Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

How to safely change the Domain Controller & Global Catalog servers being used by Exchange Server 2007 ?

Posted on 2014-03-30
15
Medium Priority
?
8,077 Views
2 Endorsements
Last Modified: 2014-05-30
Hi People,

After safely migrating the Exchange server into another datacenter, now I'm confused as to how to safely change the Exchange DC/GC without causing any downtime or email flow issue.

Because from the Exchange Management console, I cannot re-point the server into another domain controllers on the different site than the current exchange server is now using.

Where and how to safely change the Domain Controller and the Global Catalog servers configured with the Exchange Server 2007 SP3 ?

Thanks.
2
Comment
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 3
  • 2
  • +1
15 Comments
 
LVL 8

Author Comment

by:Senior IT System Engineer
ID: 39965731
Should I change the AD site in all of the Exchange Server first from the registry or do I need to change the DC/GC servers by using powershell command:

For the Mailbox Server:

Set-ExchangeServer -Identity PRODExcMBX1 -StaticConfigDomainController PRODDC1 -StaticGlobalCatalogs PRODDC1
Set-ExchangeServer -Identity PRODExcMBX1 -StaticConfigDomainController PRODDC2 -StaticGlobalCatalogs PRODDC2 

Open in new window


For the 2x HT-CAS servers:
Set-ExchangeServer -Identity PRODExcHT-CAS1 -StaticConfigDomainController PRODDC1 -StaticGlobalCatalogs PRODDC1
Set-ExchangeServer -Identity PRODExcHT-CAS1 -StaticConfigDomainController PRODDC2 -StaticGlobalCatalogs PRODDC2

Set-ExchangeServer -Identity PRODExcHT-CAS2 -StaticConfigDomainController PRODDC1 -StaticGlobalCatalogs PRODDC1
Set-ExchangeServer -Identity PRODExcHT-CAS2 -StaticConfigDomainController PRODDC2 -StaticGlobalCatalogs PRODDC2

Open in new window

0
 
LVL 12

Expert Comment

by:Tej Pratap Shukla ~Dexter
ID: 39965798
Hey there

You need to first ensure that active directories roles have been transferred to the new domain controlled/global catelog.So you need to change AD to the new server first.

The next step is to make sure that dc/gc information has been successfully replicated to the new one.After ensuring then you can turn off the old server this would ensure that you donot face any downtime or email flow issue.

The last step is to demote the old dc using "dcpromo".
Ensure that you follow each step carefully .
I hope this helps you.

Thanks
~Dex
0
 
LVL 19

Assisted Solution

by:suriyaehnop
suriyaehnop earned 1000 total points
ID: 39965801
I think before you do Exchange migration, the GC shall available on both data centre, do you?

If not, could promote one of DC at second dc to become a GC.

To enable GC:

http://support.microsoft.com/kb/296882
0
Veeam Task Manager for Hyper-V

Task Manager for Hyper-V provides critical information that allows you to monitor Hyper-V performance by displaying real-time views of CPU and memory at the individual VM-level, so you can quickly identify which VMs are using host resources.

 
LVL 8

Author Comment

by:Senior IT System Engineer
ID: 39965837
The new Data Center got different AD site, so the existing setting is as follows:

here's the site location mapping:

Old Office building:
Domain: COMPANY.local
AD Site: HQ-Office1-Site
DC/GC: oldDC1, oldDC2


New Data Center:
Domain: COMPANY.local
AD Site: DC-Production-Site
DC/GC: PRODDC1, PRODDC2

While the existing Exchange Server 2007 servers information that has been successfully migrated to the new Data Center are as follows:


PRODExcMBX1.company.local
AD Site: HQ-Office1-Site
DC/GC: oldDC1, oldDC2

PRODExcHT-CAS1.company.local
AD Site: HQ-Office1-Site
DC/GC: oldDC1, oldDC2

PRODExcHT-CAS2.company.local
AD Site: HQ-Office1-Site
DC/GC: oldDC1, oldDC2

as can be seen from the Production site above, all of them still resides on the old AD site, which steps that I need to do first in order to re-point the Exchange Server into the new DC/GC in the new Data Center without causing any downtime ?
0
 
LVL 8

Author Comment

by:Senior IT System Engineer
ID: 39965846
or shall do the following registry below first:


Hive: HKEY_LOCAL_MACHINE
Key: System\CurrentControlSet\Services\Netlogon\Parameters
Name: DC-Production-Site
Type: REG_SZ

followed by reboot before issuing the powershell command for all of the Exchange Servers ?

