchange 2013, 2016, or even 2007? Is there something strange about Exchange 2010 databases that attract hackers? And why focus on Exchange at all? If a hacker penetrates an internal server (and all Exchange servers should be in the internal zone, well away from the Internet), then it's a more serious problem because other targets are easier to compromise and more likely to be stolen. For example, documents stored in network shares. Or even SharePoint libraries. Going after an Exchange database seems like a tall story to me, a feeling backed up by the fact that no example of where such a thing had happened is described. Not good.