AD site design for centralized mail. Ex2010
Hi all, We have Single Forest/domain Windows 2008 .FFL and DFL 2003. There are 24 AD sites, spilt among NA. Asia and Europe . All DCs are GCs and DNS servers, a DC in each AD site however, 5 sites (small remote offices) are running RODCs . We are a Lotus Notes shop and migrating to Exchange 2010. Currently email is decentralized model, a domino server in every AD site . Now that we are moving to Ex 2010 a decision was made to centralized mail, all mail servers will be hosted in our datacenter ( single AD site ) as result there will be no local exchange server or CAS server in any remote sites . We have apprx 4000 users combined in all sites and we will be build out approx 3-4 servers in DAG along with NLB CAS array in our datacenter . .. My question is we currently have 2 two DCs in our datacenter granted all users will now connect to the datacenter for mail do I need to add addition DCs in my datacenter? I read that outlook clients will require a GC in every AD site therefore I assume there shouldn't be any issues because all AD sites there is DC/GC however not sure about the 5 AD site that host RODCs. Do I need to rebuild to RWDCs or in that case will the Outlook clients use the datacenter DCs/GCs. btw all 4000 users will be running Outlook 2007 in cache mode. Thanks .
August 22nd, 2010 4:00pm

Yes, Outlook is supported against RODCs ( as opposed to Exchange itself) Note that in Exchange 2010, the NSPI endpoint for clients is the Client Access Server or Client Access Server Array and not the GC. .http://technet.microsoft.com/en-us/library/cc732790(WS.10).aspx Microsoft Office Outlook Note Microsoft Exchange Server does not use RODCs. However, you can configure Outlook clients in a branch office that is serviced by a read-only global catalog server to use the read-only global catalog server for global address book lookups
Free Windows Admin Tool Kit Click here and download it now
August 23rd, 2010 3:25am

Hi Darren, Although Exchange doesn't work with RODC/ROGC, Outlook can use ROGC to do directory look up. I suggest you read the following article to get more information: Windows 2008 Read Only Domain Controllers and Exchange 2007… http://blogs.msdn.com/b/douggowans/archive/2009/01/06/windows-2008-read-only-domain-controllers-and-exchange-2007.aspx Hope this helps. Thanks, Elvis
August 23rd, 2010 9:54am

Hi Darren, Although Exchange doesn't work with RODC/ROGC, Outlook can use ROGC to do directory look up. I suggest you read the following article to get more information: Windows 2008 Read Only Domain Controllers and Exchange 2007… http://blogs.msdn.com/b/douggowans/archive/2009/01/06/windows-2008-read-only-domain-controllers-and-exchange-2007.aspx Hope this helps. Thanks, Elvis
Free Windows Admin Tool Kit Click here and download it now
August 23rd, 2010 9:54am

Thank you.. "AndyD_" wrote in message news:9b48e32e-cf04-4893-92cf-0223d02855b8... Yes, Outlook is supported against RODCs ( as opposed to Exchange itself) Note that in Exchange 2010, the NSPI endpoint for clients is the Client Access Server or Client Access Server Array and not the GC. .http://technet.microsoft.com/en-us/library/cc732790(WS.10).aspx Microsoft Office Outlook Note Microsoft Exchange Server does not use RODCs. However, you can configure Outlook clients in a branch office that is serviced by a read-only global catalog server to use the read-only global catalog server for global address book lookups
August 23rd, 2010 9:45pm

hi , So if I understand correctly, for remote office with RODC , outlook clients will require a registry setting to use local GC/Dc? but some operation may still use remote Dc/GC?. What about remote offices with RWDC ,keep mind Ex servers are in datacenter only (HUB AD site) no remote offices . I assume by default outlook clients will use their local DC/GC as apposed to mail AD site -DC/GC , correct ? "Elvis Wei -MSFT" wrote in message news:d4a2367d-9adb-4e10-ac1b-11a66985163b... Hi Darren, Although Exchange doesn't work with RODC/ROGC, Outlook can use ROGC to do directory look up. I suggest you read the following article to get more information: Windows 2008 Read Only Domain Controllers and Exchange 2007 http://blogs.msdn.com/b/douggowans/archive/2009/01/06/windows-2008-read-only-domain-controllers-and-exchange-2007.aspx Hope this helps. Thanks, Elvis
Free Windows Admin Tool Kit Click here and download it now
August 23rd, 2010 10:14pm

