Exchange resident on domain controller that is not a global catalog server

[This topic is intended to address a specific issue called out by the Exchange Server Analyzer Tool. You should apply it only to systems that have had the Exchange Server Analyzer Tool run against them and are experiencing that specific issue. The Exchange Server Analyzer Tool, available as a free download, remotely collects configuration data from each server in the topology and automatically analyzes the data. The resulting report details important configuration issues, potential problems, and nondefault product settings. By following these recommendations, you can achieve better performance, scalability, reliability, and uptime. For more information about the tool or to download the latest versions, see "Microsoft Exchange Analyzers" at https://go.microsoft.com/fwlink/?linkid=34707.]  

Topic Last Modified: 2010-04-28

The Microsoft® Exchange Server Analyzer Tool queries the Win32_ComputerSystem Microsoft Windows® Management Instrumentation (WMI) class to determine the value of the DomainRole key. Valid values for this key are shown in the following table.

Value Meaning

0

Stand-alone workstation

1

Member workstation

2

Stand-alone server

3

Member server

4

Backup domain controller

5

Primary domain controller

The Exchange Server Analyzer also queries the Win32_Service WMI class to determine the value of the Started key for ClusSvc, the Cluster service. Additionally, the Exchange Server Analyzer queries the Win32_OperatingSystem WMI class to determine the value of the OSProductSuite key. The value of the OSProductSuite key indicates the version of Windows running on the computer.

The Exchange Server Analyzer also queries the Active Directory® directory service to determine the value of the serialNumber attribute of all directory objects that have an object category of msExchExchangeServer. The value for the serialNumber attribute indicates the version of Exchange Server being used.

Finally, the Exchange Server Analyzer queries Active Directory to determine the value of the isGlobalCatalogReady attribute of this server. A value of True for this attribute indicates that the directory server is also a functioning global catalog server, and a value of False indicates that the directory server is not a global catalog server.

If the Exchange Server Analyzer determines that the value for the DomainRole key is greater than 3 on an Exchange Server computer; that the Exchange Server computer is not running Windows Small Business Server, Exchange Server version 5.5, or running in a Windows cluster; and that the isGlobalCatalogReady attribute is set to False, a warning is displayed.

This warning indicates that Exchange Server is running on a directory server that is not also a functioning global catalog server. This configuration is not supported, and it may cause Exchange services to fail.

If you are running Exchange Server on a domain controller without Small Business Server, consider the following issues:

  • Exchange Server and Active Directory are both resource-intensive applications. There are performance implications to be considered when both applications are running on the same computer.

  • If Exchange Server is running on a domain controller, you must also make that domain controller a global catalog server.

  • Several Exchange Server directory components, such as Directory Service Access (DSAccess), Directory Service Proxy (DSProxy), and the Message Categorizer will not fail over to any other domain controller or global catalog server.

  • You should not take advantage of the /3GB startup switch in Windows because it could cause Exchange Server to consume all memory, therefore reducing the memory available for Active Directory.

  • System shutdown will take much longer if the Exchange Server services are not stopped before you shut down or restart the server.

  • This configuration is less secure because Exchange administrators will have local administrative access to Active Directory. This enables them to elevate their own privileges. Additionally, any security vulnerability found in either Exchange Server or Active Directory exposes the other to compromise.

  • If you are running Exchange Server 2003, Exchange Server 2007, or Exchange Server 2010 on a domain controller, using the domain controller promotion tool (DCPromo) to change the computer role is not supported. This procedure is known to break components, such as Microsoft Outlook® Mobile Access.

  • Running Exchange Server 2003, Exchange Server 2007, or Exchange Server 2010 on a clustered node that is also an Active Directory domain controller is not supported. This procedure should never be performed. That is, if you are running Exchange 2000 Server on a node in a cluster that is also a domain controller, you must demote the server to a member server before you upgrade from Exchange 2000 Server to Exchange Server 2003.

If the computer is running Exchange 2000 Server, we recommend that you demote the server to a member server using DCPromo at the first opportunity. If the computer is running Exchange Server 2003, Exchange Server 2007, or Exchange Server 2010, use one of the following procedures to correct this warning.

To correct this warning by moving Exchange to another computer

  1. Install Exchange Server on a different computer.

  2. Use Move Mailbox in the Exchange Task Wizard to move any existing mailboxes from the domain controller to the new Exchange server.

  3. Rehome any public folders and roles held by the old Exchange Server computer to the new Exchange Server computer.

  4. Uninstall Exchange Server from the domain controller.

To correct this warning by making the Exchange server a global catalog server

  1. Open Active Directory Sites and Services.

  2. Expand Sites, expand the Site, and then expand Servers.

  3. Select the domain controller that you want to specify as a global catalog server.

  4. In the right pane, right-click NTDS Settings and select Properties.

  5. On the General tab, select the Global Catalog check box. If the directory server is running Windows 2000 Server with Service Pack 2 or earlier, restart the server for the change to take effect. If the directory server is running Windows 2000 Server with Service Pack 3 or later or running Windows Server™ 2003, the change occurs dynamically without restarting the server.

For more information about how to install Exchange Server on a domain controller, see the Microsoft Knowledge Base article 250989, "XADM: Installing the ADC on a Windows 2000 Domain Controller That Also Runs Exchange Server" (https://go.microsoft.com/fwlink/?LinkId=3052&kbid=250989).