Solved

Exchange 2010 distribution list and user routing - DC selected

Posted on 2012-03-19
3
887 Views
Last Modified: 2012-04-11
I was having an issue with some email being delivered to some distribution groups. I started looking into the issue and found some interesting information.

A quick rundown of the environment. We have one forest with 2 domains. We currently have a mixed 2003 and 2010 Exchange environment, one 2003 server and one 2010 server. We currently have 3 sites.

Site 1 - All machines are part of domain.com (including several DCs for domain.com), with exception of one DC that is a DC for subdomain.domain.com.
Site 2 - All machines are in domain.com, and contains 2 DCs for domain.com
Site 3 - All machines are part of subdomain.domain.com, including 2 DCs for subdomain.domain.com

Now the issue that we were having was that some emails sent to this DL were received, some were not. I looked into this issue using message tracking. I found that all of the emails sent to this DL, DL1@domain.com, were being received by the 2010 server. However not all of the emails were being received by the members of this list. I found several messages sent to DL1@domain.com that failed to expand the user correctly, because instead of using the DC that was part of domain.com, it was using the DC that was part of subdomain.domain.com.

Now I found that DL1@domain.com was not a universal DL, and that seemed to be what was causing it to fail. Changing it to a Universal group now expands correctly even when it is expanded against the DC that is part of subdomain.domain.com.

Now after seeing this, I have a few questions about how this process is handled to make sure that I dont have further issues.

1. How does Exchange 2010 decide what DC to use? From what I can tell it just takes whatever DC responds first in the site that it is located in?

2. Will this cause any issues with users that are in domain.com, if it expanding or routing against the DC from subdomain.domain.com? (I am assuming that users and groups are handled differently because I dont see any issues with the users)

3. What is the best practice here? I realize now that I should probably convert all of my DLs to Universal groups, does this sound correct?

Any other recommendations or input about things that I may be missing?
0
Comment
Question by:ryan80
  • 2
3 Comments
 
LVL 40

Expert Comment

by:Adam Brown
ID: 37739992
For your AD design, you should not mix Domain Controllers from Different Domains in the same site. Move the DC for subdomain.domain.com in Site 1 to a new AD site or to the other subdomain.domain.com site.

1. That's pretty much how it works. You can configure the Domain Controllers so that either one or the other handles all or most of the traffic, but there isn't really a way to define which DC is used. This is by design.
2. This shouldn't be a problem if the AD Sites are setup properly as mentioned earlier.
3. Exchange Distribution groups in 2007/2010 should be universal, yes.
0
 
LVL 12

Author Comment

by:ryan80
ID: 37740042
Why should I not mix domains within the same site? Sites are supposed to be physical representations of the domain. I have never seen anything recommending that multiple domains not be put in the same site. Not to doubt you, but do you have any documentation on this?
0
 
LVL 40

Accepted Solution

by:
Adam Brown earned 500 total points
ID: 37740069
AD Sites are used to provide Replication boundaries. But you're right. I thought it was a bad practice to have multiple domains in one site, but started digging to make sure after posting that (should have done it before :D) and it seems to be acceptable.

Realistically, though, the Exchange Server should only communicate with the Domain Controllers in the domain that it belongs to to get group membership. If the groups aren't universal, you can have problems if you have two Exchange Servers in different domains in the same site, but if you only have one Exchange server in the site and it belongs to one domain, it shouldn't be talking to the domain controller of the other domain. If it is, there's probably a misconfiguration somewhere.
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As tax season makes its return, so does the increase in cyber crime and tax refund phishing that comes with it
A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

713 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question