Excluding Domain Controllers in Exchange 2010

Update 5/31/2013: DO NOT PUT YOUR LIST IN QUOTES! Putting the list of domain controllers within quotes causes Exchange to view that item as a single name, versus parsing out at the commas. I’ve updated the Powershell commands below to show it without the quotes.

I’m back and in action working as an Exchange SME from being involved in an SCCM project for a few months, and one of the issues I ran into at a client is that they needed to roll out a few new domain controllers in their empty root domain as well as their child domain. Unfortunately there were some deployment issues that caused the OAB generation to fail when it his these problematic DCs.

While we didnt want to use the StaticDomainControllers and StaticGlobalCatalogs switch for the Set-ExchangeServer command, in this case until we get the problematic DCs fixed, we decided to use the StaticExcludedDomainControllers switch. We could optionally set each one individually:

Set-ExchangeServer -Identity MP1EXCCAS501 -StaticExcludedDomainControllers MP1INFADS012.child.corp,MP1INFADS003.parent.corp,MP1INFADS002.parent.corp

Or pipe the list of servers into the command to set them  all at once:

Get-ExchangeServer | Set-ExchangeServer -StaticExcludedDomainControllers MP1INFADS012.child.corp,MP1INFADS003.parent.corp,MP1INFADS002.parent.corp

Once this was set, we ran into the age old issue that it wasn’t being reflected through the Get-ExchangeServer command. I don’t know WHY Microsoft did it this way, but you have to use the -STATUS switch to see the results reflected properly. I always prefer the format table command and list out each of the DC settings to ensure things took properly.

get-exchangeserver -status | ft name,staticexcludeddomaincontrollers,staticdomaincontrollers,staticglobalcatalogs

Based on AD replication, you may need to give it some time (up to 60 minutes) to bake in, but you can always open the Event Log on your server and in the Application event log look for MSExchange ADAccess 2080 Topology. It should not show those excluded domain controllers:

Log Name:      Application
Source:        MSExchange ADAccess
Date:          3/19/2013 12:36:30 PM
Event ID:      2080
Task Category: Topology
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      mp1excmbx504.child.corp
Process MSEXCHANGEADTOPOLOGYSERVICE.EXE (PID=1740). Exchange Active Directory Provider has discovered the following servers with the following characteristics:
(Server name | Roles | Enabled | Reachability | Synchronized | GC capable | PDC | SACL right | Critical Data | Netlogon | OS Version)
MP1INFADS001.parent.corp CDG 1 7 7 1 0 1 1 7 1
MP1INFADS011.child.corp CDG 1 7 7 1 0 1 1 7 1
MP1INFADS501.parent.corp CDG 1 7 7 1 0 1 1 7 1
mp1infads511.child.corp CDG 1 7 7 1 0 1 1 7 1
MP1INFADS012.child.corp CDG 1 7 7 1 0 1 1 7 1
MP1INFADS002.parent.corp CDG 1 7 7 1 0 1 1 7 1
MP1INFADS003.parent.corp CDG 1 7 7 1 0 1 1 7 1
mp1infdns501.child.corp CDG 1 7 7 1 0 1 1 7 1
mp1infdns502.child.corp CDG 1 7 7 1 0 1 1 7 1


Chris Blackburn

Learn More →

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.