Solved

Preferred DCs and GCs in an empty root AD forest

Posted on 2013-11-01
9
333 Views
Last Modified: 2013-11-05
Hello Everyone-
Client's Current Environment:
* Windows 2008 SP2 (not R2) running in 2003 mode. Empty Root with 3 child domains (We'll call them Child1, Child2, Child3)
* Exchange 2010 SP1

Exchange is installed in Child1. All user accounts with Exchange mailboxes reside in Child1.

I've noticed that some of the default DCs and GCs for all Exchange servers point to DCs/GCs in Child1, Child2 or Child3. I could have one HT server's primary DC be in Child3 and the other HT's primary DC be in Child1. I may have a mailbox server with a primary DC residing in the root.

I know that the preferred list is auto-generated by the Exchange Topology service which tells me that I may have a sites/subnets issue?

I've noticed that the DCs closest to Exchange are slammed (CPU >80% at all times) so is Exchange falling back to lesser utilized DCs?

What is the additional overhead (if any) by making LDAP queries against a DC/GC in Child3 or the root when all accounts reside in Child2?

Besides the client upgrading to R2 and Exchange updates (that's a given), what would be the best place to dive in and see what's going on?

As always, thanks for any and all assistance!
Eric
0
Comment
Question by:Cymbaline65
  • 5
  • 4
9 Comments
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39617009
Sounds like it could be a combination of sites and services and the domain controllers being overloaded so don't respond quick enough.

Exchange will basically use the first DC/GC to respond, so if the closest are under load, another remote one may well respond first.

I would start though by checking that AD sites and services are configured correctly, which will limit Exchange from going out of site (not completely, but it takes care of most issues).

As for it being an issue - that depends on the latency on the connections.

Simon.
0
 

Author Comment

by:Cymbaline65
ID: 39617368
Thanks for your response, Simon.
I'll start with some latency tests against the local DCs to Exchange and report back the results.
Stay tuned.
0
 

Author Comment

by:Cymbaline65
ID: 39617692
Simon-
I have not got to the latency tests but it does appear that these DCs from all child domains do reside in the same subnet. Also, then the Exchange Topology service runs, it will change the preferred DC/GC quite frequently. Sometimes it will be a Child2 DC, sometimes Child3, sometimes root.
Eric
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39618650
If they are all in the same subnet, then there is probably little you can do.
Exchange will use the first one to respond, and it will be any of the domain controllers in the site.
Although it is an unusual configuration - most times I see child domains there are in different sites. Therefore I am not completely sure how Exchange would react in that scenario.

Simon.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 

Author Comment

by:Cymbaline65
ID: 39621496
Well Simon, average LDAP response times of the DCs that service Exchange are 10ms or less (this from my Quest Spotlight on AD console.)
I have not found any info on the whole DCs from different domains on the same subnet and how it could affect Exchange. Like you, this was a first for me.
I can't see how it could be best practice but by the same token, it is really affecting Exchange performance?
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 39624891
Considering that Exchange operates at the forest level, the only thing it is concerned with is AD sites and services and finding another domain controller in the same site as it. Therefore if the sites are configured correctly the fact that it is going across to another domain (in the same site) shouldn't matter, particularly as the latency is so low.

The question of best practise would have to be directed at the AD configuration, rather than Exchange. Having multiple child domains on the same subnet is unusual (although probably not unheard of). Without a reconfiguration of the AD/network though, I don't think you are going to be able to do much about it - other than hard coding DCs in Exchange - which certainly isn't considered best practise.

Simon.
0
 

Author Comment

by:Cymbaline65
ID: 39624902
Thanks, Simon. So, just to be clear, it is NOT considered best practice to hard-code DCs in Exchange? I've seen plenty of articles on it. Have not read them all but the few I have didn't say that explicitly.
If it is not best practice, what is the reason? (or send me a link). I just need to encapsulate all this in my findings.
Thanks again!
Eric
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39624932
It isn't best practise for the simple reason that if that DC goes away for any reason, Exchange will not try and find another DC to use. I have seen it before where people have hard coded a DC, forgotten it has been done (or was done by a previous admin) removed the DC and then wondered why Exchange is dead in the water.

The closest I can find to the advice on hard coding is this:
http://support.microsoft.com/kb/2619379

Simon.
0
 

Author Closing Comment

by:Cymbaline65
ID: 39624949
Makes sense. I didn't find much on the AD side to things regarding this but I'll keep digging.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now