Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 8446
  • Last Modified:

How to safely change the Domain Controller & Global Catalog servers being used by Exchange Server 2007 ?

Hi People,

After safely migrating the Exchange server into another datacenter, now I'm confused as to how to safely change the Exchange DC/GC without causing any downtime or email flow issue.

Because from the Exchange Management console, I cannot re-point the server into another domain controllers on the different site than the current exchange server is now using.

Where and how to safely change the Domain Controller and the Global Catalog servers configured with the Exchange Server 2007 SP3 ?

Thanks.
2
Senior IT System Engineer
Asked:
Senior IT System Engineer
  • 9
  • 3
  • 2
  • +1
4 Solutions
 
Senior IT System EngineerIT ProfessionalAuthor Commented:
Should I change the AD site in all of the Exchange Server first from the registry or do I need to change the DC/GC servers by using powershell command:

For the Mailbox Server:

Set-ExchangeServer -Identity PRODExcMBX1 -StaticConfigDomainController PRODDC1 -StaticGlobalCatalogs PRODDC1
Set-ExchangeServer -Identity PRODExcMBX1 -StaticConfigDomainController PRODDC2 -StaticGlobalCatalogs PRODDC2 

Open in new window


For the 2x HT-CAS servers:
Set-ExchangeServer -Identity PRODExcHT-CAS1 -StaticConfigDomainController PRODDC1 -StaticGlobalCatalogs PRODDC1
Set-ExchangeServer -Identity PRODExcHT-CAS1 -StaticConfigDomainController PRODDC2 -StaticGlobalCatalogs PRODDC2

Set-ExchangeServer -Identity PRODExcHT-CAS2 -StaticConfigDomainController PRODDC1 -StaticGlobalCatalogs PRODDC1
Set-ExchangeServer -Identity PRODExcHT-CAS2 -StaticConfigDomainController PRODDC2 -StaticGlobalCatalogs PRODDC2

Open in new window

0
 
Tej Pratap Shukla ~DexterCommented:
Hey there

You need to first ensure that active directories roles have been transferred to the new domain controlled/global catelog.So you need to change AD to the new server first.

The next step is to make sure that dc/gc information has been successfully replicated to the new one.After ensuring then you can turn off the old server this would ensure that you donot face any downtime or email flow issue.

The last step is to demote the old dc using "dcpromo".
Ensure that you follow each step carefully .
I hope this helps you.

Thanks
~Dex
0
 
suriyaehnopCommented:
I think before you do Exchange migration, the GC shall available on both data centre, do you?

If not, could promote one of DC at second dc to become a GC.

To enable GC:

http://support.microsoft.com/kb/296882
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
Senior IT System EngineerIT ProfessionalAuthor Commented:
The new Data Center got different AD site, so the existing setting is as follows:

here's the site location mapping:

Old Office building:
Domain: COMPANY.local
AD Site: HQ-Office1-Site
DC/GC: oldDC1, oldDC2


New Data Center:
Domain: COMPANY.local
AD Site: DC-Production-Site
DC/GC: PRODDC1, PRODDC2

While the existing Exchange Server 2007 servers information that has been successfully migrated to the new Data Center are as follows:


PRODExcMBX1.company.local
AD Site: HQ-Office1-Site
DC/GC: oldDC1, oldDC2

PRODExcHT-CAS1.company.local
AD Site: HQ-Office1-Site
DC/GC: oldDC1, oldDC2

PRODExcHT-CAS2.company.local
AD Site: HQ-Office1-Site
DC/GC: oldDC1, oldDC2

as can be seen from the Production site above, all of them still resides on the old AD site, which steps that I need to do first in order to re-point the Exchange Server into the new DC/GC in the new Data Center without causing any downtime ?
0
 
Senior IT System EngineerIT ProfessionalAuthor Commented:
or shall do the following registry below first:


Hive: HKEY_LOCAL_MACHINE
Key: System\CurrentControlSet\Services\Netlogon\Parameters
Name: DC-Production-Site
Type: REG_SZ

followed by reboot before issuing the powershell command for all of the Exchange Servers ?

