Solved

How to safely change the Domain Controller & Global Catalog servers being used by Exchange Server 2007 ?

Posted on 2014-03-30
15
6,311 Views
2 Endorsements
Last Modified: 2014-05-30
Hi People,

After safely migrating the Exchange server into another datacenter, now I'm confused as to how to safely change the Exchange DC/GC without causing any downtime or email flow issue.

Because from the Exchange Management console, I cannot re-point the server into another domain controllers on the different site than the current exchange server is now using.

Where and how to safely change the Domain Controller and the Global Catalog servers configured with the Exchange Server 2007 SP3 ?

Thanks.
2
Comment
  • 9
  • 3
  • 2
  • +1
15 Comments
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 39965731
Should I change the AD site in all of the Exchange Server first from the registry or do I need to change the DC/GC servers by using powershell command:

For the Mailbox Server:

Set-ExchangeServer -Identity PRODExcMBX1 -StaticConfigDomainController PRODDC1 -StaticGlobalCatalogs PRODDC1
Set-ExchangeServer -Identity PRODExcMBX1 -StaticConfigDomainController PRODDC2 -StaticGlobalCatalogs PRODDC2 

Open in new window


For the 2x HT-CAS servers:
Set-ExchangeServer -Identity PRODExcHT-CAS1 -StaticConfigDomainController PRODDC1 -StaticGlobalCatalogs PRODDC1
Set-ExchangeServer -Identity PRODExcHT-CAS1 -StaticConfigDomainController PRODDC2 -StaticGlobalCatalogs PRODDC2

Set-ExchangeServer -Identity PRODExcHT-CAS2 -StaticConfigDomainController PRODDC1 -StaticGlobalCatalogs PRODDC1
Set-ExchangeServer -Identity PRODExcHT-CAS2 -StaticConfigDomainController PRODDC2 -StaticGlobalCatalogs PRODDC2

Open in new window

0
 
LVL 11

Expert Comment

by:Tej Pratap Shukla ~Dexter
ID: 39965798
Hey there

You need to first ensure that active directories roles have been transferred to the new domain controlled/global catelog.So you need to change AD to the new server first.

The next step is to make sure that dc/gc information has been successfully replicated to the new one.After ensuring then you can turn off the old server this would ensure that you donot face any downtime or email flow issue.

The last step is to demote the old dc using "dcpromo".
Ensure that you follow each step carefully .
I hope this helps you.

Thanks
~Dex
0
 
LVL 18

Assisted Solution

by:suriyaehnop
suriyaehnop earned 250 total points
ID: 39965801
I think before you do Exchange migration, the GC shall available on both data centre, do you?

If not, could promote one of DC at second dc to become a GC.

To enable GC:

http://support.microsoft.com/kb/296882
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 39965837
The new Data Center got different AD site, so the existing setting is as follows:

here's the site location mapping:

Old Office building:
Domain: COMPANY.local
AD Site: HQ-Office1-Site
DC/GC: oldDC1, oldDC2


New Data Center:
Domain: COMPANY.local
AD Site: DC-Production-Site
DC/GC: PRODDC1, PRODDC2

While the existing Exchange Server 2007 servers information that has been successfully migrated to the new Data Center are as follows:


PRODExcMBX1.company.local
AD Site: HQ-Office1-Site
DC/GC: oldDC1, oldDC2

PRODExcHT-CAS1.company.local
AD Site: HQ-Office1-Site
DC/GC: oldDC1, oldDC2

PRODExcHT-CAS2.company.local
AD Site: HQ-Office1-Site
DC/GC: oldDC1, oldDC2

as can be seen from the Production site above, all of them still resides on the old AD site, which steps that I need to do first in order to re-point the Exchange Server into the new DC/GC in the new Data Center without causing any downtime ?
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 39965846
or shall do the following registry below first:


Hive: HKEY_LOCAL_MACHINE
Key: System\CurrentControlSet\Services\Netlogon\Parameters
Name: DC-Production-Site
Type: REG_SZ

followed by reboot before issuing the powershell command for all of the Exchange Servers ?

