Domain controller upgrade in Exchange Environment

Similar Messages

• Domain Controller Upgrade 2008R2 to 2012R2

  Hi
  One of my customers has an environment with 3 domain controllers. Primary DC resides on premise as well as the secondary. One more Additional DC's resides on DR site and are all running Windows Server 2008 R2.
  We have now decided to upgrade all of them to 2012R2 and therefore I would like to know what are the concerns we need to be aware of?What sort of problems we may face or experience?and also best practice methodologies to perform the upgrade?
  Thanks

  Hi,
  Based on my experience, CA is not recommend to install on a DC. I recommend you to back up CA and then remove the CA role from the current DC, add the CA role
  on a member server and restore the CA database on that member server.
  In addition, I suggest adding a new Windows Server 2012 R2 into the domain and promote it to a DC instead of an in-place upgrade. Then you can transfer the FSMO and
  DHCP services to the new server, deactivate the DHCP scope on the old DC and turn on DHCP on the new DC. After all the DHCP clients receive IP addresses from the new DHCP server, then you can demote the old DC.
  For more detailed information, you can refer to the links below：
  AD CS Migration: Migrating the Certification Authority
  Migrating a 2003 Domain Controller with DCHP to 2012R2 (Similar for Windows Server
  2008 R2)
  Best regards,
  Susie

• Remove Domain Controller role from Exchange 2010 Server

  Hi team,
  There is a client with Domain Controller (2008 R2) running together with Exchange Server 2010 SP3. However there were some huge problems with Exchange and DC therefore since the best practice is to keep those roles seperately, they are in need of doing so.
  Can someone please suggest me the best approach? The server they use right now is with 16GB therefore whatever done, Exchange should be on that machine and DC on the other 6GB.
  Option 01.
  Both Exchange and DC are together
  Install new Exchange on a temporary Server and move everything make that Exchange server the only working primary
  Remove exchange from the DC server
  Promote new Additional DC and promote it with FSMO and make primary
  Demote the old DC from the 16GB server
  Install Exchange again on the 16GB server and move everything from the temporary server
  Or Option 02
  Add new additionall Domain Controller server and make it primary with GC and FSMO
  Run dcpromo to demote the old Domain controller role from where the Exchange Server too is installed
  Once DC role is removed from the exchange server, set up DNS and perform a restart, so Exchange will identify the new GC and domain controller
  Live happily ever after
  Thank You,
  Cheers!!

  Adding/Removing the DC-Role while Exchange is installed, is not supported so forget about your Option 2.
  Here's what I would do:
  1. Install a new GC/DC (move FSMO etc)
  2. Install a new temporary server for Exchange and move everthing over
  3. Decomission the old Exchange Server
  4. Demote the old Domain Controller
  5. Install Exchange on a newly freshly installed OS and move everything over from your temp server
  Martina Miskovic

• Domain Controller upgrade windows 2008 r2 to windows 2012

  I currently have 3 windows 2008 r2 domain controllers. 1 physical and 2 virtual. I am looking to see what the best upgrade path would be. the physical is the primary and has dhcp and dns services
  Stonecold31666

  See this,
  http://social.technet.microsoft.com/wiki/contents/articles/16797.upgrade-to-active-directory-2012.aspx
  Regards
  Biswajit Biswas
  My
  Blogs|TechnetWiki
  Ninja
  Best regards Biswajit Biswas Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. MCP 2003,MCSA 2003, MCSA:M 2003, CCNA, MCTS, Enterprise Admin

• Recovering Domain Controller in Exchange 2010 environment.

  Hi Friends,
  We have one windows 2008 Domain controller & one Exchange 2010 server with all role installed, My problem is if My domain controller failed , how  i can recover it?
  Is there ant step for domain controller recovery in Exchange 2010 Environment.?
  Thanks & regards,
  Pradeep

  Hi Pradeep,
  Sorry to hear that... The only option you have is to do non-authoritative restore of Active Directory...
  From Exchange prospective, once you do restore from an old backup whatever changes you made in Exchange since then won't be there as Exchange keeps all the settings in active directory, for example if you have created users then you would need to recreate
  them and attach their mailbox to back to users...
  Blog |
  Get Your Exchange Powershell Tip of the Day from here

