Solved

Preferred DCs and GCs in an empty root AD forest

Posted on 2013-11-01
9
332 Views
Last Modified: 2013-11-05
Hello Everyone-
Client's Current Environment:
* Windows 2008 SP2 (not R2) running in 2003 mode. Empty Root with 3 child domains (We'll call them Child1, Child2, Child3)
* Exchange 2010 SP1

Exchange is installed in Child1. All user accounts with Exchange mailboxes reside in Child1.

I've noticed that some of the default DCs and GCs for all Exchange servers point to DCs/GCs in Child1, Child2 or Child3. I could have one HT server's primary DC be in Child3 and the other HT's primary DC be in Child1. I may have a mailbox server with a primary DC residing in the root.

I know that the preferred list is auto-generated by the Exchange Topology service which tells me that I may have a sites/subnets issue?

I've noticed that the DCs closest to Exchange are slammed (CPU >80% at all times) so is Exchange falling back to lesser utilized DCs?

What is the additional overhead (if any) by making LDAP queries against a DC/GC in Child3 or the root when all accounts reside in Child2?

Besides the client upgrading to R2 and Exchange updates (that's a given), what would be the best place to dive in and see what's going on?

As always, thanks for any and all assistance!
Eric
0
Comment
Question by:Cymbaline65
  • 5
  • 4
9 Comments
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39617009
Sounds like it could be a combination of sites and services and the domain controllers being overloaded so don't respond quick enough.

Exchange will basically use the first DC/GC to respond, so if the closest are under load, another remote one may well respond first.

I would start though by checking that AD sites and services are configured correctly, which will limit Exchange from going out of site (not completely, but it takes care of most issues).

As for it being an issue - that depends on the latency on the connections.

Simon.
0
 

Author Comment

by:Cymbaline65
ID: 39617368
Thanks for your response, Simon.
I'll start with some latency tests against the local DCs to Exchange and report back the results.
Stay tuned.
0
 

Author Comment

by:Cymbaline65
ID: 39617692
Simon-
I have not got to the latency tests but it does appear that these DCs from all child domains do reside in the same subnet. Also, then the Exchange Topology service runs, it will change the preferred DC/GC quite frequently. Sometimes it will be a Child2 DC, sometimes Child3, sometimes root.
Eric
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39618650
If they are all in the same subnet, then there is probably little you can do.
Exchange will use the first one to respond, and it will be any of the domain controllers in the site.
Although it is an unusual configuration - most times I see child domains there are in different sites. Therefore I am not completely sure how Exchange would react in that scenario.

Simon.
0
 

Author Comment

by:Cymbaline65
ID: 39621496
Well Simon, average LDAP response times of the DCs that service Exchange are 10ms or less (this from my Quest Spotlight on AD console.)
I have not found any info on the whole DCs from different domains on the same subnet and how it could affect Exchange. Like you, this was a first for me.
I can't see how it could be best practice but by the same token, it is really affecting Exchange performance?
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 39624891
Considering that Exchange operates at the forest level, the only thing it is concerned with is AD sites and services and finding another domain controller in the same site as it. Therefore if the sites are configured correctly the fact that it is going across to another domain (in the same site) shouldn't matter, particularly as the latency is so low.

The question of best practise would have to be directed at the AD configuration, rather than Exchange. Having multiple child domains on the same subnet is unusual (although probably not unheard of). Without a reconfiguration of the AD/network though, I don't think you are going to be able to do much about it - other than hard coding DCs in Exchange - which certainly isn't considered best practise.

Simon.
0
 

Author Comment

by:Cymbaline65
ID: 39624902
Thanks, Simon. So, just to be clear, it is NOT considered best practice to hard-code DCs in Exchange? I've seen plenty of articles on it. Have not read them all but the few I have didn't say that explicitly.
If it is not best practice, what is the reason? (or send me a link). I just need to encapsulate all this in my findings.
Thanks again!
Eric
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39624932
It isn't best practise for the simple reason that if that DC goes away for any reason, Exchange will not try and find another DC to use. I have seen it before where people have hard coded a DC, forgotten it has been done (or was done by a previous admin) removed the DC and then wondered why Exchange is dead in the water.

The closest I can find to the advice on hard coding is this:
http://support.microsoft.com/kb/2619379

Simon.
0
 

Author Closing Comment

by:Cymbaline65
ID: 39624949
Makes sense. I didn't find much on the AD side to things regarding this but I'll keep digging.
0

Join & Write a Comment

Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This video discusses moving either the default database or any database to a new volume.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now