I have an issue where there is a site with a single ROGC and clients are using Outlook 2007. The problem comes when a user needs to update a distribution group membership, they receive an "Access Denied" error. However, if that same user remotes into a PC in a site with a R/W GC, the operation succeeds. My guess is that it is trying to update the DG membership using the ROGC, which will obviously fail. Does anyone know if there is a way to allow Outlook 2007 or greater to be ROGC-aware (maybe a registry setting or patch)? So they can use the ROGC to do directory lookups, but once Outlook tries an operation that requires a RWGC, it will connect to one (even if it is in another site) to perform the edit.
January 6th, 2011 3:01pm

I am confused as well. Exchange 2010 pre-requisites requires a CA server in each AD site. Installing Exchange in a site with RODC/GCsw is not supported. CA is an Exchnage server. By that logic it says RODCs in an Exchange 2010 enviroment is useless???
Free Windows Admin Tool Kit Click here and download it now
January 6th, 2011 5:15pm

I have an issue where there is a site with a single ROGC and clients are using Outlook 2007. The problem comes when a user needs to update a distribution group membership, they receive an "Access Denied" error. However, if that same user remotes into a PC in a site with a R/W GC, the operation succeeds. My guess is that it is trying to update the DG membership using the ROGC, which will obviously fail. Does anyone know if there is a way to allow Outlook 2007 or greater to be ROGC-aware (maybe a registry setting or patch)? So they can use the ROGC to do directory lookups, but once Outlook tries an operation that requires a RWGC, it will connect to one (even if it is in another site) to perform the edit. However what about Outlook clients…? If you’ve got a load of Outlook clients sitting in the branch office it might be beneficial if the client made use of its local RODC (ROGC). Well Outlook is listed here as an application that will work with an RODC. It takes a registry setting to point it at a local ROGC and the ROGC will then be used for certain operations – specifically GAL lookups. HKEY_CURRENT_USER\Software\Microsoft\Exchange\Exchange Provider String Value: DS Server Data: FQDN of ROGC If you decide to make use of this registry setting then be aware that Outlook will still revert to a remote DC\GC for many operations and the use of the key does depend on the version of Outlook that you have chosen to deploy. I think we are definitely going to see a lot more queries about how Outlook operates against a local read only DC in combination with remote domain controllers. In my opinion the story isn’t very clear yet. I’ll blog more as I know more. Got this from: http://blogs.msdn.com/b/douggowans/archive/2009/01/06/windows-2008-read-only-domain-controllers-and-exchange-2007.aspx
January 6th, 2011 5:57pm

If you decide to make use of this registry setting then be aware that Outlook will still revert to a remote DC\GC for many operations and the use of the key does depend on the version of Outlook that you have chosen to deploy. I tried that reg setting with an outlook 2010 client (still one exchange 2k3 backend mailbox) and it still fails. For some reason the outlook client still doesn't know that it has to contact a writable DC/GC to do the write operation. Removing this reg key and the Closest GC reg entry, it goes back to the same site as the exchange server and talks to the RWGCs in that site. The exact error message the outlook client displays is "Changes to the public group membership cannot be saved. You do not have sufficient permission to perform this operation on this object." The clients are able to update through ADUC so I'm thinking that there has to be an update to the outlook client that needs to be applied. If someone hears of a better solution other than just defaulting the branch office clients back to the main office for GC queries, please feel free and post. :)Jason Fare
Free Windows Admin Tool Kit Click here and download it now
June 29th, 2011 12:41pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics