Create/Remove Exchange Database Availability Group

DAG Witness server is an ordinary server (not a member of dag or hosting any roles other than file share for dag). It can be a witness for multiple DAGs

Add witness server to Exchange Trusted Subsystem group (or ADD DOMAIN\Exchange Trusted Subsystem group as a member of .\Administrators group - net localgroup is useless in this case, because group name is longer than 20 charactrs)

To add a server to the Exchange Trusted Subsystem group

  1. On a domain controller, click Start, click Run, type dsa.msc to open the Active Directory Users and Computers snap-in, and then click OK.
  2. ocate the appropriate domain, and then click the Microsoft Exchange Security Groups container.
  3. In the details pane, double-click Exchange Trusted Subsystem.
  4. Click the Members tab, and then add the server to the Members case)

To add Exchange Trusted Subsystem group to local Administrators group

  1. Open MMC
  2. Add Computer Management snap in and connect to witness server
  3. Add Exchange Trusted Subsystem group as a member to local Administrators group

Note: You might need to disable the witness firewall netsh advfirewall set allprofiles state off

Create DAG
new-databaseavailabilitygroup -name dag01 -WitnessServer  msp-dag01.contoso.local
Add-DatabaseAvailabilityGroupServer -Identity dag01 -MailboxServer msp-exc01
Add-DatabaseAvailabilityGroupServer -Identity dag01 -MailboxServer msp-exc02
add-MailboxDatabaseCopy -Identity db01 -MailboxServer msp-exc02
add-MailboxDatabaseCopy -Identity db02 -MailboxServer msp-exc01
Remove DAG
Get-MailboxDatabase | Format-List DatabaseCopies
Remove-MailboxDatabaseCopy -Identity db01\MSP-EXC02
Remove-DatabaseAvailabilityGroupServer -Identity dag01 -MailboxServer msp-exc02
# or
Remove-DatabaseAvailabilityGroupServer -Identity dag01 -MailboxServer msp-exc02.vag.local -ConfigurationOnly
# or
cluster dag01 node msp-exc01 /forcecleanup
Remove-DatabaseAvailabilityGroup -Identity DAG1

Now you can remove your old entry from Active Directory forcefully, If you removed an Exchange server from your network without properly uninstalling it, either because you experimented with it on a test box or on a virtual machine, or simply because you didn’t know better, you may notice that the server continues to exist in the network’s Active Directory and shows up in the Exchange Management Console of your new exchange server.

Removing AD Configuration

The list of Exchange servers on the domain is stored in the Active Directory configuration. Following steps below to remove the obsolete server:

  • Log on to the Domain Controller.
  • From the Start menu select Run… and enter adsiedit.msc to launch the ADSI Edit tool
  • In the tool, right-click ADSI Edit and select Connect To…
  • In the Connection Settings dialog under Select a well known Naming Context select Configuration and click OK
  • Navigate to CN=Configuration [domain] → CN=Services → CN=Microsoft Exchange → CN=[organization] → CN=Administrative Groups → CN=Servers
  • Right-click and Delete the container for the offending Exchange server.

Removing Mailboxes

The Active Directory also stores information about the mailboxes that were located on the non-existent server. To remove these, perform the following steps in the ADSI Edit tool:

  • Navigate to CN=Configuration [domain] → CN=Services → CN=Microsoft Exchange → CN=[organization] → CN=Administrative Groups → CN=Databases
  • Identify the Mailbox Database containers that belonged to the lost server and Delete them.

Make sure that you are not deleting working mailboxes from the list, if you delete any by mistake.

Removing Security Settings

Now that the server is removed, some other settings need to be cleaned up as well. Perform the following additional steps on the domain controller:

  • Launch Server Manager
  • Navigate to Roles → Active Directory Domain Services → Active Directory Users and Computers [domain] → [domain] → Microsoft Exchange Security Groups
  • Remove the computer from the members list of Exchange Servers
  • Remove the computer from the members list of Exchange Trusted Subsystem.

If the computer was removed from the network altogether, you may also want to remove it from the Active Directory’s list of computers, as well as the DNS Server’s Forward Lookup Zones.

The DAG members in the primary datacenter must be forcibly evicted from the DAG's underlying cluster by running the following commands on each member:

net stop clussvc
cluster <DAGName> node <DAGMemberName> /forcecleanup

The DAG members in the second datacenter must now be restarted and then used to complete the eviction process from the second datacenter. Stop the Cluster service on each DAG member in the second datacenter by running the following command on each member:

net stop clussvc

On a DAG member in the second datacenter, force a quorum start of the Cluster service by running the following command:

net start clussvc /forcequorum

Open the Failover Cluster Management tool and connect to the DAG's underlying cluster. Expand the cluster, and then expand Nodes. Right-click each node in the primary datacenter, select More Actions, and then select Evict. When you're done evicting the DAG members in the primary datacenter, close the Failover Cluster Management tool.

Enter your comment:
242 +4 = 
  • windows/servers/exchange/dag.txt
  • Last modified: 2019-10-31 09:14
  • (external edit)