<!-- WP QUADS Content Ad Plugin v. 2.0.92 -->
<div class="quads-location quads-ad2526 " id="quads-ad2526" style="float:none;margin:0px 3px 3px 3px;padding:0px 0px 0px 0px;" data-lazydelay="0">

</div>

<p><strong>Symptoms</strong></p>
<!-- WP QUADS Content Ad Plugin v. 2.0.92 -->
<div class="quads-location quads-ad2523 " id="quads-ad2523" style="float:none;margin:0px 3px 3px 3px;padding:0px 0px 0px 0px;" data-lazydelay="0">

</div>

<!-- WP QUADS Content Ad Plugin v. 2.0.92 -->
<div class="quads-location quads-ad2529 " id="quads-ad2529" style="float:none;margin:0px 3px 3px 3px;padding:0px 0px 0px 0px;" data-lazydelay="0">

</div>

<!-- WP QUADS Content Ad Plugin v. 2.0.92 -->
<div class="quads-location quads-ad2524 " id="quads-ad2524" style="float:none;margin:0px 3px 3px 3px;padding:0px 0px 0px 0px;" data-lazydelay="0">

</div>




<p>In an environment where one DC exist after adding Windows 2012 R2 Servers as additional servers, Exchange 2007 doesn’t show the new servers although they also hold GC.</p>



<figure class="wp-block-image"><a href="http://lh3.googleusercontent.com/-gG_KIjcYBRc/VXFfuu8D1MI/AAAAAAAAPMM/lElfDcEFudY/s1600-h/image%25255B2%25255D.png" target="_blank" rel="noreferrer noopener"><img src="https://lh6.googleusercontent.com/pYr0QebuFU5o8FJYLV9TPv06jZqf3js5JxWQq4HprjHkrPqw7KvtdJXZKUOOwfUuJNqYNUYYGK4F7wEl5zKZ3WdCCusCFrKuo1pl5uNUJB1bK8rlkww=w673" alt="image"/></a> 

<!-- WP QUADS Content Ad Plugin v. 2.0.92 -->
<div class="quads-location quads-ad2525 " id="quads-ad2525" style="float:none;margin:0px 3px 3px 3px;padding:0px 0px 0px 0px;" data-lazydelay="0">

</div>
 
</figure>



<p><strong>Research:</strong></p>



<p>To locate the problem you should search the event ID (2080) which shows the populated DCs and the permissions allowed on Exchange servers</p>



<p>In the below screenshot, the SACL right was not provided to the new DCs due to GPO problem.</p>



<figure class="wp-block-image"><a href="http://lh3.googleusercontent.com/-7QUJmRhGxnw/VXFfwIYkgxI/AAAAAAAAPMc/uetazOj_ei8/s1600-h/image%25255B5%25255D.png" target="_blank" rel="noreferrer noopener"><img src="https://lh3.googleusercontent.com/ANjYXyBfVXcOlQTuJknD2i8Y03qAjtOEU-_WJjAZ_Gb_UQYRN4rJShhTCtMUr9giCy5HHlufY0Z_piwGljXtWUATlOUMGU1uw-W8E6fh1wuIGCdUqg=w673" alt="image"/></a></figure>



<p>After checking sites, Replication, all is healthy and no issue with it.</p>



<p>3 servers (Two 2012 servers) and one DC 2003 Server</p>



<p>Exchange 2010 SP3 servers.</p>
<!-- WP QUADS Content Ad Plugin v. 2.0.92 -->
<div class="quads-location quads-ad2531 " id="quads-ad2531" style="float:none;margin:0px 3px 3px 3px;padding:0px 0px 0px 0px;" data-lazydelay="0">

</div>




<figure class="wp-block-image"><a href="http://lh3.googleusercontent.com/-Fdsa_AqJd3Q/VXFfxp1FNsI/AAAAAAAAPMs/l8zMdGH3hhk/s1600-h/image%25255B11%25255D.png" target="_blank" rel="noreferrer noopener"><img src="https://lh3.googleusercontent.com/si9LGymZrpAlVQRJukKUp6m2Do6NUK6H8L5Oq-x8InE9WwT3Cv1qLT1syndQzi2xEeokz83Hq73YBRvzL-EUmQodl9caDHfosodHtSrDJAhat-L64M30=w673" alt="image"/></a></figure>



<p><strong>Reason:</strong></p>



<p>The Default Domain Controllers Policy was not linked to the Domain Controllers OU.</p>



<figure class="wp-block-image"><a href="http://lh3.googleusercontent.com/-yux0Uwm-JDk/VXFfzBtEREI/AAAAAAAAPM8/bKhjpdnGZnQ/s1600-h/image%25255B14%25255D.png" target="_blank" rel="noreferrer noopener"><img src="https://lh4.googleusercontent.com/CIcQGbTFITs5nAZ1fjDGUxmFZBO7J3_oplQ2hJFLI6DZDYvRgWAhlrsogq3wrM7ZRfD0Pp0BhOnZ0tr0XGPtTNpO9GyLsR3SHtRw8IxlpeRGO_vT0A=w472" alt="image"/></a></figure>



