Solved

Exchange 2010 & DefaultPreferredDomainControllers

Posted on 2015-02-19
3
758 Views
Last Modified: 2015-03-06
I am in the process of removing our sole Windows Server 2003 R2 server (Nemesis) which was the DC that held all the FSMO roles.  I have not removed it as a global catalog server or demoted it yet.  I have an existing Windows 2012 Server (Prometheus) that is a physical server that now hosts all (5) FSMO roles.  I just introduced a second Windows 2012 Server (Chronos) as a VM, and everything seems to be replicating and running fine.  DNS is active directory integrated as well.

I followed the steps outlined in the link below.  I stopped at the bottom portion titled "Removing the 2003 Windows Server from the Global Catalog Server".  

I decided to review how our Exchange 2010 Server was configured to communicate with our DCs by running command "Get-ADServerSettings |fl", and I notice most everything pointed to the Windows 2003 Server.  So I used the following article as reference to use the Windows 2012 Server that now holds all the FSMO roles.    

http://exchangeserverpro.com/how-to-use-a-specific-domain-controller-in-exchange-2010-management-shell/

After running the command "Set-ADServerSettings -PreferredServer prometheus.domainname.local all the parameters now point to this server with the exception of DefaultPreferredDomainControllers still points to the Windows 2003 Server.

I am just wondering if that is normal.  Maybe it will update to the new server holding all the roles after I run a dcpromo on the Windows 2003 Server.  This parameter may not even be much of an issue.  So before I remove the final Windows 2003 Server from the domain, can you please let me know if this is even an issue or not.  I attached a screenshot so you can see what I am talking about.  

I simply want to remove the Windows 2003 Server and not have its removal affect active directory stability or cause mail related DNS issues, etc.  I am still reviewing the event logs on the all the DCs and the Exchange server to confirm AD is healthy and determine if there are any communications issues.  Yesterday morning I promoted the second Windows 2012 Server as a replicating DC, and I also transferred all the FSMO roles as well.   I plan on removing the Windows 2003 Server next Friday to give it plenty of time to replicate everything, and reboot everything to check all the event logs and overall health

DefaultPreferredDomainControllers.
0
Comment
Question by:cmp119
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 250 total points
ID: 40620921
When you begin the demotion of the 2003 server there all communication requests for services/authentication etc are stopped during this process. So there should be no issues.

However I would also make sure that your Exchange server is not pointing it's DNS at the 2003 server.

Aside from that everything should be fine. Personally, for these type of changes I still like to do them outside of business hours just to make sure that the process goes smoothly.

Will.
0
 
LVL 18

Accepted Solution

by:
irweazelwallis earned 250 total points
ID: 40621267
its just because it still exists as domain controller, once its been properly decomm'd then it will be fine.

you may want to do a restart of the AD topology service on exchange to force the update
0
 

Author Closing Comment

by:cmp119
ID: 40649766
Sorry for the delay responding.  I ran the demotion last Saturday, and all went as suggested.  I've not had any AD or Excel issues since then, so we should be good to go.  Thanks much....
0

Featured Post

Salesforce Made Easy to Use

On-screen guidance at the moment of need enables you & your employees to focus on the core, you can now boost your adoption rates swiftly and simply with one easy tool.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question