Recipe3.2.Forcing Exchange to Use Specific Domain Controllers

Recipe 3.2. Forcing Exchange to Use Specific Domain Controllers

Problem

You need to override the DSAccess auto-discovery algorithm and configure your Exchange server to use specific domain controllers.

Solution

Using a graphical user interface

1. Launch the Exchange System Manager (Exchange System Manager.msc).

2. In the left pane, expand the appropriate Administrative Groups container, and then expand the Servers container.

3. Select the desired server.

4. Right-click and select Properties.

5. Select the Directory Access tab. This tab will be present if you are using Exchange 2000 SP2 or later.

6. By default, the Show All Domain Controllers option is selected. While it is, the Automatically discover servers checkbox will be checked and grayed out.

7. Choose a specific type of DC from the list. You should now be able to uncheck the Automatically discover servers checkbox. You will be asked to confirm that you really want to switch to manual configuration; click Yes to confirm. This step must be done separately for each of the three DC roles.

8. Click the Add button.

9. You will be presented with the standard AD-enabled object picker. Type in the name of the DC or click Advanced to search the directory. When you have added the DCs of your choice, click OK.

10. If you want to manually configure more DCs in the same role for redundancy, repeat steps 7 and 8. If you want to manually configure a different role, return to step 6. Note that you will not be allowed to apply your changes if you have disabled automatic configuration in a role and have not configured at least one entry.

11. Click OK to close the property sheet.

12. Optionally, use any of the techniques from Recipe 3.1 to confirm your configuration changes.

Using a command-line interface

While there is no native command-line utility to force a particular topology on Exchange, by using the registry manipulation utility (reg.exe ) you can specify the various types of DCs. For each GC you want to hardcode, run the following commands, using UserGC1, the key name for the first GC, UserGC2 for the second, and so on:

 > reg add HKLM\System\CurrentControlSet\Services\MSExchangeDSAccess\ Profiles\Default\UserGC1 /t REG_SZ /v "Hostname" /d "<FQDN server name>" > reg add HKLM\System\CurrentControlSet\Services\MSExchangeDSAccess\ Profiles\Default\UserGC1 /t REG_DWORD /v "IsGC" /d 1 > reg add HKLM\System\CurrentControlSet\Services\MSExchangeDSAccess\ Profiles\Default\UserGC1 /t REG_DWORD /v "PortNumber" /d 3268

For each DC you want to hardcode, run the following commands:

 > reg add HKLM\System\CurrentControlSet\Services\MSExchangeDSAccess\ Profiles\Default\UserDC1 /t REG_SZ /v "Hostname" /d "<FQDN server name>" > reg add HKLM\System\CurrentControlSet\Services\MSExchangeDSAccess\ Profiles\Default\UserDC1 /t REG_DWORD /v "IsGC" /d 0 > reg add HKLM\System\CurrentControlSet\Services\MSExchangeDSAccess\ Profiles\Default\UserDC1 /t REG_DWORD /v "PortNumber" /d 389

For the configuration DC, run the following commands:

> reg add HKLM\System\CurrentControlSet\Services\MSExchangeDSAccess\Instance0     /t REG_SZ /v "ConfigDCHostname" /d "<FQDN server name>" > reg add HKLM\System\CurrentControlSet\Services\MSExchangeDSAccess\Instance0     /t REG_DWORD /v "ConfigDCPortNumber" /d 389

Using VBScript

' This code removes all existing instances of the Exchange_DSAccessDC object. ' Doing so forces Exchange to rerun the topology discovery process.  ' ------ SCRIPT CONFIGURATION ------ strServer = "<ServerFQDN>"  ' e.g., xch01.foobar.com strDC = "<DomainControllerFQDN>" ' e.g., dc01.foobar.com configType = 0         ' 0 = manual; 1 = automatic ' ------ END CONFIGURATION --------- Dim objWMIExch Dim listDCInst Dim objDCInst Dim strDCInfo ' Get the Exchange Namespace WMI object Set objWMIExch =  GetObject("winmgmts:{impersonationLevel=impersonate}!//" &_   strServer & "/root/MicrosoftExchangeV2") ' Get the list of Exchange_DSAccessDC instances and iterate through them ' to modify their properties; all instances of this Type will become manually ' configured. Set listDCInst = objWMIExch.InstancesOf("Exchange_DSAccessDC") For each objDCInst in listDCInst    objDCInst.Name = strDC    objDCInst.Put_ Next ' Delete all manually configured instances of one Type so that the discovery ' state is reset to Automatic and triggers topology discovery For each objDCInst in listDCInst    If (objDCInst.ConfigurationType = configType) Then        wScript.echo "    **Deleting manually configured DC."       objDCInst.Delete_    End if Next

Discussion

This is a straightforward continuation of the previous recipe. Note that if your Exchange server is also a DC, you will not be able to disable auto-discovery and you will not be able to add or remove instances by any method.

Adding manually-configured entries previous to Exchange 2000 SP2 is a bit different than SP2 and later. In Exchange 2000 and SP1, you cannot set the Configuration DC type via any method. Instead, Exchange examines the list of auto-discovered DCs and chooses the first one to be the configuration DC.

Using the GUI

The GUI creates new keys under HKLM\System\CurrentControlSet\Services\MSEx-changeDSAccess\Profiles\Default and names them <FQDN hostname>.<number>, where number defines the role of the entry (1 is for DC, 2 is for GC). If the same server is listed both as a DC and a GC, it will have two entries. Each entry has four values: Hostname, IsGC, PortNumber, and DSType. Hostname, IsGC, and PortNumber are the same as for the command-line solution; DSType is an enumerated value of 0, 1, or 2, corresponding to configuration DC, DC, or GC, respectively.

Using a command-line interface

On Exchange 2000 SP2 and later, merely create the Instance0 key and add the ConfigDCHostname value to set your Configuration DC. ConfigDCPortNumber is not required.

The registry keys used in the command-line solution are the registry entries that are recommended by all of the Microsoft guidance; they are not the same registry keys that the Exchange GUI creates. When creating these keys manually, you must have a Hostname and IsGC value for each one or Exchange will ignore the entry. PortNumber is optional and is assumed to be the default for each role (389 for DCs, 3268 for GCs). The DSAccess component and DC detection algorithm is described in detail in MS KB 250570 (Directory Service Server Detection and DSAccess Usage).

Using VBScript

Since each instance is really built up from the base WMI SWbemObject, instances inherit the Put_ method which allows us to write the instance back into the active configuration. The Put_ method will validate the instance data for us before writing and successfully update the configuration as long as the following conditions are met:

• The specified DC exists (the Name property is set and valid).

• The instance Type property is set and valid and the specified DC can function in that role (i.e., we're not trying to declare a regular DC as a GC).

• The specified DC can be contacted on the configured port (if the LDAPPort property is specified).

• We're not trying to change and write back read-only properties.

As soon as you manually configure one instance of a particular Type, all other entries of that Type will be removed; be sure to add all of the instances you need.

The second loop in the script demonstrates how to clear all manually configured instances of a Type using the Delete_ method. Once you delete the last manually configured instance of that Type, Exchange will revert to auto-discovery for that type.

See Also

Recipe 3.1 for determining which DCs Exchange is using, MS KB 250570 (Directory Service Server Detection and DSAccess Usage), and the Understanding and Troubleshooting Directory Access Microsoft white paper