locked
Windows Server 2016 Active Directory Servers RRS feed

  • Question

  • We are running Exchange Server 2010 SP3 with Update Rollup 15 but will upgrade to Exchange Server 2016 next year.
    We would however like to replace a couple of our domain controllers with new server running Windows Server 2016 before that.

    According to the Exchange Server Supportability Matrix domain controllers running Windows Server 2016 aren't supported together with Exchange 2010 SP3 and I don't know if it ever will be supported.
    I feel that I don't have enough knowledge about how exactly the Exchange servers are communicating with the AD to understand what's supported and what isn't.

    Is it not supported to have any 2016 domain controllers at all in the domain?

    or

    Is it possible to introduce some 2016 domain controllers in the domain as long as the domain controllers in the same sites as the Exchange Servers are Windows Server 2012 R2 or older?

    or

    Is it possible to configure our Exchange servers to communicate only with one or more selected pre 2016 domain controllers?

    Any insights would be helpful.

    Per

    Monday, December 19, 2016 1:38 PM

Answers

  • Hi Per,

    Based on TechNet document, Windows server 2016 DC/GC is not support to communicate with Exchange 2010. If you remain want do that, it may have potential risk that some unknown issues happen.

    A workaround can be considered is to manually configure DC and GC by Set-ExchangeServer with StaticConfigDomainController, StaticConfigDomainController, StaticGlobalCatalogs parameters, and use StaticExcludedDomainControllers to exclude Windows server 2016 DC.

    Anyway, it's recommend to upgrade Exchange first then upgrade DC as Mahmoud mentioned. :)

    Best Regards,

    Allen Wang


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Proposed as answer by mahelsay Wednesday, December 21, 2016 8:24 AM
    • Edited by Allen_WangJF Wednesday, December 21, 2016 9:55 AM
    • Marked as answer by perhof Thursday, December 22, 2016 9:35 AM
    Wednesday, December 21, 2016 8:19 AM

All replies

  • Hi Per,

    Based on my research and knowledge, the support DC for Exchange 2010 SP3 RU5 or later is from Windows Server 2003 SP2 to Windows Server 2012 R2. However the DC which run as Windows serer 2016 is not supported for now.

    In your currently situation (before decommissioning Exchange 2010), we can deploy DC or member server as Windows server 2012 R2, then plan to migrate to Exchange 2016.

    Best Regards,

    Allen Wang


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, December 20, 2016 7:37 AM
  • That's the same information that I already mentioned in my post.
    My question was if it was possible to get around the limitation by limiting the DC:s used by Exchange to a few older DC:s.

    Tuesday, December 20, 2016 7:49 AM
  • Dear Perhof,

    I believe it's better to re-think your plan and put it into more reliable and sense making according to best practice and to get expected results as well..

    I understand following:

    - you have exchange 2010 in your environment.

    - you are planning to upgrade exchange to 2016 next year

    - you want to upgrade AD to 2016 before upgrading exchange.

    now i'd like to introduce following plan:

    a) upgrading AD to 2016 is not a simple process of just promoting new servers specially after it has just released very recently.... it should be done only after testing to avoid any issues with the in-house developed applications and any hardware appliances you might have ..

    b) you can go ahead and upgrade exchange to be 2016 and then go ahead and upgrade domain controllers

    that way is actually better than worrying about troubleshooting in case something stuck in the middle

    Thanks

    Mahmoud


    Thanks Mahmoud

    • Proposed as answer by mahelsay Wednesday, December 21, 2016 8:24 AM
    Tuesday, December 20, 2016 10:22 AM
  • Better, for sure but I wasn't asking for the best way to do it.

    I was asking what's supported and what's not and if it was possible to accomplish what I want in one of two specific ways.

    Tuesday, December 20, 2016 10:34 AM
  • ok look,

    by default exchange server will contact global catalog in same site every 15 minutes by this the exchange server can check all topology and forest configurations...

    that's why the best practice is to have GC server in each site who has exchange server...

    now in case that GC is not available the exchange server will try contact remote sites servers.

    so this means as an answer to your first point that you can never guarantee that exchange server will use only GC server in local site or no..

    also to hard code the domain controller inside the exchange server doesn't seem to be a reliable approach..

    i'm sorry i'm not showing a "disagree" with you here

    thanks


    Thanks Mahmoud

    • Proposed as answer by mahelsay Wednesday, December 21, 2016 8:24 AM
    Tuesday, December 20, 2016 11:11 AM
  • Hi Per,

    Based on TechNet document, Windows server 2016 DC/GC is not support to communicate with Exchange 2010. If you remain want do that, it may have potential risk that some unknown issues happen.

    A workaround can be considered is to manually configure DC and GC by Set-ExchangeServer with StaticConfigDomainController, StaticConfigDomainController, StaticGlobalCatalogs parameters, and use StaticExcludedDomainControllers to exclude Windows server 2016 DC.

    Anyway, it's recommend to upgrade Exchange first then upgrade DC as Mahmoud mentioned. :)

    Best Regards,

    Allen Wang


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Proposed as answer by mahelsay Wednesday, December 21, 2016 8:24 AM
    • Edited by Allen_WangJF Wednesday, December 21, 2016 9:55 AM
    • Marked as answer by perhof Thursday, December 22, 2016 9:35 AM
    Wednesday, December 21, 2016 8:19 AM
  • Thanks Allen,

    It sounds like the StaticExcludedDomainControllers could be a way to avoid 2016 DC:s for a limited time.
    I will have to think about it for a while.

    If anyone can think of specific cases or any reasons more specific than "it's not recommended" to not use StaticExcludedDomainControllers I'd love to hear about them.


    Wednesday, December 21, 2016 9:44 AM
  • To be clear here, this does not change the support statement and this is not the intent or correct usage of the commandlet settings mentioned above.  These settings are not intended to bypass the supportability model. They are intended to either statically assign, or exclude DCs for the purpose of potentially improving Exchange performance, or decreasing load to specific DCs (such as the PDC emulator role).  The AD schema would still be at an unsupported version regardless of isolation of DCs to non-Windows 2016 DCs.  This should not be considered a supported "workaround".

    Dan VanCamp

    Sr. Consultant

    Microsoft ITSM

    dvancamp@microsoft.com 


    ~Dan

    Monday, October 23, 2017 5:35 PM