• Changing AD Domain name with Microsoft Exchange 2013

  Hello everyone,
  we need to change our Active Directory Domain name from .local to another naming convention.
  We are running a Windows Server 2012 R2 environment with Exchange 2013.
  - Domain Controller 
  - File Server
  - Exchange 2013
  Running on a VMware ESX Host.
  What is the applied way to change the Domain name? Or is there no way to change in the running Forest and we have to re-setup everything?
  Thank you for your answers.
  Regards,
  Sebastian

  Hello,
  You need install new Exchange server in your new enviroment (forest).
  Please read this link:
  Prepare mailboxes for cross-forest moves using the Prepare-MoveRequest.ps1 script in the Shell
  Other nice article:
  Moving to a new forest and retaining the same SMTP domain ( with native scripts ) -
  Part I
  Regards

• Stop using static domain controller

  How do I remove the static domain controller used by Exchange?  I need it to talk to all the domain controllers on our network.  Each time the single DC that it looks to goes down, no one can access the Exchange server.

  Hi rudnicke,
  Thank you for your question.
  We could run the following command to stop using static domain controller:
  Set-ExchangeServer -Identity 'servername' -StaticConfigDomainController $null -StaticDomainControllers $null -StaticGlobalCatalogs $null
  If there are any questions regarding this issue, please be free to let me know. 
  Best Regard,
  Jim
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
  Jim Xu
  TechNet Community Support

• Upgrading domain controller from Server 2003 to Server 2012 R2, how will this affect Exchange 2010?

  Hi All,
  Below is an AD and Server related post that I had submitted last week. While I did receive valid responses for the post, I was advised to check with the Exchange forums for the Exchange related  question in
  bold. All responses are welcomed, thank you!
  ===========================================================
  Hi All,
  I am hoping that someone could perhaps provide some insight on this topic as I apparently can't seem to google the best answer.
  I have recently acquired an AD domain that is running on a 2003 domain controller. I have been tasked with upgrading our existing domain structure with 2012 R2 domain controllers for our main office and remote offices.
  The domain name is company.mynetwork.com, and it is the default first site name. We have multiple offices throughout the US with their own domain controllers (i.e. FL.mynetwork.com, NY.mynetwork.com, DC.mynetwork.com, etc.).
  Our main office, and default first site has one domain controller (mynetdc1) running Server 2003 R2. It is also our only DNS server for the main office. It also has an additional domain controller called mynetmaster3 which is running Server 2003.
  Both mynetdc1 & mynetmaster3 NTDS settings show them as global catalogs under AD Sites & Services. Both servers are also in the AD Domain Controllers OU, along with all of the other satellite office domain controllers.
  Additionally, our main office is running Exchange 2010 with the latest service pack. My questions are:
  Can we demote and retire mynetmaster3, then replace mynetdc1 with a newly promoted 2012 R2 global catalog domain controller without harming anything in the domain tree and interrupting connectivity to the other offices (this of course goes without saying
  after a 4 hour maintenance window to get the task completed has passed)?
  Should we upgrade the satellite offices first after raising the functional level for mynetdc1, or should we do the opposite (upgrade main office, then satellite offices)?
  MS Exchange 2010 is heavily dependent on AD, what effect will this entire project have on our email server? What steps should we take beforehand to ensure email continuity?
  Finally, is there any shame for a Net Admin to suggest that we hire an implementation specialist for this task? :)
  Any advice would be greatly appreciated!

  As long as the operating system on your Exchange servers isn't upgraded, and as long as you do the Active Directory domain and forest updates in the supported manner (the following link is a good example -
  http://blogs.msmvps.com/mweber/2012/07/30/upgrading-an-active-directory-domain-from-windows-server-2003-or-windows-server-2003-r2-to-windows-server-2012/), Exchange will happily operate behind the scenes.  Exchange 2010 is supported in the Windows
  forests (domain controllers, domain functional level and forest functional level) mentioned in the following TechNet article, which includes both Windows 2003 and Windows 2012.
  http://technet.microsoft.com/en-us/library/ff728623(v=exchg.150).aspx
  Due to this, you should be good as long as you do the domain controller, domain, and forest upgrades carefully.  Oh, and before you start each step, get a nice backup.

