I currently have a W2K DC with Exchange 2K running on it. I have 2 new servers. 1 which will be acting as the DC with W2K3 Standard and the other will have W2K3 Standard with exchange 2007 running on it.
I have installed the new DC and have promoted it. I've transfered all the FSMO roles to it but when I make it a GC outlook can no longer connect to the exchange server. 1 thing of note, I did not reboot the new server after making it a GC.
What is the recommended procedure to do this?
Do I need to reboot the new server once making it a GC and then demote the old server?
Thanks for all the input
Before removing the first DC make sure that the new server is listed in the Directory Access tab in EMS. It is best to set each catagory to Auto than manually adding each DC/GC in.
Windows Server 2003 DCs don't need to be rebooted after being made a GC, however you should watch for the event (i think 1119) which states that the server is now a global catalog. If you only have two servers this process should take about 15 minutes. After the server is up and you see it listed under the directory access tab of the Exchange server, you can then dcpromo the original DC.
- Joel
I do see the event stating that the server is a global catalog although I don't see the new server listed in the Directory Access tab.
Is is set to auto (which should be the correct setting)? If you disable auto will it let you add the new DC/GC in manually?
It is set to auto. I had also tried disabling auto and was able to add the new DC/GC manually
So you might want to turn up DSAccess diagnostic logging to maximum on at least General, Topology and LDAP. This should give you insight into how Exchange is choosing the DCs and if there are problems with the new DC. Otherwise, you may want to reboot the DC next time you have a maintenance window, if you have not done so already.
First off, thanks for your continued help jstidley.
I increased the logging level to maximum and I was getting the following messages.
Process EXMGMT.EXE (PID=3504). DSAccess has discovered the following servers with the following characteristics: (Server name | Roles | Reachability | Synchronized | GC capable | PDC | SACL right | Critical Data | Netlogon) In-site:[old dc].ouranos.ca CDG 7 7 1 0 1 1 7[new dc].ouranos.ca CDG 7 7 1 0 0 1 7 Out-of-site:
Seeing as the SACL Right was returning 0 I added the Exchange domain and enterprise servers to Manage auditing and security log of the default group policy.
Once I did that I now get the following but I still do not see the new DC in Directory access.
Process EXMGMT.EXE (PID=3504). DSAccess has discovered the following servers with the following characteristics: (Server name | Roles | Reachability | Synchronized | GC capable | PDC | SACL right | Critical Data | Netlogon) In-site:[old dc].ouranos.ca CDG 7 7 1 0 1 1 7[new dc].ouranos.ca CDG 7 7 1 0 1 1 7 Out-of-site:
I have tried restaring the Exchange SA service with no luck and will reboot the server during off hours.
Also of note I do not see the exchange 2000 schema extensions in the users properties in AD on the new DC.
Is it a question of needing to reboot the server or is there something else preventing the new DC from showing up?
Thanks
The SACL right being 0 concerns me a little. You may want to run dcdiag and/or replmon against the new server to see if there is anything wrong with replication.
Otherwise this article talks about running some more diagnotics against DSAccess to help pinpoint the problem.
Ran dcdiag and all tests pass, ran replmon and there are no errors.
Have you done the Exchange 2007 AD prep yet?
No I haven't, would this be the reason why I don't see my new DC?
The new DC should show up, but since you haven't done the 2007 prep you may want to either re-run the current version of Exchange prep or go through the Exchange 2007 process.
The reason I would try this is because of the SACL problem, the prep should set all permissions and settings for Exchange to work. I've had to run it in the past to get things to work, so I think it is worth a try.
What i'll probably do is run the adprep for Exchange 2000 on my new DC and then once i'm ready for the install of Exchange 2007 i'll run the 2007 prep on the new DC.
I'll let you know how this works out.
Again, thanks for all the help.