Set-ExchangeServer -Identity PRODExcMBX1 -StaticConfigDomainController PRODDC1 -StaticGlobalCatalogs PRODDC1
Set-ExchangeServer -Identity PRODExcMBX1 -StaticConfigDomainController PRODDC2 -StaticGlobalCatalogs PRODDC2 

Set-ExchangeServer -Identity PRODExcHT-CAS1 -StaticConfigDomainController PRODDC1 -StaticGlobalCatalogs PRODDC1
Set-ExchangeServer -Identity PRODExcHT-CAS1 -StaticConfigDomainController PRODDC2 -StaticGlobalCatalogs PRODDC2

Set-ExchangeServer -Identity PRODExcHT-CAS2 -StaticConfigDomainController PRODDC1 -StaticGlobalCatalogs PRODDC1
Set-ExchangeServer -Identity PRODExcHT-CAS2 -StaticConfigDomainController PRODDC2 -StaticGlobalCatalogs PRODDC2

Open in new window

0
 
LVL 36

Accepted Solution

by:
Mahesh earned 125 total points
ID: 39965847
Have you changed IP addresses \ subnets of Exchange servers to new data center ?

If not, I think then Exchange server is still reporting to old site and old domain controllers

check AD subnet to site assignment in active directory
By default Exchange will pickup domain controllers in his own site

You could change exchange server subnet mapped to old AD site to new data center AD site in active directory once your all client computers migrated to new data center

One way is to manually change that domain controller configuration on exchange server as per your earlier comment

Mahesh.
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 39965868
Mahesh,

Yes, the Exchange Server migration has been done long time ago, now I need to decommission the oldDC1 and oldDC2 in the old building.

Yes, you are right, from the Exchange Management Console, I can see that all of the Exchange Servers are still pointing to oldDC1 and oldDC2 because they are still in the same AD Site.

So If I have to manually change the DC/GC, do I have to change the AD Site through registry first or that comes as the later process after reboot ?
0
 
LVL 11

Assisted Solution

by:Tej Pratap Shukla ~Dexter
Tej Pratap Shukla ~Dexter earned 125 total points
ID: 39965885
You need to first change AD site to "DC-Production-Site" through registry, then reboot
0
 
LVL 18

Assisted Solution

by:suriyaehnop
suriyaehnop earned 250 total points
ID: 39965908
You can changed the AD Site via Active Directory Site and Services.

To change the Active Directory Site for Exchange

1. Note the subnet of where you Exchange belong.
2. Open Active Directory Site and Services.
3. Expend Site | At new site add new IP address subnet of your Exchange server.
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 39965930
Dexter, thank you for the assistance,
So I guess In this case I need to do it on the following manner:

Hub Transport-ClientAccessServer role
PRODExcHT-CAS1
---- Reboot and use the powershell to check the AD DC /GC before statically change it----
PRODExcHT-CAS2
----Reboot and use the powershell to check the AD DC /GC before statically change it----

Recovery Mailbox Server role (CCR Passive Node)
RECOExcMBX1
----After the reboot, Failover to the Recovery Node, use the powershell to check the AD DC /GC before statically change it ----

Production Mailbox Server role (CCR Active Node)
PRODExcMBX1
----After the reboot, Failover back to the Active Node, use the powershell to check the AD DC /GC before statically change it----

is that sequence make sense to avoid email flow issue ?
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 39965945
Hi suriyaehnop,

I've just confirmed from the "Active Directory Site and Services" console from RDP to my Exchange Mailbox server, expanding the Sites\Subnets 10.1.2.0/24 in General tab shows the AD site as "DC-Production-Site" the new AD site served by the new PRODDC1 and PRODDC2 AD/DC servers.

somehow the result from the command prompt running (nltest /dsgetsite) command from the PRODExcMBX1 shows the result as "HQ-Office1-Site" which is the old AD site served by the old oldDC1 and oldDC2 AD/DC servers.
0
 
LVL 11

Expert Comment

by:Tej Pratap Shukla ~Dexter
ID: 39965963
Yes that should work just fine .
Keep posting
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 39970979
ok, just a question before I do the changes this weekend.

Why is that the Exchange Servers in the new data center is not changing its AD/DC and its  AD site to reflect the new IP address that was changed?
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 40024622
where can I find the evidence of the hard coded of the AD site on the Exchange Server registry ?
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 40026475
Ok, just the update for this case, I've found the issue in this article: http://technet.microsoft.com/en-us/library/aa995781(v=exchg.80).aspx

shall I just remove the registry key to make sure that the Exchange Server can use the AD sites defined in the IP sub net on the Active Directory Sites and Services ?

shall I remove the registry entry the SiteName registry value ?
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Find out what you should include to make the best professional email signature for your organization.
This article explains how to install and use the NTBackup utility that comes with Windows Server.
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now