• Exchange 2007 RTM support with Windows Server 2012 R2 Domain Controller

  Hi All,
  I have not found any TechNet Article which states about the Windows Server 2012 R2 Active Directory domain controller operating system support with Exchange 2007 RTM, can some one please let me know that does Exchange 2007 RTM supports Windows Server 2012
  R2 domain controller operating system, we are in the process of upgrading the domain controllers to 2012 R2 but not the forest and domain functional level to 2012 R2.
  thanks
  If answer is helpful, please hit the green arrow on the left, or mark as answer. Salahuddin | Blogs:http://salahuddinkhatri.wordpress.com | MCITP Microsoft Lync

  There are several likely reasons for this.  The most significant is that Exchange 2007 RTM is no longer supported (outside ot extended support, which is not going to include adding support for new operating systems): 
  http://support2.microsoft.com/lifecycle/default.aspx?LN=en-us&p1=10926
  You'll note from the following -
  http://technet.microsoft.com/library/ff728623(v=exchg.150).aspx - that only Exchange 2007 SP3 is currently supported in any environment.
  HTH ...

• How to test domain controller on upgraded Win Server 2008 R2

  The windows team recently upgraded the development environment for the domain controller from 2003 to Windows 2008 R2 and I am to test the Idm functionality on this upgraded version. Our current configuration is that the DC and Idm gateway runs on different machines. To test this new DC, i want to install the idm gateway on that server and run some onboarding and termination test cases just to make sure if the AD connection is working on the upgraded DC. But i am getting ’Input/output error’ when i try to install the service and from the documentation it says 'The most common cause of this is that you do not have rights to work with this service.'. The server admin tried installing the gateway with his id as well and it failed. He tested installing in on the 2003 version of DC and it worked, so its not a matter of permission (i think..)...
  Does anyone have any better idea on how to test an upgrade of a DC from version 2003 to 2008 R2? Any help in this matter is appreciated. We are running Idm 8.1 on a Windows platform and an upgrade to OW 8.1.1. Patch 2 is also in the works..
  Thanks in advance.

  I may have found a workaround. Can you try to change the "compatibility mode" in 2008 R2 to "Windows XP SP3" and see if it will install?
  Admittedly I have not done this myself so I'm not entirely sure where or how it's done, but I have confirmation it resolves the issue from others who have faced it.

• Exchange server-Removing a Domain Controller from the forest

  Hi Guys,
  I need some help on removing a faulty domain controller from the AD forest. Here is the scenario:
  1. The FSMO roles have been seized to a new domain controller already.
  2. The old one is non-functional and is down for ever.
  I know the steps would be doing a meta-data cleanup And then remove some of the DNS entries related to the old server. But the real issue is:
  > I have Exchange 2013 running in one of the machines configured in the Forest, which was migrated from the old Domain controller. I then set Exchange listening to the new domain controller.
  So, my doubt is, if I delete the old domain controller and do a metadata cleanup, would it have any effect on the exchange server? The Exchange machine acts as an additional domain controller as well. Its a production environment and any
  change that affects Exchange would cause a big loss. Looking forward for your valuable suggestions..
  Regards,
  Nash

  Hi Ed,
  I don't have issues with the AD on the Exchange server. Eventhough it is configured as an AD, Exchange is pointed to the main working domain controller, which is a different machine. I just want to remove the traces of an old domain controller from which
  I transferred the FSMO roles to the new domain controller. The old  domain controller is completely down and hence I can't do a conventional 'dcpromo' on it. So just planning to do a 'metadata clean up' for removing the non-working DC from the forest. 
  So, In essence, I just want to know that, if I do a metadata cleanup, would it affect the Exchange server in any way?
  Regards,
  Nash

• Upgrading Domain Controller Questions

  Hello, we currently have 2 domain controllers in our environment, both with Server 2003 R2. We are looking to upgrade them one at a time to 2008 R2 but I have some questions. 
  Here's the environment:
  Server 1 (the one we are going to upgrade first):
  Server 2003 R2
  Domain Controller
  DHCP Server
  DNS Server
  Server 2 (we will be upgrading this in the near future but not just yet):
  Server 2003 R2
  Domain Controller
  DHCP Server
  DNS Server
  File Server with most of the company data
  We also have DNS replication set up between the two servers. 
  My questions:
  Will we run into any issues having two domain controllers with different Operating Systems?
  We would like for the domain controllers to keep the same names and IP's. Any issues with that?
  How will we stop, then re-setup DNS replication between the two servers?
  Any other 'gotcha's' we should be aware of?
  Dan Chandler-Klein

