We're running Exchange 2007 SP2. One of our alerts is saying that Exchmbx1.kam.com - "Exchange AD Topology service cannot find DC's". I believe this is the service that works with DSAccess to provide AD info that is crucial to Exchange? I'm not sure if this is a false alert or genuine! I've gone into Exchange Management Console > Exchmbx1 > Properties > System Settings I can see that there are a bunch of DC's listed in "Domain Controllers being used by Exchange" and also in "Global Catalog servers being used by Exchange". I had some questions on this I was hoping someone could help me out on 1. Why are there two seperate boxes for DC's and GC's? I thought Exchange used GC's only? 2. I thought Exchange DSAccess only used one GC at a time? 3. Is there a Powershell command to find out which DC's/GC's Exchange is using? 4. How can I find out if there really is an error with one of those DC's/ GC's? I can ping them fine, but what should I be looking out for in Exchange to find out if there is some problem with it's AD connectivity?

On Thu, 20 Jan 2011 21:01:28 +0000, Sheen1990 wrote: >We're running Exchange 2007 SP2. One of our alerts is saying that Exchmbx1.kam.com - "Exchange AD Topology service cannot find DC's". I believe this is the service that works with DSAccess to provide AD info that is crucial to Exchange? > >I'm not sure if this is a false alert or genuine! I've gone into Exchange Management Console > Exchmbx1 > Properties > System Settings Alerts from where (or what)? >I can see that there are a bunch of DC's listed in "Domain Controllers being used by Exchange" and also in "Global Catalog servers being used by Exchange". Do you see event ids 2080 in your application log? Event Type: Information Event Source: MSExchange ADAccess Event Category: Topology Event ID: 2080 Date: 1/20/2011 Time: 8:18:33 PM User: N/A Computer: SRVR005 Description: Process MSEXCHANGEADTOPOLOGYSERVICE.EXE (PID=1340). Exchange Active Directory Provider has discovered the following servers with the following characteristics: (Server name | Roles | Enabled | Reachability | Synchronized | GC capable | PDC | SACL right | Critical Data | Netlogon | OS Version) In-site: dc1.XXXX.com CDG 1 7 7 1 0 1 1 7 1 DC2.XXXX.com CDG 1 7 7 1 0 1 1 7 1 Out-of-site: If you don't see any, use set-eventlogginglevel to set the "MSExchange ADAccess\Topology" category to "Low". >I had some questions on this I was hoping someone could help me out on > >1. Why are there two seperate boxes for DC's and GC's? I thought Exchange used GC's only? A GC, unless it's in its own domain, only has a subset of properties to work with. Exchange needs a DC to get the others. >2. I thought Exchange DSAccess only used one GC at a time? You're looking at the set of GCs that Exchange has discovered and can use. Exchange uses 1 GC until the number of outstanding LDAP queries surpasses a threshold and then it starts using another GC. >3. Is there a Powershell command to find out which DC's/GC's Exchange is using? Any of them can be used. The only "one" that's used is the configuration DC. >4. How can I find out if there really is an error with one of those DC's/ GC's? I can ping them fine, but what should I be looking out for in Exchange to find out if there is some problem with it's AD connectivity? "Ping" isn't LDAP. Ping just tests connectivity. If, for example, the netlogon service is having a problem, ping will work just fine but no authentication would be performed. Use dcdiag and netdiag to see if there are problems with the DC. You can use LDP.exe to connect to the DC on port389 and the GC using 3268. --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP