Solved

Need help in modifying Exchange Domain controllers from Out-Of-Site into In-Site

Posted on 2014-04-02
20
456 Views
Last Modified: 2014-04-30
Hi All,

Can anyone please assist me in modifying the list of Active Directory domain controllers that Exchange Server use from the Out-Of-Site into the In-Site ?
0
Comment
  • 10
  • 9
20 Comments
 
LVL 9

Assisted Solution

by:Mahesh Sharma
Mahesh Sharma earned 63 total points
ID: 39971825
0
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 437 total points
ID: 39971845
That isn't something you usually have to modify yourself, Exchange takes care of it.
If it is using out of site domain controllers then that would suggest that either AD sites and services isn't configured correctly or the domain controllers on site are not responding fast enough.

Simon.
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 39971853
The reason I ask this question is that because I need to decommission the domain controllers that are listed under the In-Site lists.

The exchange servers themselves has been migrated to the new location with different IP address but the AD site somehow still referring back to the Old AD site which is served by the old DC/GC.
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 39971858
Should I use the Powershell command first or edit the registry first to achieve this ?
One thing to note is that all of the Workstations AD site still use the old Site which is the same as the entire Exchange Servers. So I need someone to shed some light o this matter.
0
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 437 total points
ID: 39971861
Take the GC role away, then restart the Exchange services. That will force Exchange to find a new domain controller with the GC role.
Exchange can get "attached" to a domain controller, so even after changes will keep using it, that may well be what has happened here. However it likes to use global catalogs, so if the only global catalog it is using is no longer a GC, it has to find another one.

Simon.
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 39971964
Cool, so that does means I will need to do the DC promo first to demote the DC/GC roles for all of the In-Site servers. after that followed by the restart of the exchange server services from HT-CAS role down to the Mailbox server last ?
0
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 437 total points
ID: 39972025
You can take the GC role away from the server without running DCPROMO. You should check that the domain controllers in the current site are global catalogs before doing so.

The order of the service restart probably doesn't matter, as it is just a restart.

Simon.
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 39972289
Thanks Simon, I thought so because there should be a normal way for Exchange Server to detect the DC/GC available.

Yes, in the new Data Center, I have created the AD site and all of the Domain Controllers are also Global Catalog.

So In conclusion here, only exchange server reboot and CCR failover to reflect the changes of the new GC or In-Site members ?
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 39972331
Is there any impact to the users when the workstation is on the old AD site and the exchange servers are all in the new AD site served by the new domain controllers in the new DAta Center ?
0
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 437 total points
ID: 39972521
If you have workstations in the original site, then you really need to have a global catalog there, because that is what is used to process the logins. Do you plan to have any domain controllers in the original site?

Simon.
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 39973809
Yes, all of the company workstations ~350+ still resides in the office building (AD Site: HQ1), only the server room that will be moved out of the building into proper Data Center where the entire Exchange Servers is now running (AD Site: Prod-DC1-Site).

My Understanding with the current situation is that since the Exchange Server 2007 was build in the office server room  (AD Site: HQ1), it is always talking to the oldDC1 and oldDC2 that I will be decommission now.

Now, I would like to make sure that by decommissioning the oldDC1 and oldDC2 which is used by the Exchange server, it can then automatically add the Out-Of-Site DC from the list since it is on the same Data Center (AD Site: Prod-DC1-Site) ?
0
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 437 total points
ID: 39975575
If you have workstations in that location then you will need to retain the domain controllers there, with the global catalog role to process logins. Are you replacing the current domain controllers? If you are removing them completely and not replacing them (so there are no domain controllers at all in that location) then you may want to consider a rethink, as that will have a huge impact on the workstations.

Does Exchange see the other domain controllers? There should be an event log entry when Exchange starts up.

Simon.
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 39976897
Simon,

My plan is to decommission the oldDC1 and oldDC2 (AD site: HQ1) in the office building server room since they are all old Windows 2008 box. You are right, there are 350+ workstations in the office building, there will be 2x smaller newSmallDC1 and newSmallDC2 to server as the DNS and DHCP for (AD Site: HQ1).

Here's what in the Event ID 2080 MSExchange ADAccess:

In-Site:
oldDC1 --> will be turned off soon for decommission (AD Site: HQ1)
oldDC2 --> will be turned off soon for decommission (AD Site: HQ1)
newSmallDC1 (AD Site: HQ1)

Out-of-Site:
PRODDC1 --> existing DC/GC in new DataCenter that I want to use (AD Site: Prod-DC1-Site)
PRODDC2 --> existing DC/GC in new DataCenter that I want to use (AD Site: Prod-DC1-Site)
DRDC1 --> different DataCenter for DR purpose
DRDC2 --> different DataCenter for DR purpose

Since the Exchange Server itself already migrated over to the new Data Center and using new IP address, I wonder if changing or forcing the Exchange servers to use the PRODDC1 and PRODDC2 in the new Data center and change the AD Site into Prod-DC1-Site can make any difference or even counter-productive ?
0
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 437 total points
ID: 39983410
I never force Exchange to use a domain controller unless it is required for a temporary measure. However I am a consultant and most of the sites I look after are not mine, so I don't do anything odd. People forget that a domain controller has been specified, and it is fine until that DC goes away and then Exchange is dead in the water.

Odd that it is seeing the old domain controllers as out of site.

Run this command from the Exchange server:

nltest /dsgetsite

That will return the AD site as seen by Windows.

I would have to wonder if something hasn't updated correctly in the server.
You could try running  domain prep from the latest Exchange service pack media to see if that helps things along a bit.

Simon.
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 39983459
Simon,

The new DC is seen as out of site while the old one that are still running is deemed as in-site.

I guess it is because the exchange servers were all build on the  HQ1 AD site and then few years later the new data center is build up and the exchange server migrated to the new Data Center with new IP. Strangely it doesn't switch the AD site and Dolaon Controllers to the new AD site.

What is the best or safest way to allow exchange to use the DC/GC that is the nearest or within the same IP VLAN in the New DatabCenter ?
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 437 total points
ID: 39983569
My point is - the Exchange should change sites on its own.

I have moved sites with Exchange loads of times - my own off site DAG server was built here, and then taken off site and it knew it was in the second location without me having to do something. Therefore the behaviour you are seeing is not correct. I can only presume something has been hard coded or hasn't updated correctly.

Simon.
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 40026477
Simon,

I've found the registry as stated in this article by Mycrosoft Technet: http://technet.microsoft.com/en-us/library/aa995781(v=exchg.80).aspx

so shall I locate and delete the SiteName registry value followed by reboot to make sure that the Exchange AD Sites automatcially follows the subnet defined by Active Directory Sites and Services ?
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40026869
You can certainly try that - as it should cause the value to either be updated or replaced by what is found with Sites and Services configuration.

Simon.
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 40026888
Thanks Simon.

So instead of rebooting and failover the CCR cluster mailbox server, can I just restart the AD Topology service in all Exchange servers ?
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40031632
I would not expect that value to be populated correctly if you just restarted service, because AD site membership is seen by the Windows OS. A reboot of the server is the only way to get a reliable result.

Simon.
0

Join & Write a Comment

Synchronize a new Active Directory domain with an existing Office 365 tenant
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now