<figure class="wp-block-image"><a href="http://lh3.googleusercontent.com/-pE6n4wWqX2Y/VXFf07fI31I/AAAAAAAAPNI/dvzpGAEBu2I/s1600-h/image%25255B17%25255D.png" target="_blank" rel="noreferrer noopener"><img src="https://lh5.googleusercontent.com/iktpHzagCKGEjNTAbrlFTgOmCyCX6dbueUNVUQkQWq56v0PDKPFNZMB-mxm2z5w2euxgpFxxwfYzBOzLFG-jbQElPgefm92BXV5EJKMslZzKvBXlcpI=w673" alt="image"/></a></figure>



<figure class="wp-block-image"><a href="http://lh3.googleusercontent.com/-yTp0fCmLj0k/VXFf2NSjfNI/AAAAAAAAPNY/rldMSY-fxMM/s1600-h/image%25255B20%25255D.png" target="_blank" rel="noreferrer noopener"><img src="https://lh6.googleusercontent.com/uAO81IkWkYZL8E2tdgqXl3g468YMOUM0dabn_kKyy9U7uSBxmgMbilhoRz0LHnjP2-zoUL58v2k_v0f1lpN5Bva3HETGZhNBsG1rM4zwYTZjQ87Elg=w673" alt="image"/></a></figure>



<p><strong>Resolution:</strong></p>



<p>After Linking the Domain Controllers OU to the Default Controllers policy, the SACL permission was provided without any issue.</p>



<figure class="wp-block-image"><a href="http://lh3.googleusercontent.com/-Vrq7LJzLc40/VXFf3GCw73I/AAAAAAAAPNs/ygWyJxPSgH8/s1600-h/image%25255B23%25255D.png" target="_blank" rel="noreferrer noopener"><img src="https://lh6.googleusercontent.com/P5kR4QfaIddtvdoPwQcspgvW1gM5nkm1u2Ooy6mUxPDJoXLPJWyUj9PFmPi54ax_YZ__ZUYgaWF9CnPPwQBT1GLoPxj4pKpDqH0uXJ211Tn56XpsJDs=w673" alt="image"/></a></figure>



<p>Now Exchange is reporting healthy and can read the new DCs which allow us to demote the old DCs</p>
<!-- WP QUADS Content Ad Plugin v. 2.0.92 -->
<div class="quads-location quads-ad2527 " id="quads-ad2527" style="float:none;margin:0px 3px 3px 3px;padding:0px 0px 0px 0px;" data-lazydelay="0">

</div>




<figure class="wp-block-image"><a href="http://lh3.googleusercontent.com/-TdLsf7mMwfA/VXFf40FMc6I/AAAAAAAAPN4/_zJp7YWyl6o/s1600-h/image%25255B26%25255D.png" target="_blank" rel="noreferrer noopener"><img src="https://lh5.googleusercontent.com/G6Ps-cCu7o4Z_79nHiHkVBKrRGN8FqWl8yOL6o5NcvAiD1RnUCA_e-Ro4C0UxT2v-nINewHuirBu3ma0c5EnIsox0PrkZd-6cwAD7W1QGDpM5zfZD6M=w673" alt="image"/></a></figure>



<p>After removing the old DC</p>



<figure class="wp-block-image"><a href="http://lh3.googleusercontent.com/-u8fiDBB-1G4/VXFf6FtK2ZI/AAAAAAAAPOI/67i9FV7suoE/s1600-h/image%25255B29%25255D.png" target="_blank" rel="noreferrer noopener"><img src="https://lh4.googleusercontent.com/t5nLwWuw06gMPatHB5MrCftS1PQH2_e8zNJyjJ3MX3OUg_CpHnvgGrFfA18O72UzglHZFmOoCT7TtfO2DK3SlgMZPq5N1i9MTIq7tbWrp7oTtNGOLBw9=w572" alt="image"/></a></figure>
</p>
<!-- WP QUADS Content Ad Plugin v. 2.0.92 -->
<div class="quads-location quads-ad2528 " id="quads-ad2528" style="float:none;margin:0px 3px 3px 3px;padding:0px 0px 0px 0px;" data-lazydelay="0">

</div>


Reset and manage your Active Directory users' Passwords Active Directory is one of the most…
Finding Exchange Database hidden mailboxes. Story:Maybe you have been in this situation before, trying to…
If you're using a Proxy server in your firewall or in your network and have…
Story:I got some clients that have reported some of their users being locked out and…
Delegate Permissions This is a code that I have wrote recently to check if an…
Story: I got a request from a client who constantly gets CVs and have to…