Test Shutting down AD before demoting server. (exchange also installed on same server)
I have a 2008R2 server that has AD and Exchange 2010 installed on it. I have installed a 2012R2 DC. Replication has occurred. DHCP scope options point clients to new DC. FSMO roles have been transferred. DCIAG tests are all good. DCDIAG DNS test are all good.
I want to test shutting down AD/DS on the 2008R2 server before demoting. I cannot turn off the server because I need to keep exchange running.
I have tried to stop the "Active Directory Domain Services" but when I do this Outlook prompts users for login credentials and breaks access to the exchange management console. Not other services appear to be affected, only Outlook connection to the Exchange server.
Email does work as I test sending / receiving with OWA.
I have tried specifying the domain controller in EMC but that doesn't make a difference.
If I run get-adserversettings | fl
I still see the 2008r2 server listed as the default global catalog and default preferred domain controllers. Even though in the server properties in EMC it shows in the system settings tab the servers that I specified in the EMS command line to set them.
Also, since I am experiencing issues when stopping the AD service I concerned that I will experience the same issues in Exchange when I demote the 2008r2 box (that is also running the exchange)
Without shutting down the 2008R2 server or modifying the firewall how can it test as if it were demoted? Is there a service I can stop? Is there something I might be missing in the Exchange setup that I need to configure the new 2012R2 AD server information?
I want to test shutting down AD/DS on the 2008R2 server before demoting. I cannot turn off the server because I need to keep exchange running.
I have tried to stop the "Active Directory Domain Services" but when I do this Outlook prompts users for login credentials and breaks access to the exchange management console. Not other services appear to be affected, only Outlook connection to the Exchange server.
Email does work as I test sending / receiving with OWA.
I have tried specifying the domain controller in EMC but that doesn't make a difference.
If I run get-adserversettings | fl
I still see the 2008r2 server listed as the default global catalog and default preferred domain controllers. Even though in the server properties in EMC it shows in the system settings tab the servers that I specified in the EMS command line to set them.
Also, since I am experiencing issues when stopping the AD service I concerned that I will experience the same issues in Exchange when I demote the 2008r2 box (that is also running the exchange)
Without shutting down the 2008R2 server or modifying the firewall how can it test as if it were demoted? Is there a service I can stop? Is there something I might be missing in the Exchange setup that I need to configure the new 2012R2 AD server information?
ASKER
Matter of fact, with "active directory domain services" stopped after closing EMC and re-opening I get errors connecting to the exchange server.
Processing data for a remote command failed with the following error message: The WinRM client cannot complete the operation within the time specified. Check if the machine name is valid and is reachable over the network and firewall exception for Windows Remote Management service is enabled. For more information, see the about_Remote_Troubleshooti
Sometimes below error also displayed.
The following error occurred when getting management role assignment for ‘domain/Users/Administrato
Processing data for a remote command failed with the following error message: The client cannot connect to the destination specified in the request. Verify that the service on the destination is running and accepting requests. Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM Service: "winrm quickconfig". For more information, see the about_Remote_Troubleshooti
Processing data for a remote command failed with the following error message: The WinRM client cannot complete the operation within the time specified. Check if the machine name is valid and is reachable over the network and firewall exception for Windows Remote Management service is enabled. For more information, see the about_Remote_Troubleshooti
Sometimes below error also displayed.
The following error occurred when getting management role assignment for ‘domain/Users/Administrato
Processing data for a remote command failed with the following error message: The client cannot connect to the destination specified in the request. Verify that the service on the destination is running and accepting requests. Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM Service: "winrm quickconfig". For more information, see the about_Remote_Troubleshooti
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for the links. We will be moving mail from the Exchange 2010 server to Office365 shortly. I will just wait until after the migration then I can uninstall Exchange, demote the server, then remove from the domain.
What I find humorous is that MS says "For security and performance reasons, we recommend that you install Exchange 2010 only on member servers and not on Active Directory directory servers." but then then turn around and create a Small business server that does exactly that by installing everything on an AD server.
What I find humorous is that MS says "For security and performance reasons, we recommend that you install Exchange 2010 only on member servers and not on Active Directory directory servers." but then then turn around and create a Small business server that does exactly that by installing everything on an AD server.
SBS is always a special case. You can't demote an SBS server and continue to use it, since it's required to be a DC, so you wouldn't ever run into this particular issue.
ASKER
however, After stopping "active directory domain services" then opening EMC | Server configuration the exchange certificates tab is blank.
If I start the service again I can see the exchange certificates.