Re: Problem getting Exchange 2000 to see AD 2003 GC
- From: BeFree <BeFree@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 20 May 2005 16:02:02 -0700
Confirmation that under the Default Domain Security Policy, Enterprise
Exchange Servers is listed under Manage Auditing and Security Log. Any idea
how to get the SACL bit to be 'happy' on Windows 2003 AD?
__________________________________________
"BeFree" wrote:
> Excellent idea. We turned on the logging as described, and the email server
> does see it as a GC, but still under the Directory Access tab it never shows
> up. We tried with two different servers running Windows 2003, one with SP1
> and another without. They both show the 1 in the Global Catalog bit, DC5 is
> 2K3 SP1 & DC4 is 2K3 without SP1. DC2 and YVE are not reachable, they're
> from the production network and this is the testlab network. I do see from
> this that the 2K3 servers do not get the SACL right - I am going to go check
> the default domain controller security policy and make sure that Enterprise
> Exchange servers has the right to manage the event logs (correct ?)
>
> Next week we are going to bring in another Windows 2000 server and then
> upgrade it to 2K3 and see that it works. The first time we did that test it
> worked just fine, it's just the new clean build of 2K3 that's giving us the
> issue.
>
> Event Type: Information
>
> Event Source: MSExchangeDSAccess
>
> Event Category: Topology
>
> Event ID: 2080
>
> Date: 5/20/2005
>
> Time: 12:14:40 PM
>
> User: N/A
>
> Computer: CI-MAIL3
>
> Description:
>
> Process MAD.EXE (PID=1140). DSAccess has discovered the following servers
> with the following characteristics:
>
> (Server name | Roles | Reachability | Synchronized | GC capable | PDC |
> SACL right | Critical Data | Netlogon)
>
> In-site:
>
> ci-dc2.CI.conservation.org CDG 0 0 1 0 0 0 0
>
> ci-dc3.CI.conservation.org CDG 7 7 1 0 1 1 7
>
> ci-dc1.CI.conservation.org CDG 7 7 1 0 1 1 7
>
> CI-DC5.CI.conservation.org CDG 7 7 1 0 0 1 7
>
> Out-of-site:
>
> ci-dcyve.CI.conservation.org CDG 0 0 1 0 0 0 0
>
>
>
>
>
> For more information, click http://www.microsoft.com/contentredirect.asp.
>
> Event Type: Information
>
> Event Source: MSExchangeDSAccess
>
> Event Category: Topology
>
> Event ID: 2080
>
> Date: 5/20/2005
>
> Time: 5:33:11 PM
>
> User: N/A
>
> Computer: CI-MAIL3
>
> Description:
>
> Process INETINFO.EXE (PID=1060). DSAccess has discovered the following
> servers with the following characteristics:
>
> (Server name | Roles | Reachability | Synchronized | GC capable | PDC |
> SACL right | Critical Data | Netlogon)
>
> In-site:
>
> CI-DC5.CI.conservation.org CDG 7 7 1 0 0 1 7
>
> ci-dc3.CI.conservation.org CDG 7 7 1 0 1 1 7
>
> ci-dc1.CI.conservation.org CDG 7 7 1 0 1 1 7
>
> ci-dc2.CI.conservation.org CDG 0 0 1 0 0 0 0
>
> ci-dc4.CI.conservation.org CDG 7 7 1 0 0 1 7
>
> Out-of-site:
>
> ci-dcyve.CI.conservation.org CDG 0 0 1 0 0 0 0
>
> ------------------------------------------------------------------
>
> "Tony Murray" wrote:
>
> > The DC/GC may not be properly synchronized. You can check by connecting to
> > RootDSE (using LDP.EXE) and looking for the IsSynchronized flag. Another
> > good option would to use wind up the diagnostics logging on DSAccess, as
> > explained in the following article.
> >
> > http://support.microsoft.com/kb/316300
> >
> > Tony
> > www.activedir.org
> >
> > "BeFree" <BeFree@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> > news:59D550F8-414E-426E-96A5-93485BAF4F29@xxxxxxxxxxxxxxxx
> > > We are trying to decide the best way to upgrade our AD 2000 & Exchange
> > > 2000
> > > domain to 2003. I can't upgrade the AD servers because they're off the
> > > HCL,
> > > so I want to replace them with newly built Windows 2003 servers, dcpromo'd
> > > into the tree (after the prerequisite adprep and mangle prevention tasks
> > > ...). We're working all of this out in the testlab first. For the full
> > > story and proposed migration plan, see
> > > http://x220.win2ktest.com/forum/topic.asp?TOPIC_ID=13776
> > >
> > > The problem is we can't seem to get Exchange 2000 to work after doing
> > > that.
> > > It can not see the newly created Windows 2003 AD as a Global Catalog. It
> > > does appear to actually be a GC, repadmin /showreps says IS_GC, and it's
> > > listed in DNS as a GC as well. But in Exchange System Manager on the
> > > Directory Access tab it does not recognize the 2003 server automatically.
> > > If
> > > we set it to manual and force it to that new server, the message stores
> > > don't
> > > mount and it complains that there is no GC. All the Microsoft literature
> > > I've read says that Exchange 2000 will work just fine with AD 2003, but
> > > they
> > > usually are talking about an upgrade path.
> > >
> > > When we ran through the scenario of doing it as an upgrade after DCPROMO,
> > > the 2003 server does work just fine with Exchange. Only when it's a clean
> > > build of Windows 2003 fresh (which is what I'd prefer for many reasons)
> > > does
> > > it cause Exchange grief.
> > >
> > > Can anyone confirm that this should work, promoting a Windows 2003 server
> > > and using it as a GC for Exchange 2000? Or will I need to keep a Windows
> > > 2000 GC available until Exchange 2003 has replaced Exchange 2000
> > > completely
> > > in our environment ?
> > >
> >
> >
> >
.
- Follow-Ups:
- Re: Problem getting Exchange 2000 to see AD 2003 GC
- From: Tony Murray
- Re: Problem getting Exchange 2000 to see AD 2003 GC
- References:
- Problem getting Exchange 2000 to see AD 2003 GC
- From: BeFree
- Re: Problem getting Exchange 2000 to see AD 2003 GC
- From: Tony Murray
- Re: Problem getting Exchange 2000 to see AD 2003 GC
- From: BeFree
- Problem getting Exchange 2000 to see AD 2003 GC
- Prev by Date: Re: Problem getting Exchange 2000 to see AD 2003 GC
- Next by Date: Re: WAN exchange connection , limit traffick
- Previous by thread: Re: Problem getting Exchange 2000 to see AD 2003 GC
- Next by thread: Re: Problem getting Exchange 2000 to see AD 2003 GC
- Index(es):
Relevant Pages
|
Loading
