Configure Domain Controller in Exchange 2010

10 years ago it was a best practice to use an ’empty root’ Active Directory model. Lately I see this model quite often in Exchange 2003 environment that need to be upgraded to Exchange 2010.

A customer has an empty root AD with 2 domain controllers in this empty root. Outlook’s autodiscover sometimes returns one of these domain controllers, but in this specific scenario these domain controllers are behind a firewall. Therefore they cannot be used for authentication purposes by (desktop) clients.

Exchange has a service (MSExchange ADAccess) that uses the topology discover to retrieve a list of available domain controllers. You can check the properties of the Exchange Server in the Exchange Management Console or you can check the eventlog for Event ID 2080.

Log Name: Application

Source: MSExchange ADAccess

Date: 15-11-2010 12:46:57

Event ID: 2080

Task Category: Topology

Level: Information

Keywords: Classic

User: N/A

Computer: cashub01.infra.root.local

Description:

Process MSEXCHANGEADTOPOLOGYSERVICE.EXE (PID=1576). Exchange Active Directory Provider has discovered the following servers with the following characteristics:

(Server name | Roles | Enabled | Reachability | Synchronized | GC capable | PDC | SACL right | Critical Data | Netlogon | OS Version)

In-site:

AD001.root.local CD- 1 6 6 0 0 1 1 6 1

AD005.infra.root.local CD- 1 6 6 0 0 1 1 6 1

AD013.infra.root.local CDG 1 7 7 1 0 1 1 7 1

AD014.infra.root.local CDG 1 7 7 1 0 1 1 7 1

AD002.root.local CDG 1 7 7 1 0 1 1 7 1

AD004.infra.root.local CDG 1 7 7 1 0 1 1 7 1

AD006.infra.root.local CDG 1 7 7 1 0 1 1 7 1

AD003.infra.root.local CD- 1 6 6 0 0 1 1 6 1

Out-of-site:

To exclude a particular domain controller the Set-ExchangeServer cmdlet can be used in the Exchange Management Shell. In this example the AD001 domain controller is excluded for Exchange Server CASHUB01:

Set-ExchangeServer Identity “CASHUB01” –StaticExcludedDomainControllers AD001.root.local

Is is also possible to create a list of domain controllers and global catalog servers that are allowed by the Exchange Server:

Set-ExchangeServer Identity “CASHUB01” –StaticDomainControllers AD005.infra.root.local,AD003.infra.root.local

Set-ExchangeServer Identity “CASHUB01” –StaticGlobalCatalogs AD013.infra.root.local,AD014.infra.root.local

After configuring the Exchange Server you’ll see the results in the event log:

Log Name: Application

Source: MSExchange ADAccess

Date: 15-11-2010 22:05:18

Event ID: 2080

Task Category: Topology

Level: Information

Keywords: Classic

User: N/A

Computer: cashub01.infra.root.local

Description:

Process MSEXCHANGEADTOPOLOGYSERVICE.EXE (PID=1576). Exchange Active Directory Provider has discovered the following servers with the following characteristics:

(Server name | Roles | Enabled | Reachability | Synchronized | GC capable | PDC | SACL right | Critical Data | Netlogon | OS Version)

In-site:

AD001.root.local CD- 0 0 0 0 0 0 0 0 0

AD005.infra.root.local CD- 1 6 6 0 0 1 1 6 1

AD013.infra.root.local CDG 1 7 7 1 0 1 1 7 1

AD014.infra.root.local CDG 1 7 7 1 0 1 1 7 1

AD002.root.local CDG 0 0 0 1 0 0 0 0 0

AD004.infra.root.local CDG 1 7 7 1 0 1 1 7 1

AD006.infra.root.local CDG 1 7 7 1 0 1 1 7 1

AD003.infra.root.local CD- 1 6 6 0 0 1 1 6 1

Out-of-site:

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s