  I don't see any reason why not keeping old name and IP.
  Before upgrading make sure AD has no issues:
  look at the event viewer, run DCDiag, replication runs clean (repadmin /showrepl) etc.
  OS has no warning/errors.
  Not  must but I would move the FSMO roles to another DC before demote.
  Make sure applications installed on the new DC's (AV\Backup agents etc.)  support Windows 2008 R2 OS.
  Make sure all your network applications in your environment support working with Windows 2008 R2 DC - I recommend test it in lab first.
  Make sure that the DC you are about to demote not holding CA role. 
  Most important:
  Make sure you successfully demote the old DC and no records left in DNS.
  I'm not agree with evrimicelli about DC's naming and I wouldn't go for CNAME record - this can get you in many troubles in the future. 
  after demote the old DC, I would rename it or remove it from the domain, than you can rename the new server with old Dc name and promote it to DC with old DCs' IP address. 
  I didn't understand the question about DNS replication.
  What kind of DNS zone do host?  if its AD integrated (and thats what you should have), you don't need to configure any replication, AD integrated DNS zone replicate as part of AD replication between your two DC's.
  Please take a moment to Vote as Helpful and/or Mark as Answer where applicable. Thanks.

• Upgrading windows server 2003 domain controller to windows server 2008

  Hello friedns :
  We have a company with about 2000 users , and two windows server 2003 domain controllers , one of them acts as a primary domain controller , and the other acts as secondary domain controller , all the FSMO s are on the primary DC ,we have decided to upgrade all of our servers from windows server 2003 to windows server 2008 , the first step is to upgrade the domain controllers to windows server 2008 , our domain controllers are so sensitive and has to be active 24 hours a day , i have stress upgrading it to windows server 2008 , what is the best solution to upgrade it with no risk ?
  ( i have an opinion but i am not sure and i dont have any guide about it , i want to install a windows server 2008 and promote it as an additional domain controller to the windows server 2003 DC and the transfer all the FSMOs to it , and then promote the first domain controller !!! is that possible ? if yes , is there any guide about it? )
  If there is a guide available for it please let me know . (Specially if there is a tip & trick)
  thank you guys.
  Network is my LOVE

  Hi,
  This TechNet online article might be helpful for you.
  How to Upgrade Domain Controllers to Windows Server 2008 or Windows Server 2008 R2
  http://technet.microsoft.com/en-us/library/ee522994(WS.10).aspx
  For your convenience, I have list some general steps for your reference.
  Since the following operation have potential damage to Active Directory database, it is highly suggested that you'd better perform a full backup of Active Directory (System State) firstly. Also it is better to test the following procedure in a similar lab environment first.
  General Steps:
  =============
  1. Verify the new server's TCP/IP configuration has been pointed to the current DNS server.
  2. Make the new server become a member server of the current Windows Server 2003 domain first.
  3. Upgrade the Windows Server 2003 forest schema to Windows Server 2008 schema with the "adprep /forestprep" command on old server.
  Please run the "adprep.exe /forestprep" command from the Windows Server 2008 installation disk on the schema master. To do this, insert the Windows Server 2008 installation disk, and then type the following command:
  Drive:\sources\ADPREP\adprep.exe /forestprep
  4. Upgrade the Windows 2003 domain schema with the "adprep /domainprep" command on old server.
  Please run the "adprep.exe /domainprep" command from the Windows Server 2008 installation disk on the infrastructure master. To do this, insert the Windows Server 2008 installation disk, and then type the following command:
  Drive:\sources\ADPREP \adprep.exe /domainprep
  5. Insert Windows Server 2008 Installation Disc in the new server.
  6. Run "dcpromo" on new server to promote it as an additional domain controller in existing Windows 2003 domain, afterwards you may verify the installation of Active Directory.
  Please refer to:
  How to Verify an Active Directory Installation in Windows Server 2003
  http://support.microsoft.com/kb/816106
  7. Verify the new server's TCP/IP configuration has been pointed to current DNS server.
  8. Enable Global Catalog on new server and manually Check Replication Topology and afterwards manually trigger replication (Replicate Now) to synchronize Active Directory database between 2 replicas.
  Please note: It will some time to replicate GC between DC, please wait some time with patience.
  9. Disable Global Catalog on the old DC.
  10. Transfer all the FSMO roles from the old DC to the new DC.
  Please refer to:
  How to view and transfer FSMO roles in Windows Server 2003
  http://support.microsoft.com/kb/324801
  11. Verify that the old DNS Server Zone type is Active Directory-Integrated. If not, please refer to:
  How To: Convert DNS Primary Server to Active Directory Integrated
  http://support.microsoft.com/kb/816101
  Note: Active Directory Integrated-Zone is available only if DNS server is a domain controller.
  12. Install DNS component on new server and configure it as a new DNS Server (Active Directory Integrated-Zone is preferred). All the DNS configuration should be replicated to the new DNS server with Active Directory Replication.
  13. Make all the clients change TCP/IP configuration to point to new server as DNS.
  14. You may configure TCP/IP on all the clients, or adjust DHCP scope settings to make them use the new DNS server.
  Please note: It is a good practice to make the old DC offline for several days and check whether everything works normally with the new server online. If so, you may let the old DC online and run DCPROMO to demote it.
  Hope it helps.
  Regards,
  Wilson Jia
  This posting is provided "AS IS" with no warranties, and confers no rights.

