Solved

Exchange 2003 and Domain Controllers

Posted on 2006-10-19
19
450 Views
Last Modified: 2012-06-21
I have 3 exchange 2003 servers and 1 AD server (separate box)
Exchange1 – First Exchange Server – Role: domain controller
Exchange2 – Role: Server
Exchange3 – Role: Server
I’m taking out the Exchange1 (the first exchange server) and went thru all the steps as per MS KB 822931 and 152959.
Do I need to change the role of Exchange2 to Domain controller? And if so, does anybody have any tips on how to go about this and will this affect Exchange in anyway?

Thank you.
0
Comment
Question by:davidndallas
  • 5
  • 4
  • 4
  • +2
19 Comments
 
LVL 10

Expert Comment

by:Chris_Gralike
ID: 17769571
please be more specific on what the roles are of the machines like   (company example)

{HOSTNAME}
     DNS
     DHCP
     WINS
     PDCE
     RID
     IFM
     DNM
     FM
     File Server
    Print Server

{HOSTNAME2}
     Exchange Server (First Administrative Group)
     OWA
     OMA

{HOSTNAME3)
     MSSQL 2005 Server
     MOSS BACKEND

{HOSTNAME4}
     MOSS Front end
     
etc.

On the domain part, Is this server the only domain controller in your network? and if thats the case, yes it will definitly have a huge impact on exchange as programm. Better it will stop being a mail server... This because exchange relies heavly on the account data and meta data stored in the AD. All the logic on "who" the owner is of a mailbox object to what "is" the alias of a mail account comes from the AD. Exchange might best be considered an extension of your NOS (Network Opperating System) wich the AD actually is...

So please be more specific on what you are trying to do....

regards,
0
 

Author Comment

by:davidndallas
ID: 17769758
Thanks for the quick response.

What I'm trying to do is to take out the First Exchange server in the domain.
We are in a mixed enviroment - Linux and Windows 2000 and 2003
2 domains:
Domain1 - Linux (samba) and other windows server. Our DNS and DHCP is on Linux boxes
Domain2 - Windows2003 and Exchange2003 -- this domain was created for e-mail purposes only.:
      1. AD server -- does not do anything, since we were advised not to have AD server and Exchange2003 on the same box.
      2. Exchange1 --- First Exchange Server from the First Administrator Group - also has the role of Domain Controller
     Then we added:
      3. Exchange2 --- This is another server on the First Administrator Group - role is a server
      4. Exchange3 --- Another server added to the Frist Admistrator Group - role is a server

Exchange1 needs to be retired and taken our from Domain2. I need Exchange2 to take over the role of Exchange1.

Thanks.
0
 
LVL 13

Expert Comment

by:George Sas
ID: 17770148
2. Exchange1 --- First Exchange Server from the First Administrator Group - also has the role of Domain Controller
If this is a DC then I think you do have AD on this server.

What are the roles of this server ? Schema master ? PDC Emulator ?

If this server has any FSMO role I would suggest transfering it to another DC.
Afther that is done you can safely remove the DC from the domain.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17770715
do not promote a server that is an exchange server, things are likely to go haywire.....it is not reccomended at any stage to promote an existing exchange box to DC and vice versa, dont demote a DC that is running exchange
0
 

Author Comment

by:davidndallas
ID: 17771080
OK .. just read an article stating that I can't promote a server that is an exchange server ..from this article:
Overview of operating system and Active Directory requirements for Exchange Server 2003
http://support.microsoft.com/?kbid=822179

The AD Server (#1, see above) is manages the RID pools, a PDC emulator, a infrastructure master and the schema master and the domain naming operations master.

Does anybody have an suggestions on how I should take this Exchange1 out of my domain without breaking my exchange?

Thanks.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17771100
seeking some exchange help for you
0
 

Author Comment

by:davidndallas
ID: 17771154
Thank you .. one more thing .. is it necessary to make Exchange2 a domain controller. I already have one server, the AD Server (the #1 server).
In this domain we only have 2 Exchange and 1 Active Directory Server.

0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17771163
man i would have 2 DC's and one exchange box...but like i said above, you cannot promote or demote an exchange box without things goin NuuUuUuUts, i have mailed the two best people i know with exchange, hopefully they will be along shortly
0
 
LVL 39

Expert Comment

by:redseatechnologies
ID: 17771176
You cannot change the Domain Controller role of an Exchange server.

I would get exchange of server1 (move mailboxes, public folders, etc over over to the other servers)
then uninstall it totally -> http://support.microsoft.com/kb/822931/

Once exchange is off, then build another domain controller (no from server 2 or 3, you will need a new server)

Move all the roles to that new domain controller, and then configure exchange in 2 and 3 to point at the new server for RUS and DNS, etc.

DCPromo server1 down to a member server, and shut it off - then ensure exchange works and then you can wipe server 1

-red
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 

Author Comment

by:davidndallas
ID: 17771326

--- "I would get exchange of server1 (move mailboxes, public folders, etc over over to the other servers)
then uninstall it totally -> http://support.microsoft.com/kb/822931/ "------- Yes, I've already done this. The only thing that I cannot do was removing the Exchange 2003 from this server. It is not showing as one of the components installed. This is the reason why I want to start over with this Exchange1 Server. I want to wipe it and start over again.

---"Once exchange is off, then build another domain controller" ----- is another domain controller necessary since I already have one, the one I called the AD Server (see above comments on its roles)?

Thank you.
0
 
LVL 39

Expert Comment

by:redseatechnologies
ID: 17771389
Sorry, I can see you used that guide now - I missed it as it wasn't a link

If you are ready to get rid of server 1, use this to remove exchange -> http://support.microsoft.com/kb/833396

All you need is a minimum of 1 domain controller - my recommendation to build another was simply so that you at least had 1.

Jay has already said, and I agree, that you should have more than 1 DC - but 1 will work (as long as the server doesn't crash)

-red
0
 
LVL 13

Accepted Solution

by:
George Sas earned 400 total points
ID: 17771721
Sorry to jump in Jay_Jay70 but I have 15 DC's which are also Exchange servers in the same time and I never had a problem with them.
Install server > Promote to DC > Install Exchange.... works every time.

David :

To remove the server from the organisation simply move all your mailboxes from the Exchange to anouther exchange server , then move the public folders.
Replicate all public folders to another server
Rehome the Offline Address Book folder - if they are on this server
Change the server that is responsible for generating the Offline Address List - if it is on this server
Rehome the Schedule+ Free Busy folder
Rehome the Organization Forms folder
Rehome the Recipient Update Service
Create another Site Replication Service
Rehome connectors to another server - if you have any

Make sure the replication succeded and then remove the first server as replica.

Uninstall Exchange.

Then ALLOW some time for the replication to be completed trough the organisation.

Then before you demote the DC , make sure all the FSMO roles are transferred to another server and then just demote the machine.
Again , allow some time for the changes to replicate around the domain. (I would let this machine online for a day or two more)

Then I can see you removed this server after this guide : http://support.microsoft.com/kb/822931/
It is not a bad guide but the question is , was this your First Exchange server ??

If you can not find the exchange uninstall just run the setup from the CD and choose uninstall.

0
 
LVL 39

Expert Comment

by:redseatechnologies
ID: 17771757
You can install Exchange on a DC and it will work, but it is not recommended, or supported by Microsoft.

The problems that it causes mean that there are only 2 times when I will install exchange on a DC;

1. When it is SBS and I have no choice
2. When I have only 1 server

The problems include, but are not limited to;

Security concerns
Loss of redundancy (as exchange will only ever ask itself for domain information)
Long shutdown and restart times
Memory problems
Disaster recovery problems
Performance problems

The following sites may include more information, or will at the very least agree with me and give you more information as to why this is a problem.

http://www.petri.co.il/problems_with_exchange_2003_installed_on_domain_controllers.htm
http://articles.techrepublic.com.com/5100-1035-6070680.html
http://hellomate.typepad.com/exchange/2004/02/exchange_on_a_d.html

Long story short - if you have the option to not have exchange on a DC - TAKE IT

-red
0
 
LVL 13

Expert Comment

by:George Sas
ID: 17771776
Red , I did not said I would not like to have Exchange and DC separated , I just said it works ok. If I had an  option to not do it I would :)
0
 
LVL 39

Expert Comment

by:redseatechnologies
ID: 17771818
Jay never said to not have Exchange on a DC.

He said, don't change the role of a DC with Exchange on it - which is also true

Just making sure all is correct :)

-red
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17771877
Jump in all you like, thats what the boards are for.....best practices is to have exchange on a separate server......doesnt mean its the only way, its just best practice and i think this an example of why it is so....if you wanted to demote one of your exchange boxes that was a DC...you would be having a lovely time of it......I dont envy that setup

and Cheers Red :)
0
 
LVL 13

Expert Comment

by:George Sas
ID: 17771890
I know is the best practice not to have them both on one machine , but we are not always doing what the best practice says don't we ?
Iv'e been here in his situation about 10 times now when I had to replace hardware on all those Exchange / DC's ...
As you say , sometimes the operation is a pain , but at the end there was light every time and everything works.
0
 
LVL 10

Expert Comment

by:Chris_Gralike
ID: 17772297
Well i think i can only advice one thing, Make a planning and post it here to check if there is anything left out.

Just an example;

1. Plan a rollback scenario for the worst case situations
2. Secure the data that is likly to be affected and or secure it all (roll back?)
3. Write out a new configuration plan on both the Domain controllers and the resp. Exchange Instances
4. Define the dependancies of the new configuration to figure a logical order of approach.
5. Write out a logical plan of actions and define fases to test, accept the new configuration and where rollback
   to the previous situation is still possible. (demote is quite definite)
6. Think out a alternative in case the machines are not available (guarantee the information flow to the organisation)
7. Execute the plan...

Please leave out all "technical details" and only define the major steps. This will help you putting it all in context and small bits and pieces. This way you will know what to do and where you are. This will remove allot of stress and chaos from the job...

Next the technical steps can be defined if needed, but most should be hand on knowledge...

Regards,
0
 

Author Comment

by:davidndallas
ID: 17778344
Thanks to everybodys responses... I appreciate it .. I will definitely read up on all the links suggested and plan out my next action.

0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
Learn about cloud computing and its benefits for small business owners.
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now