Exchange 2010 using wrong AD DC

stonneway used Ask the Experts™

We have an exchange 2010 box at a data centre alongside a windows 2008 AD server. They are connected via a vpn to the office where thre is another AD server.

The preferred AD server is set in Exchange 2010 to point to the co-lo windows 2008 AD server rather than the office AD server at the other end of the VPN. However, everything in Exchagne 2010 is dead slow; opening a users properties, particurlarly opening things like the send as permissions box, even listing the 200 users.

It's the same speed as it was before we put in place the co-lo windows 2008 AD server at the data centre. Before that time Exchange was using the office AD server over the VPN (which is very slow) and thus slowing down most exchange activities. The new AD server helped a lot for about 2 months but now the Exchange activities have ground to a halt.

If the preferred AD server is still showing as bveing correct is there another way that we can find what AD server is actually being used? Im assuming the word "preferred" indicates that that server wont always be used for AD lookups.

Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Do you have separate AD sites for each location?  Is a DC in each location configured as a global catalog?  Is DNS running on both DCs?
This shows you how to pick the Domain Controller for your Exchange box:
look for event id 2080 which shows the AD exchange is tryingt o communicate to
you can force Exchange to use perticular AD server by doing:

set-Exchangeserver -StaticDomainControllers 'identity of ad to be used" -StaticGlobalCatalogs "identity of Ad to be used"
Fundamentals of JavaScript

Learn the fundamentals of the popular programming language JavaScript so that you can explore the realm of web development.


esmith, we have two sites in AD Sites and Services. Two subnets. One subnet assigned to each site. Each site has one DC in it, each is a GC. Both servers run DNS and the Exchange is set to use its local GC as the DNS *not* the office one.

Bill_lynch, that link was for Exchange 2003. This is Exchange 2010.

Narayan_singh. I used that command and will let you know how it works.


narayan_singh, the event 2080 shows this;

Process MAD.EXE (PID=4244). Exchange Active Directory Provider has discovered the following servers with the following characteristics:
 (Server name | Roles | Enabled | Reachability | Synchronized | GC capable | PDC | SACL right | Critical Data | Netlogon | OS Version)
hosted_AD.mydomain.local      CDG 1 7 7 1 0 1 1 7 1
office_AD.mydomain.local      CDG 1 7 7 1 0 1 1 7 1

So it looks like it IS using the AD server nearest the Exchange server, but I then can't understand why it's running at the speed of the AD server on the other end of the VPN.


Are there any errors in the event logs that correspond to periods of slow access?  Have you run the Exchange best practices wizard yet?  I know these are both kind of long shots, but it's difficult to know what else to suggest since it sounds like Exchange is definitely using the correct DC.
The issue may not necessarily due to the connectivity, if it was connectivity ssue you would often see errors or warnings in application, the issue may be wth exchange server it self, use process monitor and see how the exchange performance is. try rebooting the server and see if it gives some relief.


Thanks esmith and Narayan. I'll run the EBPA as soon as we can to see whether something may have been missed. This was run post-setup but things change often here.

Narayan, would you know what kind of counters to look at that might result in that kind of slowness? Currently it's taking about 5 minutes to open the send as permissions wizard.


The EBPA returned fairly good results. However what I did notice was that the first screen of the Exchange console that shows the number of Exchange servers showed 2. However clicking on the link took me to the server org page which only showed one server.

We had some time ago migrated from Exchange 2007 to 2010. I ran the Health Consistancy checker thingy on the 2010 box and the number of servers returned to normal (1). Since then the server has been running really smoothly.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial