Exchange needs Active Directory
I was recently called into help on a ‘Crit Sit’ (Critical Situation) that a customer had with their Exchange 2010 environment.
During the previous night, a few of the Databases that have a total of 3 copies spread across a DAG flipped to different servers. This ultimately was caused by Exchange asking AD a question and getting a ‘different’ answer than expected. This resulted in the Exchange GUI showing ‘GUID’ information for the Databases.
Go to find out that 3 or the 20 Domain Controllers (DC’s) had lost secure channel and stopped making any updated replications to any other DC’s in the entire Active Directory (AD) environment. This only happens after 60 days of not communicating with other DC’s. So basically, the out of date DC’s kept answering the questions from Exchange and providing incorrect information. The databases in question had recently been created and then users were migrated into them. It was this migration process that updated the users’ attribute in AD to reflect that their Exchange database was now different. However, the 3 non-updating DC’s had not received the revised information and therefore were telling the users that their mailbox was still on a previous database, but there was no mailbox information there anymore, it had been migrated to a new database, that the DC’s did not know about.
When a user does something in Outlook, it usually asks Exchange for the information. When that occurs, Exchange has to ask AD. IF the answer comes back incorrect, THEN the end user gets an undesired result and makes a phone call to the help desk, which usually results in the ticket getting forwarded to the Exchange engineer. We don’t like phone calls in IT, as it usually means that something is not working properly.
So there you go, yet another reason to have not only your Exchange environment solid, but also your Active Directory infrastructure rock solid and stable. The more you know, the better off you’ll be.