+ Reply to Thread
Results 1 to 7 of 7
  1. Member
    Join Date
    Aug 2005
    Location
    Minneapolis, MN
    Posts
    45

    Certifications
    A+, N+, MCP (70-121, 70-282), MCSA, AOS Competency: SBS
    #1

    Default Very involved Global Catalog issue - HELP!

    Any help would be VERY appreciated!

    What we have is a forest consisting of a root and 3 child domains, the Exchange server (2K7) is in one of the child domains.

    root=mat.airport,
    child1=mac.mat.airport (this is where exchange resides),
    child2=airsideops.mat.airport,
    child3=environment.mat.airport

    The Exchange cluster is macmail.mac.mat.airport

    The DC that Exchange is trying to connect to is in the root: mac-arf-dc1.mat.airport. This is not a GC it is the infrastructure master. We have 9 GC spread out throughout the forest, the server it is trying to connect to is not one of them.

    Originally when doing the setup /pad it succeeded but complained about not having a RUS for mat, we were told that was ok, during the actual setup of exchange it would not complete without a RUS, we temporarily set the mat-arf-dc1 as a GC, but being it is the infrastructure master. This is against best practices, so after the install, we removed the GC from that server. The latest issue comes when trying to add users to the built in Exchange administrative groups through the Exchange console. The error message below shows that it cannot complete because it is attempting to contact the mat-arf-dc1.mat.airport DC.

    Error Message:
    -------------------------------------------------------------------------------------------------------
    Summary: 1 item(s). 0 succeeded, 1 failed.
    Elapsed time: 00:00:00


    Add-ExchangeAdministrator
    Failed

    Error:
    Active Directory operation failed on mat-arf-dc1.mat.AIRPORT. This error is not retriable. Additional information: The specified group type is invalid.
    Active directory response: 00002141: SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0


    The server cannot handle directory requests.

    Exchange Management Shell command attempted:
    Add-ExchangeAdministrator -Identity 'MAC.MAT.AIRPORT/DataCenters/GO/Users/Administrative accounts/Suche, Ivana (Chg)' -Role 'ViewOnlyAdmin'

    Elapsed Time: 00:00:00
    -------------------------------------------------------------------------------------------------------

    I can add users to the Exch Adm groups using the add users and computers mmc, they do get the right "rights" to the exchange org. However it is important to the big cheese that we get this working correctly. Thanks!!
    Reply With Quote Quote  

  2. SS
  3. Nidhoggr, the Net Serpent Claymoore's Avatar
    Join Date
    Nov 2007
    Location
    FL
    Posts
    1,622

    Certifications
    AWS Architect, MCSEx3, MCITPx6, MCTSx17
    #2
    Is there another GC in the AD site of the Exchange server? There needs to be a GC in every site that has an Exchange server.

    Exchange 2007 System Requirements

    Some of the EMS cmdlets have the ability to specify a domain controller against which the command should run, but you really need to have a GC available so the server can parse distribution lists and reliably perform other Global catalog lookups.
    Reply With Quote Quote  

  4. Virtual Member undomiel's Avatar
    Join Date
    Sep 2007
    Location
    Bellevue, WA
    Posts
    2,813

    Certifications
    MCSA:2008, VCP4/5, CCA (XS), MCITP: EA/VA, MCSE, MCSA, Linux+, Security+, Server+, A+
    #3
    As claymoore mentions I would verify that a GC is available in that site. I would also check into DNS and make sure that the _msdcs has correct entries for GCs for that site. I have run across the problem before with incorrect DNS records.
    Reply With Quote Quote  

  5. Self-Described Huguenot blargoe's Avatar
    Join Date
    Nov 2005
    Location
    NC
    Posts
    4,146

    Certifications
    VCAP5-DCA; VCP 3/4/5/6 (DCV); MCSA 2016/2012/2K3/2K; MCSE:S 2K3/2K; MCSE:M 2K3/2K; MCTS:Exch2K7; EMCSA:CLARiiON; Linux+; Security+; A+
    #4
    Related - Is the Exchange server on a subnet that has been defined in AD at all?
    IT guy since 12/00

    Recent: 1/29/2018 - Passed 70-743 - MCSA 2016 Complete; 1/13/2018 - Passed 70-411 - MCSA 2012 complete
    Working on: Being a better coder, build/test/deploy automation fundamentals
    Future: Renew VCP (due 2/2019), possibly with an adjacent VCP or VCAP
    Reply With Quote Quote  

  6. Senior Member
    Join Date
    Jan 2008
    Posts
    1,941

    Certifications
    MCITP: EA, EMA; MCSE 2000/2003: M; MCSE 2000: S; MCSA 2000/2003: S; MCTS: ISA 2006; VCP3/4
    #5
    It is not against best practices in a multidomain forest for infrastructure masters to be GC's provided that ALL domain controllers are GC's. Considering how little data there is in a global catalog, it's pretty hard to argue against all DC's being GC's.
    Reply With Quote Quote  

  7. Self-Described Huguenot blargoe's Avatar
    Join Date
    Nov 2005
    Location
    NC
    Posts
    4,146

    Certifications
    VCAP5-DCA; VCP 3/4/5/6 (DCV); MCSA 2016/2012/2K3/2K; MCSE:S 2K3/2K; MCSE:M 2K3/2K; MCTS:Exch2K7; EMCSA:CLARiiON; Linux+; Security+; A+
    #6
    Are you absolutely certain AD replication is working correctly?

    Go to Server Configuration - Mailbox, go to the properties of the mailbox server and look at the System Settings tab. This will tell you for certain which servers it's trying to use for GC.
    IT guy since 12/00

    Recent: 1/29/2018 - Passed 70-743 - MCSA 2016 Complete; 1/13/2018 - Passed 70-411 - MCSA 2012 complete
    Working on: Being a better coder, build/test/deploy automation fundamentals
    Future: Renew VCP (due 2/2019), possibly with an adjacent VCP or VCAP
    Reply With Quote Quote  

  8. Self-Described Huguenot blargoe's Avatar
    Join Date
    Nov 2005
    Location
    NC
    Posts
    4,146

    Certifications
    VCAP5-DCA; VCP 3/4/5/6 (DCV); MCSA 2016/2012/2K3/2K; MCSE:S 2K3/2K; MCSE:M 2K3/2K; MCTS:Exch2K7; EMCSA:CLARiiON; Linux+; Security+; A+
    #7
    Quote Originally Posted by HeroPsycho View Post
    It is not against best practices in a multidomain forest for infrastructure masters to be GC's provided that ALL domain controllers are GC's. Considering how little data there is in a global catalog, it's pretty hard to argue against all DC's being GC's.
    True that, it's sooo much simpler to manage if you just go ahead and make them all GC's if you don't have a reason NOT to.
    IT guy since 12/00

    Recent: 1/29/2018 - Passed 70-743 - MCSA 2016 Complete; 1/13/2018 - Passed 70-411 - MCSA 2012 complete
    Working on: Being a better coder, build/test/deploy automation fundamentals
    Future: Renew VCP (due 2/2019), possibly with an adjacent VCP or VCAP
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks