Exchange Server 2003 and Domain Controllers - A Summary
Originally published January 24, 2005
(Note November 13, 2007: The most popular blog post I've ever made. A couple of these KB articles have been pulled. The basic truth hasn't changed - don't do a dcpromo after Exchange is installed.)
While installing Exchange Server 2003 on a domain controller is a supported operation, it is not a best practice or a generally recommended practice. As well, once Exchange Server 2003 is installed, it is not supported to change the domain controller status of the server. That is, if the server is already a domain controller, that's fine. Do not change the server to a member server. The opposite is also true - if you install Exchange Server 2003 on a member server, do not then dcpromo the server up to a domain controller.
If you do either of these, you will lose functionality in Exchange. Furthermore, this change is not supported by Microsoft (see KB 822179). For an example of one specific thing that stops working - if you demote a DC with Exchange Server install to a member server, the DS2MB service (which copies Active Directory data from A/D to the IIS metabase) stops working throughout an Exchange organization (see KB 822575). There are others.
Problems can also arise when you prepare a DC for Exchange Server installation. For example, when you install IIS on a DC prior to installing Exchange, you will begin generating event log errors regarding write failures to the persistant cache. These are corrected by following KB 332097.
Except in fairly rare cases, making all DCs into GCs is a good idea. If you need to demote a GC into a simple DC, this is a supported operation. However, it is recommended to make the change during a known "quiet time" and immediately after making the change, you should restart the DC in order to disable the NSPI interface (see KB 305065). Also regarding NSPI, changing a DC into a GC does not mean that it is immediately available for use by Exchange. You must wait for replication to complete and then restart the server in order to enable the NSPI interface (see KB 304403). Therefore, having Exchange use a new GC requires planning and a restart of that GC.
Exchange Server makes heavy use of GCs and, for medium-to-large environments, Microsoft has specific minimum recommendations on the number of GCs and DCs available to Exchange. See KB 875427 for more information on this topic.
If you have Exchange Server installed on a DC, you will note that it takes much longer for the computer to restart or shutdown. This is because Active Directory shuts down before Exchange has an opportunity to completely stop, and this will cause several Exchange services to have an extended termination time as their requests to Active Directory time out. The workaround for this is to stop Exchange services prior to shutdown or restart. For example:
net stop MSExchangeES
net stop IMAP4Svc
net stop POP3Svc
net stop RESvc
net stop MSExchangeSRS
net stop MSExchangeMGMT
net stop MSExchangeMTA
net stop MSExchangeIS /Y
net stop MSExchangeSA /Y
See KB 829361 for more information on this issue.
Finally, if you do choose to install Exchange Server 2003 on a domain controller, you should verify and test your backup and recovery plan thoroughly. Placing both Exchange and Active Directory on a single computer significant complicates the recovery process should a significant failure occur and you be required to restore your environment from backup media, especially if the domain controller is your only domain controller.