Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Move Exchange or Move Domain Controller?

Status
Not open for further replies.

rageinpc

Technical User
Jan 21, 2003
1
US
The Scenario:
A small, but dispersed, network (approximately 35 users at 3 locations in the state; T1 connection, Firewall\VPN Router handles DHCP)
Domain has a single (Windows 2000 Advanced Server) Domain Controller.
Exchange 2000 Server is also running on this (same) system.

My boss\partner recently used the Microsoft® Exchange Server Best Practices Analyzer Tool and it reported the following:
"This Exchange server is also a domain controller, which is not a recommended configuration"

A TechNet article linked from, and related to, this error message listed several performance and security-related issues associated with this configuration, most of which we do, indeed, suffer from. The article concludes with this recommendation:
"If the computer is running Exchange 2000 Server, it is recommended that you demote the server to a member server using DCPromo at your earliest opportunity."

I'm cautious, however:
· On a domain that has never had another domain controller to replicate AD to…
· On a domain in which, when Exchange 2000 was installed, the schema may have not been "extended" as most articles\guides claim it must be (is this even possible?...and if it is, is there a way to check if the schema was extended or not?)…
· On a domain that seems properly configured, but might have any number of flaws not yet exposed...

What would be the best way to go about this?

There are two other (member) servers in this network: a File Server and a new server with no designated role (as yet). This "no-designated-role" server was installed by my partner with an intention of:
· installing Exchange on it
· Move existing mailboxes from the old-Exchange-server\domain-controller to it (using Move Mailbox in the Exchange Task Wizard).
· Un-installing Exchange from the domain controller.

When I pointed out that these steps referred specifically to Exchange Server 2003, this plan was (wisely) halted, and we discussed the other referenced option. In theory, it sounds like it could be easy enough:

· DCPromo the new server to Domain Controller
· DCPromo the old domain controller down to a Member Server and just leave Exchange there.
· (Optional, but desirable) Reload\replace an XP workstation (his) with Windows Server 2000 OS and DCPromo it to domain controller (a second DC, for replication and backup...which this domain should have had all along, ideally).

It is the lack of any kind of AD replication, ever, that concerns me, I suppose. My partner seems to think that, with a second DC, replication will just "occur"...that the client workstations will be automatically updated as to the existence of the new domain controllers and everything will all just work out like clockwork. Maybe he's right, but...well, I have doubts.

Most guides, documentation, forums, etc. read like it's understood that the domain will have at least two DC's...that the domain was set up in such-and-such a way (properly?) from the start. That's all well and good, but this makes it difficult to find (extract) detailed procedures that specifically address this one-DC-with-Exchange-installed issue (how to best resolve it\seperate the two). Few resources, in other words, address it from the perspective "Ok, so this possibly ALL screwed up and now you need to fix it without bringing the company down. Here's how..."
Though this AD server seems to function well enough, with no glaring problems I can point to...I suspect the domain\Active Directory is not (and likely never was) set up 100% correctly. I have no idea what issues we might encounter with either procedure. Unfortunately, I don't know enough to confirm my suspicions, or even where to start looking.


Any advice or information would be most appreciated.
 
exchange on DC is not recommended, what u can do, set up a staging member server, move all the mailbox over, demission old exhcnge server, demote to member server, instlal exhcnage back again, decommission the staging exchange server, that's it.


i believe there is an aternative, but this one is safe.

------------------------------------
Directory Services/Exchange Consultant
 
If your second box was going to be an Exchange server anyway, I'd just say make it an Exchange server and migrate your mailboxes.

Out of curiosity, what is the KB article detailing problems running Exchange on a DC? I've always heard people say that it could be a problem, but I've never actually encountered any problems using Exchange 2000 on Windows 2000 DCs (and I've been running that config for a couple years). IIRC, SBS 2000 runs a version of Exchange on a DC as well without any problems.
 
Yes, SBS server 2003 comes with Exchange so one would assume this configuration would be okay. I've just ordered up a brand new server with SBS 2003 and was planning on making it a domain controller and installing Exchange Server.

I'm going to search Microsoft for more information on this, will post what I can find.
 
Okay, apparently it's okay as long as your using a Small Business Server package such as SBS 2000 or SBS 2003.

This is from Microsoft MSDN site:

If you are running Exchange Server as a part of Microsoft Windows Small Business Server 2000 or Windows Small Business Server 2003, you can install Exchange Server on a domain controller. However, if you are not running Exchange Server as part of Windows Small Business Server, it is recommended that you avoid running Exchange Server on a domain controller.

If you are running Exchange Server on a domain controller without Small Business Server, be aware of the following issues:

• Exchange Server and Active Directory are both resource-intensive applications. There are performance implications to be considered when both are running on the same computer.

• If Exchange Server is running on a domain controller, you must also make that domain controller a global catalog server. For more information about creating a global catalog server, see the Microsoft Knowledge Base article 816105, "HOW TO: Create or Move a Global Catalog in Windows Server 2003," at
• Several Exchange Server directory components, such as Directory Service Access (DSAccess), Directory Service Proxy (DSProxy) and the Message Categorizer will not fail over to any other domain controller or global catalog server.

• You should not take advantage of the /3GB startup switch in Windows because it could cause Exchange Server to consume all memory, thus starving Active Directory.

• System shutdown will take considerably longer if the Exchange Server services are not stopped before shutting down or rebooting the server.

• This configuration is less secure because Exchange administrators will have local administrative access to Active Directory, enabling them to elevate their own privileges. In addition, any security vulnerability found in either Exchange Server or Active Directory exposes the other to compromise.

• If you are running Exchange Server 2003 on a domain controller, using the domain controller promotion tool (DCPromo) to change the computer role is not supported, and is known to break components such as Outlook Mobile Access.

• Running Exchange Server 2003 on a clustered node that is also an Active Directory domain controller is not supported and should never be done. This means that if you are running Exchange 2000 Server on a node in a cluster that is also a domain controller, you must demote the server to a member server prior to upgrading from Exchange 2000 Server to Exchange Server 2003.


If the computer is running Exchange 2000 Server, it is recommended that you demote the server to a member server using DCPromo at your earliest opportunity. If the computer is running Exchange Server 2003, use the procedure below to correct this warning.

To correct this warning
1.
Install Exchange Server on a different computer.

2.
Use Move Mailbox in the Exchange Task Wizard to move any existing mailboxes from the domain controller to the new Exchange server.

3.
Rehome any public folders and roles held by the old Exchange Server computer to the new Exchange Server computer.

4.
Uninstall Exchange Server from the domain controller.


For more information about installing Exchange Server on a domain controller, see Microsoft Knowledge Base article 250989, "XADM: Installing the ADC on a Windows 2000 Domain Controller That Also Runs Exchange Server," at
 
OK. That is helpful. It looks like in cases of smaller installations of Exchange/Windows 2000 (especially in those where the Domain and Exchange Admins are the same people), it shouldn't be much of a problem.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top