This Exchange server is also a domain controller, which is not a recommended configuration

[This topic is intended to address a specific issue called out by the Exchange Server Analyzer Tool. You should apply it only to systems that have had the Exchange Server Analyzer Tool run against them and are experiencing that specific issue. The Exchange Server Analyzer Tool, available as a free download, remotely collects configuration data from each server in the topology and automatically analyzes the data. The resulting report details important configuration issues, potential problems, and nondefault product settings. By following these recommendations, you can achieve better performance, scalability, reliability, and uptime. For more information about the tool or to download the latest versions, see "Microsoft Exchange Analyzers" at https://go.microsoft.com/fwlink/?linkid=34707.]  

Topic Last Modified: 2009-08-17

The Microsoft® Exchange Server Analyzer Tool queries the Win32_ComputerSystem Microsoft Windows® Management Instrumentation (WMI) class to determine the value of the DomainRole key. Valid values for this key are shown in the following table.

Value Meaning

0

Stand-alone workstation

1

Member workstation

2

Stand-alone server

3

Member server

4

Backup domain controller

5

Primary domain controller

In addition, the Exchange Server Analyzer also queries the Win32_Service WMI class to determine the value of the Started key for ClusSvc, the Cluster service.

The Exchange Server Analyzer also queries the Active Directory® directory service to determine the value of the serialNumber attribute of all directory objects that have an object category of msExchExchangeServer. The value for the serialNumber attribute indicates the version of Exchange Server in use.

If the Exchange Server Analyzer determines that the value for the DomainRole key is greater than 3 on an Exchange Server computer, and that the Exchange Server computer is not running Exchange Server version 5.5 or running in a Windows cluster, a warning is displayed.

If you are running Exchange Server as a part of Microsoft Small Business Server 2000, Windows Small Business Server 2003, or Windows Small Business Server 2008, you can install Exchange Server on a domain controller. However, if you are not running Exchange Server as part of Small Business Server, it is recommended that you avoid running Exchange Server on a domain controller.

If you are running Exchange Server on a domain controller without Small Business Server, be aware of the following issues:

  • Exchange Server and Active Directory are both resource-intensive applications. There are performance implications to be considered when both are running on the same computer.

  • If Exchange Server is running on a domain controller, you must also make that domain controller a global catalog server. For more information about creating a global catalog server, see the Microsoft Knowledge Base article 313994, "How to create or move a global catalog in Windows Server 2003, Windows 2000, or Small Business Server 2000" (https://go.microsoft.com/fwlink/?linkid=3052&kbid=313994).

  • Several Exchange Server directory components, such as Directory Service Access (DSAccess), Directory Service Proxy (DSProxy) and the Message Categorizer will not fail over to any other domain controller or global catalog server.

  • You should not take advantage of the /3GB startup switch in Windows because it could cause Exchange Server to consume all memory, thus reducing the memory available for Active Directory.

  • System shutdown will take considerably longer if the Exchange Server services are not stopped before shutting down or restarting the server.

  • This configuration is less secure because Exchange administrators will have local administrative access to Active Directory, enabling them to elevate their own privileges. In addition, any security vulnerability found in either Exchange Server or Active Directory exposes the other to compromise.

  • If you are running Exchange Server 2003 or Exchange Server 2007 on a domain controller, using the domain controller promotion tool (DCPromo) to change the computer role is not supported, and is known to break components such as Microsoft Outlook® Mobile Access.

  • Running Exchange Server 2003 or Exchange Server 2007 on a clustered node that is also an Active Directory domain controller is not supported and should never be done. This means that if you are running Exchange 2000 Server on a node in a cluster that is also a domain controller, you must demote the server to a member server prior to upgrading from Exchange 2000 Server to Exchange Server 2003.

If the computer is running Exchange 2000 Server, it is recommended that you demote the server to a member server using DCPromo at your earliest opportunity. If the computer is running Exchange Server 2003, use the following procedure to correct this warning.

To correct this warning

  1. Install Exchange Server on a different computer.

  2. Use Move Mailbox in the Exchange Task Wizard to move any existing mailboxes from the domain controller to the new Exchange server.

  3. Rehome any public folders and roles held by the old Exchange Server computer to the new Exchange Server computer.

  4. Uninstall Exchange Server from the domain controller.

For more information about installing Exchange Server on a domain controller, see the Microsoft Knowledge Base article 250989, "XADM: Installing the ADC on a Windows 2000 Domain Controller That Also Runs Exchange Server" (https://go.microsoft.com/fwlink/?LinkId=3052&kbid=250989).