Preparing to Decommission a DC, Exchange 2010 Shows it is Exclusively Using it as DC and GC
-
Do you see a setting that shows Exchange pointing to a DC? It really shouldn't work that way - unless the person who set it up specifically setup a specific AD server to answer Exchange quires (bad design).
-
This thread has several trouble shooting tips
https://social.technet.microsoft.com/Forums/exchange/en-US/62269213-6034-4c60-9b69-37eb302f5e5b/how-to-set-new-default-domain-controller-for-exchange?forum=exchange2010 -
This is the Exchange management console window you get when you click "Modify Configuration Domain Controller"
This is the output when running the Get-ADServerSettings | fl command in EMS to see the servers Exchange is using
-
Assuming you can afford a little downtime,
What happens when you unplug the old AD from the network?
Also, do the new DC's only point to each other for DNS? or do either of them point to the old AD box for DNS?
-
@Dashrender Currently, they point to each of the others. FP01 is the server that will be decommissioned.
On DC03:
Preferred- FP0 1
Alternate- DC03
Tertiary- DC01On DC01:
Preferred- DC03
Alternate- DC01
Tertiary- FP01On FP01 (to be decommissioned):
Preferred- DC03
Alternate- FP01
Tertiary- DC01 -
I'd start by removing FP01 from all DNS entries everywhere.
Again, double check DNS entries on the Exchange server itself - make sure it's not looking to FP01.Then open a command prompt, type NSLOOKUP and see what it uses as a server - should be whatever your primary DNS is, close the window.
Now unplug the FP01 server from the network and see What exchange does - if it works as desired, you're done. Plug the server back in, DCPromo it down.
I just ran the
Get-ADServerSettings | flcommand and it showed me two different AD servers for the different roles listed. Also, I have retired an AD since I installed Exchange and it never skipped a beat.
-
@Dashrender said:
I'd start by removing FP01 from all DNS entries everywhere.
Again, double check DNS entries on the Exchange server itself - make sure it's not looking to FP01.Then open a command prompt, type NSLOOKUP and see what it uses as a server - should be whatever your primary DNS is, close the window.
Now unplug the FP01 server from the network and see What exchange does - if it works as desired, you're done. Plug the server back in, DCPromo it down.
I just ran the
Get-ADServerSettings | flcommand and it showed me two different AD servers for the different roles listed. Also, I have retired an AD since I installed Exchange and it never skipped a beat.
The exchange server doesn't have FP01 specified in the NIC properties but, as indicated, it is the only server showing up when running the Get-ADServerSettings | fl command.
I have also checked the event log for event ID 2080 and found that Exchange sees all 3 of the DCs. I did find that the SACL Right was not set correctly on DC01 and DC03. A result of them having been added after the Exchange server. I modified the default domain controllers GPO to apply the correct permissions by adding the Exchange servers group to the "Manage auditing and security log" setting. Now the 2080 shows the SACL right as 1 for all DCs.
I don't know whether or not that has any bearing on the reason I posted because I have run the Get-ADServerSettings | fl command since the changes and it still only shows the FP01 server as the default.
-
As long as FP01 is online, why would you ever expect the response to Get-ADServerSettings to change?
For example, when you login from your workstation, the logon server is who your computer goes to for AD stuff until it's unavailable. I wouldn't expect anything different in Exchange.
-
@Dashrender said:
As long as FP01 is online, why would you ever expect the response to Get-ADServerSettings to change?
For example, when you login from your workstation, the logon server is who your computer goes to for AD stuff until it's unavailable. I wouldn't expect anything different in Exchange.
This is what I would do first.
Shut down DC and Exchange. The leaving the old DC off, turn Exchange back on.
Then see what you get.
-
@Dashrender said:
As long as FP01 is online, why would you ever expect the response to Get-ADServerSettings to change?
For example, when you login from your workstation, the logon server is who your computer goes to for AD stuff until it's unavailable. I wouldn't expect anything different in Exchange.
I was thinking that the following window would show all available DCs, not just one. Is that a thing?
-
@JaredBusch said:
@Dashrender said:
As long as FP01 is online, why would you ever expect the response to Get-ADServerSettings to change?
For example, when you login from your workstation, the logon server is who your computer goes to for AD stuff until it's unavailable. I wouldn't expect anything different in Exchange.
This is what I would do first.
Shut down DC and Exchange. The leaving the old DC of, turn Exchange back on.
Then see what you get.
Definitely an idea - do you think the reboot of Exchange will or should make a difference?
-
@wrx7m said:
@Dashrender said:
As long as FP01 is online, why would you ever expect the response to Get-ADServerSettings to change?
For example, when you login from your workstation, the logon server is who your computer goes to for AD stuff until it's unavailable. I wouldn't expect anything different in Exchange.
I was thinking that the following window would show all available DCs, not just one. Is that a thing?
Let me see if I can get to mine and look
-
@Dashrender said:
@JaredBusch said:
@Dashrender said:
As long as FP01 is online, why would you ever expect the response to Get-ADServerSettings to change?
For example, when you login from your workstation, the logon server is who your computer goes to for AD stuff until it's unavailable. I wouldn't expect anything different in Exchange.
This is what I would do first.
Shut down DC and Exchange. The leaving the old DC of, turn Exchange back on.
Then see what you get.
Definitely an idea - do you think the reboot of Exchange will or should make a difference?
Well, it will force it to auth to a different DC. He stated before that he had no mail while the old DC was down.
-
I will have to try the method @JaredBusch suggested when I have the ability to take the systems down.
-
well, looks like mine does show both my AD servers and GCs.
-
@Dashrender Interesting. I would try restarting the topology service on my Exchange server to see what happens but there are about 8 other services that are dependent on that. I am going to see if I can get away with doing it tonight or this weekend.