Set-ExchangeServer -Identity PRODExcMBX1 -StaticConfigDomainController PRODDC1 -StaticGlobalCatalogs PRODDC1
Set-ExchangeServer -Identity PRODExcMBX1 -StaticConfigDomainController PRODDC2 -StaticGlobalCatalogs PRODDC2 

Set-ExchangeServer -Identity PRODExcHT-CAS1 -StaticConfigDomainController PRODDC1 -StaticGlobalCatalogs PRODDC1
Set-ExchangeServer -Identity PRODExcHT-CAS1 -StaticConfigDomainController PRODDC2 -StaticGlobalCatalogs PRODDC2

Set-ExchangeServer -Identity PRODExcHT-CAS2 -StaticConfigDomainController PRODDC1 -StaticGlobalCatalogs PRODDC1
Set-ExchangeServer -Identity PRODExcHT-CAS2 -StaticConfigDomainController PRODDC2 -StaticGlobalCatalogs PRODDC2

Open in new window

0
 
LVL 37

Accepted Solution

by:
Mahesh earned 500 total points
ID: 39965847
Have you changed IP addresses \ subnets of Exchange servers to new data center ?

If not, I think then Exchange server is still reporting to old site and old domain controllers

check AD subnet to site assignment in active directory
By default Exchange will pickup domain controllers in his own site

You could change exchange server subnet mapped to old AD site to new data center AD site in active directory once your all client computers migrated to new data center

One way is to manually change that domain controller configuration on exchange server as per your earlier comment

Mahesh.
0
 
LVL 8

Author Comment

by:Senior IT System Engineer
ID: 39965868
Mahesh,

Yes, the Exchange Server migration has been done long time ago, now I need to decommission the oldDC1 and oldDC2 in the old building.

Yes, you are right, from the Exchange Management Console, I can see that all of the Exchange Servers are still pointing to oldDC1 and oldDC2 because they are still in the same AD Site.

So If I have to manually change the DC/GC, do I have to change the AD Site through registry first or that comes as the later process after reboot ?
0
 
LVL 12

Assisted Solution

by:Tej Pratap Shukla ~Dexter
Tej Pratap Shukla ~Dexter earned 500 total points
ID: 39965885
You need to first change AD site to "DC-Production-Site" through registry, then reboot
0
 
LVL 19

Assisted Solution

by:suriyaehnop
suriyaehnop earned 1000 total points
ID: 39965908
You can changed the AD Site via Active Directory Site and Services.

To change the Active Directory Site for Exchange

1. Note the subnet of where you Exchange belong.
2. Open Active Directory Site and Services.
3. Expend Site | At new site add new IP address subnet of your Exchange server.
0
 
LVL 8

Author Comment

by:Senior IT System Engineer
ID: 39965930
Dexter, thank you for the assistance,
So I guess In this case I need to do it on the following manner:

Hub Transport-ClientAccessServer role
PRODExcHT-CAS1
---- Reboot and use the powershell to check the AD DC /GC before statically change it----
PRODExcHT-CAS2
----Reboot and use the powershell to check the AD DC /GC before statically change it----

Recovery Mailbox Server role (CCR Passive Node)
RECOExcMBX1
----After the reboot, Failover to the Recovery Node, use the powershell to check the AD DC /GC before statically change it ----

Production Mailbox Server role (CCR Active Node)
PRODExcMBX1
----After the reboot, Failover back to the Active Node, use the powershell to check the AD DC /GC before statically change it----

is that sequence make sense to avoid email flow issue ?
0
 
LVL 8

Author Comment

by:Senior IT System Engineer
ID: 39965945
Hi suriyaehnop,

I've just confirmed from the "Active Directory Site and Services" console from RDP to my Exchange Mailbox server, expanding the Sites\Subnets 10.1.2.0/24 in General tab shows the AD site as "DC-Production-Site" the new AD site served by the new PRODDC1 and PRODDC2 AD/DC servers.

somehow the result from the command prompt running (nltest /dsgetsite) command from the PRODExcMBX1 shows the result as "HQ-Office1-Site" which is the old AD site served by the old oldDC1 and oldDC2 AD/DC servers.
0
 
LVL 12

Expert Comment

by:Tej Pratap Shukla ~Dexter
ID: 39965963
Yes that should work just fine .
Keep posting
0
 
LVL 8

Author Comment

by:Senior IT System Engineer
ID: 39970979
ok, just a question before I do the changes this weekend.

Why is that the Exchange Servers in the new data center is not changing its AD/DC and its  AD site to reflect the new IP address that was changed?
0
 
LVL 8

Author Comment

by:Senior IT System Engineer
ID: 40024622
where can I find the evidence of the hard coded of the AD site on the Exchange Server registry ?
0
 
LVL 8

Author Comment

by:Senior IT System Engineer
ID: 40026475
Ok, just the update for this case, I've found the issue in this article: http://technet.microsoft.com/en-us/library/aa995781(v=exchg.80).aspx

shall I just remove the registry key to make sure that the Exchange Server can use the AD sites defined in the IP sub net on the Active Directory Sites and Services ?

shall I remove the registry entry the SiteName registry value ?
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let's recap what we learned from yesterday's Skyport Systems webinar.
On September 18, Experts Exchange launched the first installment of the Help Bell, a new feature for Premium Members, Team Accounts, and Qualified Experts. The Help Bell will serve as an additional tool to help teams increase question visibility.
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question