Set-ExchangeServer -Identity PRODExcMBX1 -StaticConfigDomainController PRODDC1 -StaticGlobalCatalogs PRODDC1
Set-ExchangeServer -Identity PRODExcMBX1 -StaticConfigDomainController PRODDC2 -StaticGlobalCatalogs PRODDC2 

Set-ExchangeServer -Identity PRODExcHT-CAS1 -StaticConfigDomainController PRODDC1 -StaticGlobalCatalogs PRODDC1
Set-ExchangeServer -Identity PRODExcHT-CAS1 -StaticConfigDomainController PRODDC2 -StaticGlobalCatalogs PRODDC2

Set-ExchangeServer -Identity PRODExcHT-CAS2 -StaticConfigDomainController PRODDC1 -StaticGlobalCatalogs PRODDC1
Set-ExchangeServer -Identity PRODExcHT-CAS2 -StaticConfigDomainController PRODDC2 -StaticGlobalCatalogs PRODDC2

Open in new window

0
 
MaheshArchitectCommented:
Have you changed IP addresses \ subnets of Exchange servers to new data center ?

If not, I think then Exchange server is still reporting to old site and old domain controllers

check AD subnet to site assignment in active directory
By default Exchange will pickup domain controllers in his own site

You could change exchange server subnet mapped to old AD site to new data center AD site in active directory once your all client computers migrated to new data center

One way is to manually change that domain controller configuration on exchange server as per your earlier comment

Mahesh.
0
 
Senior IT System EngineerIT ProfessionalAuthor Commented:
Mahesh,

Yes, the Exchange Server migration has been done long time ago, now I need to decommission the oldDC1 and oldDC2 in the old building.

Yes, you are right, from the Exchange Management Console, I can see that all of the Exchange Servers are still pointing to oldDC1 and oldDC2 because they are still in the same AD Site.

So If I have to manually change the DC/GC, do I have to change the AD Site through registry first or that comes as the later process after reboot ?
0
 
Tej Pratap Shukla ~DexterCommented:
You need to first change AD site to "DC-Production-Site" through registry, then reboot
0
 
suriyaehnopCommented:
You can changed the AD Site via Active Directory Site and Services.

To change the Active Directory Site for Exchange

1. Note the subnet of where you Exchange belong.
2. Open Active Directory Site and Services.
3. Expend Site | At new site add new IP address subnet of your Exchange server.
0
 
Senior IT System EngineerIT ProfessionalAuthor Commented:
Dexter, thank you for the assistance,
So I guess In this case I need to do it on the following manner:

Hub Transport-ClientAccessServer role
PRODExcHT-CAS1
---- Reboot and use the powershell to check the AD DC /GC before statically change it----
PRODExcHT-CAS2
----Reboot and use the powershell to check the AD DC /GC before statically change it----

Recovery Mailbox Server role (CCR Passive Node)
RECOExcMBX1
----After the reboot, Failover to the Recovery Node, use the powershell to check the AD DC /GC before statically change it ----

Production Mailbox Server role (CCR Active Node)
PRODExcMBX1
----After the reboot, Failover back to the Active Node, use the powershell to check the AD DC /GC before statically change it----

is that sequence make sense to avoid email flow issue ?
0
 
Senior IT System EngineerIT ProfessionalAuthor Commented:
Hi suriyaehnop,

I've just confirmed from the "Active Directory Site and Services" console from RDP to my Exchange Mailbox server, expanding the Sites\Subnets 10.1.2.0/24 in General tab shows the AD site as "DC-Production-Site" the new AD site served by the new PRODDC1 and PRODDC2 AD/DC servers.

somehow the result from the command prompt running (nltest /dsgetsite) command from the PRODExcMBX1 shows the result as "HQ-Office1-Site" which is the old AD site served by the old oldDC1 and oldDC2 AD/DC servers.
0
 
Tej Pratap Shukla ~DexterCommented:
Yes that should work just fine .
Keep posting
0
 
Senior IT System EngineerIT ProfessionalAuthor Commented:
ok, just a question before I do the changes this weekend.

Why is that the Exchange Servers in the new data center is not changing its AD/DC and its  AD site to reflect the new IP address that was changed?
0
 
Senior IT System EngineerIT ProfessionalAuthor Commented:
where can I find the evidence of the hard coded of the AD site on the Exchange Server registry ?
0
 
Senior IT System EngineerIT ProfessionalAuthor Commented:
Ok, just the update for this case, I've found the issue in this article: http://technet.microsoft.com/en-us/library/aa995781(v=exchg.80).aspx

shall I just remove the registry key to make sure that the Exchange Server can use the AD sites defined in the IP sub net on the Active Directory Sites and Services ?

shall I remove the registry entry the SiteName registry value ?
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

  • 9
  • 3
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now