Create Exchange 2016 DAG using PowerShell


What is a Database Availability Group  (DAG) ?

A database availability group (DAG) is a set of up to 16 Microsoft Exchange Server 2016 Mailbox servers that provide automatic database-level recovery from a database, server, or network failure. When a Mailbox server is added to a DAG, it works with the other servers in the DAG to provide automatic, database-level recovery from database, server, and network failures.

What do you need to know before you begin?

  • You need to be assigned permissions before you can perform this procedure or procedures. To see what permissions you need, see the "Database availability groups" entry in the High availability and site resilience permissions topic.
  • When creating a DAG with Mailbox servers running Windows Server 2012, you must pre-stage the cluster name object (CNO) before adding members to the DAG. If you are creating a DAG without an administrative access point with Mailbox servers running Windows Server 2012 R2, then you do not need to pre-stage a CNO for the DAG. For detailed steps, see Pre-stage the cluster name object for a database availability group.
  • When creating a DAG, you provide a unique name for the DAG of up to 15 characters. In addition to providing a name for the DAG, you must also assign one or more IP addresses (either IPv4 or both IPv4 and IPv6) to the DAG, unless you are creating a Windows Server 2012 R2 DAG without an administrative access point and you are not assigning any IP addresses to the DAG. Otherwise, the IP addresses you assign must be on each subnet intended for the MAPI network and must be available for use. If you specify one or more IPv4 addresses and your system is configured to use IPv6, the task will also attempt to automatically assign the DAG one or more IPv6 addresses.
  • When creating a DAG, you can optionally specify a witness server and witness directory. If you specify a witness server, we recommend that you use an Exchange 2016 server with Client Access services. This allows an Exchange administrator to be aware of the availability of the witness, and it ensures that all of the necessary security permissions needed for using the witness server are in place. The following combinations of options and behaviors are available:
  • You can specify only a name for the DAG and leave the Witness server and Witness directory fields empty. In this scenario, the task will search for an Exchange 2016 server with Client Access services. It will automatically create the default witness directory and share on that Exchange 2016 server with Client Access services, and it will configure the DAG to use that server as its witness server.
  • You can specify a name for the DAG, the witness server that you want to use, and the directory you want created and shared on the witness server.
  • You can specify a name for the DAG and the witness server that you want to use, and leave the Witness directory field empty. 

Start by running the following commands using Exchange Management Shell.

This example creates the DAG DAG1. DAG1 is configured to use the witness server LAB-DC-01 and the local directory C:\DAG1. DAG1 is assigned multiple static IP addresses because its DAG members are on different subnets on the MAPI network.

1.New-DatabaseAvailabilityGroup -Name DAG1 -WitnessServer LAB-DC-01 -WitnessDirectory C:\DAG1 -DatabaseAvailabilityGroupIPAddresses,

If you receive the following WARNING: "The Exchange Trusted Subsystem is not a member of the local Administrator group on a specified witness server. Error: Access is denied

To resolve the Warning message do the following. 

On Target Witness Server install the "FS-FileServer" feature.

Launch Windows PowerShell and type:

1.Add-WindowsFeature FS-FileServer

Add the "Witness Server" computer object to the "Exchange Trusted Subsystem Group" in Active Directory.

Open AD Users and Computers Navigate to Exchange Security Groups and Selected "Exchange Trusted Subsystem". Click on Members and Add the Witness Server as a Member to the Group.

Run the following command to complete the process.

1.Set-DatabaseAvailabilityGroup -Identity DAG1 -WitnessServer LAB-DC-01 -WitnessDirectory C:\DAG1

Let's verify the "DAG" we have created by typing the following command:

1.Get-DatabaseAvailabilityGroup DAG1 | Format-List

To Simplify the view just type:

1.Get-DatabaseAvailibilityGroup DAG1 |Ft Name,*Witness*

To add a Member Server to the DAG type the following:

1.Add-DatabaseAvailabilityGroupServer -Identity DAG1 -MailboxServer ThatLazyEX-02