Exchange DSAccess / ADAccess and AD site Link

By writing the article, I hope that you will be able to understand the criteria considered by DS Access to list GCs in Event ID 2080. The article will allow you to ensure continuity in case of a server failure.

I will start by listing how DS Access/AD Access identifies the topology by using the following steps for the benefit of Exchange administrators:

  1. The system attendant process, mad.exe, instantiates and initializes DSAccess.dll during startup.
  2. From the local domain, DSAccess opens an LDAP connection to a randomly chosen Domain Controller (DC). This DC is referred to as the bootstrap server.
  3. DSAccess reads the local registry to determine if the topology is hard coded. If the topology is hard coded, the discovery process stops. If no hard coding is detected, DSAccess continues the discovery process.
  4. DSAccess queries the bootstrap server to identify local DCs and Global Catalog servers (GCs). DSAccess then determines server suitability and assigns server roles.
  5. DSAccess queries the bootstrap server to determine if one or more secondary sites are connected to the local site. If secondary sites exist, DSAccess sorts the siteLink objects for each site from lowest cost to highest cost. DSAccess places the lowest cost sites in a secondary topology list.
  6. DSAccess queries the bootstrap server to identify the DCs and GCs that are located in the secondary topology sites.
  7. DSAccess identifies the full topology and compiles a list of working domain controllers and a list of working GCs.

There are situations when Exchange DS Access/AD Access does not show the GCs from other AD Sites in Event ID 2080. As an Exchange administrator, you may be wondering why the event 2080 does not list all GCs in the domain even though the GCs are healthy. To save you a lot of production downtime and effort, I will discuss the following aspects.

Exchange DS Access/AD Access uses AD Site Link details while listing GCs in Out-Of-Site in Event ID 2080. If there is no direct site link between AD site where Exchange exists and other AD sites, the AD sites' GCs will not be considered to be listed in Event ID 2080.

I thought that giving an explanation on AD site link criteria used by DS Access/AD Access will help you to manage the GC resource efficiently for better Exchange functionality.

Since a picture is worth a thousand words, I will explain the topic in question using examples and diagrams.

Let’s say we have the following lab setup:

  • Four AD sites named Site A, Site B, Site C, and Site D
  • All sites belong to a domain – CONTOSO.COM
  • Each site has two GCs
  • The Site A is installed with Exchange server
  • There are direct AD Site links between Site A and Site B, Site A and Site C, Site A and Site D

  

Picture 1

 

Scenario 1:

The Site A, the Exchange site, has direct AD site link with other AD sites. All site links have the same site Link Cost i.e. 100. So, the Event ID 2080 on Exchange will appear like in the following snapshot, Picture 1A:

  

Picture 1A

Scenario 2:

If I change my AD site Link Cost as shown in Picture 2, then Exchange will pick the GCs from the Site with lowest cost to list under Out-Of-Site in Event ID 2080 and will ignore other AD Site GCs.

 

Picture 2:

Exchange will consider only the Site Link with lowest cost for the Out-Of-Site GCs. So, the Event ID 2080 will look like Picture 2A.

  

Picture 2A

Other GCs in Site B and Site C will not be listed in Event ID 2080. Therefore, Exchange will not use the other GCs i.e. GC5, GC6, GC7 and GC8 in sites B and C.

Scenario 3:

If I change my AD site Link as shown in Picture 3 then Exchange will pick the GCs from the Site C to list under Out-Of-Site in Event ID 2080, and it will ignore other AD Site GCs i.e. GC3, GC4, GC7 and GC8.

  

Picture 3

  

Picture 3A

 

Scenario 4:

This scenario may be a little odd and may not usually happen as there is no AD with multiple AD sites but no site link. Still, I wanted to talk about this scenario so that the logic can be clearly understood. If there are no site links for any site as in Picture 4, sites are not considered. It will only use local site DC/GC.

 

 

Picture 4

 

Picture 4A

 

Now that you’ve gone over various scenarios, you may ask, what if I hardcode the GCs that are:

  • In-Site but do not have a direct site link with Site A, the Exchange Site, or
  • there is no site link with Site A, the Exchange site,

Will exchange use the GCs?

The answer is yes. It will use GCs, because if you hard code the directory servers, DSAccess bypasses the discovery process and checks only for server suitability. Similarly when you set StaticExcludedDomainControllers, the excluded DC will be listed in 2080 event, but scores for the DC in the event will be set to 0 for all except GC Capable.

Let‘s say, I run the following command, the exchange will get updated and will log the Event ID 2080 as in Picture 5:

Get-ExchangeServer MSX | Set-Exchangeserver –identity MSX – StaticDomainControllers GC3.CONTOSO.COM, GC5.CONTOSO.COM, GC7.CONTOSO.COM – StaticGlobalCatalogs GC3.CONTOSO.COM, GC5.CONTOSO.COM, GC7.CONTOSO.COM – StaticConfigDomainController GC3.CONTOSO.COM

 

Picture 5

In conclusion, you can ensure service continuity and minimize service downtime by setting a proper AD site link.

 

 

Applies to

Microsoft Exchange Server 2010

Microsoft Exchange Server 2007

Microsoft Exchange Server 2003

Comments

  • Anonymous
    January 01, 2003
    Thanks for sharing

  • Anonymous
    April 28, 2014
    So in this case what is the purpose or main reason to do the hard coding of the AD site using the registry key HKLMSystemCurrentControlSetServicesNetlogonParameters ?

  • Anonymous
    March 17, 2015
    Information very helpfull

  • Anonymous
    October 13, 2015
    Very informative and easy explanation ... thanks for sharing :)

  • Anonymous
    January 08, 2016
    Informative. Thanks for sharing.

  • Anonymous
    January 12, 2016
    Useful post! Is it applicable to Exchange Server 2013?