Making an Exchange 2003 point to LDAP on the new Primary Domain Controller

Hello,

Win2003R2 Server  (Old DC now demoted to Backup DC)
Win2008R2 Server  (Primary DC - Global Catalog)

Exchange 2003 running on Win2003R2

Installed the Win2008R2 server, promoted to PDC, and old domain controller is now just a backup domain controller with GC turned off.  This is all a prelude to moving to Exchange 2010 (and beyond later).

If the Backup DC is turned off then the following error appears on the Exchange 2003 Server and nothing works :

====================
Event ID 8026 - LDAP Bind was unsuccessful on directory <Old-DC-name> for distinguished name ''. Directory returned error:[0x51] Server Down.
====================

Similarly, if the Backup DC is down (old domain controller) then the Exchange server will just hang while booting until such time that Backup DC is turned back on, the error being the above error.

How can I get the Exchange Server to point to LDAP on the new Win2008R2 DC and GC ?

I have already made the  RECIPIENT UPDATE SERVICES  point to the new Win2008R2DC/GC.


M.
ATWMICHELAsked:
Who is Participating?
 
ATWMICHELAuthor Commented:
Hi Mahesh,

Well, well.

What I wanted works !!   I just had to wait long enough after turning off GC on the 2003 server for the 2008R2 to become the only guardian of all AD stuff.

I went out to get a pizza and relax and while out thought that, maybe, it was just a replication timing issue, so on my return, thinking that enough time had passed, I shut down the 2003 server, rebooted the 2008R2 and the Exchange 2003 server and it all works with the 2003 server turned OFF.  And the 2003 server is still a DC, just not a GC.

I will still demote the 2003 server completely anyway after checking with the client who ordered this upgrade, but at least the proof of concept works - I just had to wait long enough.

Thanks for your thoughts Mahesh.
0
 
yo_beeDirector of Information TechnologyCommented:
Did you move all FSMO roles from your 2003 DC?
With AD 2000 and newer there is no actual PDC of BDC.
There is a PDC emulator in this, but all DC's act as a large cluster.  

When you added your 2008 DC did you adprep your AD schema?

From the way you outlined your question it seems to me that you may not fully understand how this works.  

Did you follow any How To's or Step by Steps articles?  

With both DC's on run DCDiag and see if there are any fail events in the report.

Here are some links that may help.
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc733027(v=ws.10)

https://www.petri.com/prepare-for-server-2008-r2-domain-controller

http://kpytko.pl/active-directory-domain-services/adding-first-windows-server-2008-r2-domain-controller-within-windows-2003-network/
0
 
ATWMICHELAuthor Commented:
Hi yo_bee,

You are seeing the issue as a DC issue.

The issue I am reporting is an Exchange 2003 issue.  The Event ID 8026 is an Exchange error.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
MaheshArchitectCommented:
What happening here is when u turned off GC bit, the dc becomes useless for exchange server, now no matter you turn it on or off, it won,t help
Also due to dns behavior, as long as dc records are there, if query goes to 2003 server and if it's not GC, the query won't be answered and same time since dc is online, exchange not shifting to another dc until TTL timed out
If dc is turned off, again query won,t get shifted to 2008 dc
U need to demote 2003 dc completely and ensure no metadata left in AD
0
 
ATWMICHELAuthor Commented:
Hi Mahesh.

You understand the problem but it is not quite what you say.  2003 server is not GC but everything works if that server is up and running.  As soon as I turn off the 2003 server then Exchange gives Event ID 8026   (MSExchangeAL LDAP Operations Event ID 8026),  an LDAP error, because it is looking to the 2003 for its LDAP AD queries.

I had resolved to completely demote the 2003 DC because the DNS clearly points LDAP to both the 2008R2 and the 2003 DCs (_ldap entries in DNS) - I just wanted a way of making Exchange gets its LDAP from the 2008R2 only and then be certain it was working without any need of the 2003 server before actually demoting the 2003 server completely.

I will demote the 2003 server.
0
 
MaheshArchitectCommented:
Ok
have you checked configuration DC for exchange server?
I am not able to recollect exact location, may be exchange server properties under EMC
U can change it to manual and add 2008 DC there
0
 
MaheshArchitectCommented:
actually Exchange DS Access service checks available GC / DC for every 15 minutes and if 1st one is not reachable, it should automatically select another DC in same site as configuration DC, only thing that DC should be available in the list of available DCs on config page
0
 
ATWMICHELAuthor Commented:
-----------------------------------
actually Exchange DS Access service checks available GC / DC for every 15 minutes and if 1st one is not reachable, it should automatically select another DC in same site as configuration DC, only thing that DC should be available in the list of available DCs on config page
-----------------------------------


Correct - that is the supposed behaviour and it was configured correctly in Exchange System Manager but it simply was never using the 2008R2 server when the 2003 server was shut down - it was always giving that MSExchangeAL LDAP Operations Event ID 8026 error.  Taking off GC from the 2003 Server is what did it, but I just had to wait long enough.

M.
0
 
MaheshArchitectCommented:
BTW:
what happened here is when you rebooted Exchange, Exchange is forced to rediscover AD topology (config DC/GC) and that's how it found 2008 DC which is only DC turned on
Even if you keep both DCs online while turned off GC bit for 2003 server, after you simply restart DSAccess service or simply restart Exchange server, it should discover and start all communication with 2008 DC as it is only GC

Thanks
Mahesh.
0
 
ATWMICHELAuthor Commented:
Hi Mahesh,

I had already rebooted the Exchange server before but I had only waited 15 minutes after turning OFF GC on the 2003 server, and I thought that was enough given that the Microsoft doc says 5 to 10 minutes  but  there are 400 users in AD, and endless other stuff, and so while eating my pizza I thought it might just be a need to wait for a longer transfer of the Catalog .....

By the way I have given you all the points because your first or second answer confirmed to me that I was on the right path already but that, maybe, it was just a question of waiting longer.

M
0
 
AmitIT ArchitectCommented:
You already closed this question, in future, if you want to force DC, use nltest command. Check this KB:
https://www.technipages.com/windows-how-to-switch-domain-controller
0
 
ATWMICHELAuthor Commented:
Hi Amit - Yes, I know !

If you are talking about ensuring that replication between domain controllers has happened, I actually used the  nltest  command on the next day on Sunday before demoting the 2003 server when I was going through my own domain-controller-demotion checklist prior to demoting that server.

M
0
 
ATWMICHELAuthor Commented:
I had the right solution all along but simply had to wait for replication for it to work.

Nevertheless I wanted to give Mahesh some points because he read carefully and understood the problem, and provided pointers which firmed up my belief that I was on the right path originally and should persevere with my solution.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.