Solved

How to safely change the Domain Controller & Global Catalog servers being used by Exchange Server 2007 ?

Posted on 2014-03-30
15
5,835 Views
2 Endorsements
Last Modified: 2014-05-30
Hi People,

After safely migrating the Exchange server into another datacenter, now I'm confused as to how to safely change the Exchange DC/GC without causing any downtime or email flow issue.

Because from the Exchange Management console, I cannot re-point the server into another domain controllers on the different site than the current exchange server is now using.

Where and how to safely change the Domain Controller and the Global Catalog servers configured with the Exchange Server 2007 SP3 ?

Thanks.
2
Comment
  • 9
  • 3
  • 2
  • +1
15 Comments
 
LVL 7

Author Comment

by:Senior IT System Engineer
Comment Utility
Should I change the AD site in all of the Exchange Server first from the registry or do I need to change the DC/GC servers by using powershell command:

For the Mailbox Server:

Set-ExchangeServer -Identity PRODExcMBX1 -StaticConfigDomainController PRODDC1 -StaticGlobalCatalogs PRODDC1
Set-ExchangeServer -Identity PRODExcMBX1 -StaticConfigDomainController PRODDC2 -StaticGlobalCatalogs PRODDC2 

Open in new window


For the 2x HT-CAS servers:
Set-ExchangeServer -Identity PRODExcHT-CAS1 -StaticConfigDomainController PRODDC1 -StaticGlobalCatalogs PRODDC1
Set-ExchangeServer -Identity PRODExcHT-CAS1 -StaticConfigDomainController PRODDC2 -StaticGlobalCatalogs PRODDC2

Set-ExchangeServer -Identity PRODExcHT-CAS2 -StaticConfigDomainController PRODDC1 -StaticGlobalCatalogs PRODDC1
Set-ExchangeServer -Identity PRODExcHT-CAS2 -StaticConfigDomainController PRODDC2 -StaticGlobalCatalogs PRODDC2

Open in new window

0
 
LVL 11

Expert Comment

by:Tej Pratap Shukla ~Dexter
Comment Utility
Hey there

You need to first ensure that active directories roles have been transferred to the new domain controlled/global catelog.So you need to change AD to the new server first.

The next step is to make sure that dc/gc information has been successfully replicated to the new one.After ensuring then you can turn off the old server this would ensure that you donot face any downtime or email flow issue.

The last step is to demote the old dc using "dcpromo".
Ensure that you follow each step carefully .
I hope this helps you.

Thanks
~Dex
0
 
LVL 18

Assisted Solution

by:suriyaehnop
suriyaehnop earned 250 total points
Comment Utility
I think before you do Exchange migration, the GC shall available on both data centre, do you?

If not, could promote one of DC at second dc to become a GC.

To enable GC:

http://support.microsoft.com/kb/296882
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
Comment Utility
The new Data Center got different AD site, so the existing setting is as follows:

here's the site location mapping:

Old Office building:
Domain: COMPANY.local
AD Site: HQ-Office1-Site
DC/GC: oldDC1, oldDC2


New Data Center:
Domain: COMPANY.local
AD Site: DC-Production-Site
DC/GC: PRODDC1, PRODDC2

While the existing Exchange Server 2007 servers information that has been successfully migrated to the new Data Center are as follows:


PRODExcMBX1.company.local
AD Site: HQ-Office1-Site
DC/GC: oldDC1, oldDC2

PRODExcHT-CAS1.company.local
AD Site: HQ-Office1-Site
DC/GC: oldDC1, oldDC2

PRODExcHT-CAS2.company.local
AD Site: HQ-Office1-Site
DC/GC: oldDC1, oldDC2

as can be seen from the Production site above, all of them still resides on the old AD site, which steps that I need to do first in order to re-point the Exchange Server into the new DC/GC in the new Data Center without causing any downtime ?
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
Comment Utility
or shall do the following registry below first:


Hive: HKEY_LOCAL_MACHINE
Key: System\CurrentControlSet\Services\Netlogon\Parameters
Name: DC-Production-Site
Type: REG_SZ

followed by reboot before issuing the powershell command for all of the Exchange Servers ?

Set-ExchangeServer -Identity PRODExcMBX1 -StaticConfigDomainController PRODDC1 -StaticGlobalCatalogs PRODDC1
Set-ExchangeServer -Identity PRODExcMBX1 -StaticConfigDomainController PRODDC2 -StaticGlobalCatalogs PRODDC2 

Set-ExchangeServer -Identity PRODExcHT-CAS1 -StaticConfigDomainController PRODDC1 -StaticGlobalCatalogs PRODDC1
Set-ExchangeServer -Identity PRODExcHT-CAS1 -StaticConfigDomainController PRODDC2 -StaticGlobalCatalogs PRODDC2

Set-ExchangeServer -Identity PRODExcHT-CAS2 -StaticConfigDomainController PRODDC1 -StaticGlobalCatalogs PRODDC1
Set-ExchangeServer -Identity PRODExcHT-CAS2 -StaticConfigDomainController PRODDC2 -StaticGlobalCatalogs PRODDC2

Open in new window

0
 
LVL 35

Accepted Solution

by:
Mahesh earned 125 total points
Comment Utility
Have you changed IP addresses \ subnets of Exchange servers to new data center ?

If not, I think then Exchange server is still reporting to old site and old domain controllers

check AD subnet to site assignment in active directory
By default Exchange will pickup domain controllers in his own site

You could change exchange server subnet mapped to old AD site to new data center AD site in active directory once your all client computers migrated to new data center

One way is to manually change that domain controller configuration on exchange server as per your earlier comment

Mahesh.
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
Comment Utility
Mahesh,

Yes, the Exchange Server migration has been done long time ago, now I need to decommission the oldDC1 and oldDC2 in the old building.

Yes, you are right, from the Exchange Management Console, I can see that all of the Exchange Servers are still pointing to oldDC1 and oldDC2 because they are still in the same AD Site.

So If I have to manually change the DC/GC, do I have to change the AD Site through registry first or that comes as the later process after reboot ?
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 11

Assisted Solution

by:Tej Pratap Shukla ~Dexter
Tej Pratap Shukla ~Dexter earned 125 total points
Comment Utility
You need to first change AD site to "DC-Production-Site" through registry, then reboot
0
 
LVL 18

Assisted Solution

by:suriyaehnop
suriyaehnop earned 250 total points
Comment Utility
You can changed the AD Site via Active Directory Site and Services.

To change the Active Directory Site for Exchange

1. Note the subnet of where you Exchange belong.
2. Open Active Directory Site and Services.
3. Expend Site | At new site add new IP address subnet of your Exchange server.
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
Comment Utility
Dexter, thank you for the assistance,
So I guess In this case I need to do it on the following manner:

Hub Transport-ClientAccessServer role
PRODExcHT-CAS1
---- Reboot and use the powershell to check the AD DC /GC before statically change it----
PRODExcHT-CAS2
----Reboot and use the powershell to check the AD DC /GC before statically change it----

Recovery Mailbox Server role (CCR Passive Node)
RECOExcMBX1
----After the reboot, Failover to the Recovery Node, use the powershell to check the AD DC /GC before statically change it ----

Production Mailbox Server role (CCR Active Node)
PRODExcMBX1
----After the reboot, Failover back to the Active Node, use the powershell to check the AD DC /GC before statically change it----

is that sequence make sense to avoid email flow issue ?
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
Comment Utility
Hi suriyaehnop,

I've just confirmed from the "Active Directory Site and Services" console from RDP to my Exchange Mailbox server, expanding the Sites\Subnets 10.1.2.0/24 in General tab shows the AD site as "DC-Production-Site" the new AD site served by the new PRODDC1 and PRODDC2 AD/DC servers.

somehow the result from the command prompt running (nltest /dsgetsite) command from the PRODExcMBX1 shows the result as "HQ-Office1-Site" which is the old AD site served by the old oldDC1 and oldDC2 AD/DC servers.
0
 
LVL 11

Expert Comment

by:Tej Pratap Shukla ~Dexter
Comment Utility
Yes that should work just fine .
Keep posting
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
Comment Utility
ok, just a question before I do the changes this weekend.

Why is that the Exchange Servers in the new data center is not changing its AD/DC and its  AD site to reflect the new IP address that was changed?
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
Comment Utility
where can I find the evidence of the hard coded of the AD site on the Exchange Server registry ?
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
Comment Utility
Ok, just the update for this case, I've found the issue in this article: http://technet.microsoft.com/en-us/library/aa995781(v=exchg.80).aspx

shall I just remove the registry key to make sure that the Exchange Server can use the AD sites defined in the IP sub net on the Active Directory Sites and Services ?

shall I remove the registry entry the SiteName registry value ?
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now