• How to upgrade Domain Controller 2008 to 2012 on New Server

  Hi All,
  We are planning to upgrade our domain controller and exchange server 2008 to 2012 R2, so can anyone please suggest what step should be taken first. we have new server machine we are planning to install Windows 2012 R2 and create a additional domain controller
  of our existing domain 2008 then transfer the FSMO roles to this server to act as a primary. after successful migration we will upgrade our exchange 2008 to 2012. please advice is there any problem to do this way.
  Thanks
  Agha

  I was just curious about the same thing. However, I am running 32bit version of server 2008 and want to move the server 2012 r2. This will be on a machine with new hardware and all. Am just curious though if it is possible to migrate some of the
  domain as to not to have to replicate everything?
  Directory Services doesn't really care what version of the OS you are using.  You cannot do an in-place upgrade from a 32bit box to a 64bit box.
  You'll need to make your new R2 server, install AD, move the FSMOs, and demote your 2008 32bit box.
  What WOULDN'T you want to replicate?  That's not how AD works.  It's a multimaster enviroment where ALL DCs have the same information.  You can't choose which objects replicate.  To do that, you'll need to clean up your AD.
  Good luck.
  - Chris Ream -
  **Remember, if you find a post that is helpful, or is the answer, please mark it appropriately.**

• Potential Downtime or Damage to Exchange if I remove a second domain controller??

  We have a single instance of Exchange 2010 with all roles (minus lync, communications, etc..) on a Server 2008 Standard server.
  We also have a primary domain controller and a second domain controller that offers DNS and would be used in case of disaster to the primary controller.
  I've noticed in the past that if the secondary domain controller is down for maintenance that the Exchange server starts having problems. A major example of this would be last year the virtual instance of the second domain controller failed and when we rebooted
  the exchange server, it lost its association with the domain even though the primary domain controller was readily accessible. 
  We are in a spot now that we no longer need the secondary domain controller and want to decommission it. I obviously want that to go as smoothly as possible. Is there anything I should do to prevent any unwanted damages to the exchange environment? 
  Jonathan Strader

  It doesn't seem that anyone has responded to this.  The short answer is turning off the secondary server will NOT have an effect on the exchange server.  HOWEVER, that is the short answer.  
  It WILL have an effect if:
  1) the secondary server is the ONLY DNS server and the exchange server is using the secondary server for DNS queries.
  2) The FSMO Roles are on the secondary server
  3) The Secondary server is the only global catalog.
  I know this is a lot to take in.. but it really isn't that hard.  FSMO Roles and global catalog are just a piece of active directory that keeps track of users, rights, settings, that sort of thing.  You need to make sure that you seize the FSMO
  roles on the first domain controller.  
  One command you can do on the first server to check fsmo roles is:
  netdom query fsmo
  On a side note.  This is what you can do as well to see if the secondary server has any effect on exchange.  Ready?  Turn off the secondary server and see if anything bad happens (People don't get their emails..) if something stops working
  after you turn off the second server then turn it back again.  Everything should be back to normal.  
  Jerry Suner