windows:servers:exchange:dag

Differences

This shows you the differences between two versions of the page.


windows:servers:exchange:dag [2019/10/31 09:14] (current) – created - external edit 127.0.0.1
Line 1: Line 1:
 +====== Create/Remove Exchange Database Availability Group ======
 +DAG Witness server is an ordinary server (not a member of dag or hosting any roles other than file share for dag). It can be a witness for multiple DAGs
  
 +Add witness server to Exchange Trusted Subsystem group (or ADD DOMAIN\Exchange Trusted Subsystem group as a member of .\Administrators group - net localgroup is useless in this case, because group name is longer than 20 charactrs)
 +
 +To add a server to the Exchange Trusted Subsystem group 
 +  - On a domain controller, click Start, click Run, type dsa.msc to open the Active Directory Users and Computers snap-in, and then click OK.
 +  - ocate the appropriate domain, and then click the Microsoft Exchange Security Groups container.
 +  - In the details pane, double-click Exchange Trusted Subsystem.
 +  - Click the Members tab, and then add the server to the Members list.is case)
 +
 +To add Exchange Trusted Subsystem group to local Administrators group
 +  - Open MMC
 +  - Add Computer Management snap in and connect to witness server
 +  - Add Exchange Trusted Subsystem group as a member to local Administrators group
 +
 +
 +
 +Note: You might need to disable the witness firewall **netsh advfirewall set allprofiles state off**
 +<code powershell Create DAG>
 +new-databaseavailabilitygroup -name dag01 -WitnessServer  msp-dag01.contoso.local
 +Add-DatabaseAvailabilityGroupServer -Identity dag01 -MailboxServer msp-exc01
 +Add-DatabaseAvailabilityGroupServer -Identity dag01 -MailboxServer msp-exc02
 +add-MailboxDatabaseCopy -Identity db01 -MailboxServer msp-exc02
 +add-MailboxDatabaseCopy -Identity db02 -MailboxServer msp-exc01
 +</code>
 +
 +<code powershell Remove DAG>
 +get-DatabaseAvailabilityGroup
 +Get-MailboxDatabase | Format-List DatabaseCopies
 +Remove-MailboxDatabaseCopy -Identity db01\MSP-EXC02
 +Remove-DatabaseAvailabilityGroupServer -Identity dag01 -MailboxServer msp-exc02
 +# or
 +Remove-DatabaseAvailabilityGroupServer -Identity dag01 -MailboxServer msp-exc02.vag.local -ConfigurationOnly
 +# or
 +cluster dag01 node msp-exc01 /forcecleanup
 +Remove-DatabaseAvailabilityGroup -Identity DAG1
 +</code>
 +
 +Now you can remove your old entry from Active Directory forcefully, If you removed an Exchange server from your network without properly uninstalling it, either because you experimented with it on a test box or on a virtual machine, or simply because you didn’t know better, you may notice that the server continues to exist in the network’s Active Directory and shows up in the Exchange Management Console of your new exchange server.
 +
 +=== Removing AD Configuration ===
 +The list of Exchange servers on the domain is stored in the Active Directory configuration. Following steps below to remove the obsolete server:
 +  * Log on to the **Domain Controller**.
 +  * From the Start menu select Run… and enter adsiedit.msc to launch the **ADSI Edit** tool
 +  * In the tool, right-click **ADSI Edit** and select **Connect To…**
 +  * In the Connection Settings dialog under Select a well known Naming Context select **Configuration** and click **OK**
 +  * Navigate to CN=Configuration [domain] → CN=Services → CN=Microsoft Exchange → CN=[organization] → CN=Administrative Groups → **CN=Servers**
 +  * Right-click and **Delete** the container for the offending Exchange server.
 +
 +=== Removing Mailboxes ===
 +The Active Directory also stores information about the mailboxes that were located on the non-existent server. To remove these, perform the following steps in the ADSI Edit tool:
 +  * Navigate to CN=Configuration [domain] → CN=Services → CN=Microsoft Exchange → CN=[organization] → CN=Administrative Groups → **CN=Databases**
 +  * Identify the Mailbox Database containers that belonged to the lost server and **Delete** them.
 +Make sure that you are not deleting working mailboxes from the list, if you delete any by mistake.
 +
 +=== Removing Security Settings ===
 +Now that the server is removed, some other settings need to be cleaned up as well. Perform the following additional steps on the domain controller:
 +  * Launch **Server Manager**
 +  * Navigate to Roles → Active Directory Domain Services → Active Directory Users and Computers [domain] → [domain] → Microsoft Exchange Security Groups
 +  * Remove the computer from the members list of Exchange Servers
 +  * Remove the computer from the members list of Exchange Trusted Subsystem.
 +If the computer was removed from the network altogether, you may also want to remove it from the Active Directory’s list of computers, as well as the **DNS Server’s Forward Lookup Zones**.
 +
 +
 +The DAG members in the primary datacenter must be forcibly evicted from the DAG's underlying cluster by running the following commands on each member:
 +<code>
 +net stop clussvc
 +cluster <DAGName> node <DAGMemberName> /forcecleanup
 +</code>
 +The DAG members in the second datacenter must now be restarted and then used to complete the eviction process from the second datacenter. Stop the Cluster service on each DAG member in the second datacenter by running the following command on each member:
 +<code>net stop clussvc</code>
 +On a DAG member in the second datacenter, force a quorum start of the Cluster service by running the following command:
 +<code>net start clussvc /forcequorum</code>
 +Open the Failover Cluster Management tool and connect to the DAG's underlying cluster. Expand the cluster, and then expand Nodes. Right-click each node in the primary datacenter, select More Actions, and then select Evict. When you're done evicting the DAG members in the primary datacenter, close the Failover Cluster Management tool.