Exchange 2010 EMC cannot access AD configuration data after you demote a DC

Environment:

Exchange 2010/Domain Controller combo server running on Windows 2008 R2.

Problem:

Demote Domain Controller role, causes Exchange Management Console fails to retrieve any Exchange information with error message “Active directory response: The LDAP server is unavailable.”  It’s still looking for the demoted DC although it’s been cleaned out of AD/DNS. All Exchange services start fine, and Exchange Shell works fine.

Reason:

     The obsolete information is cached in an Exchange Management Console file in the Windows profile for the user. EMC is trying to connect to orginal DC that is stored in the file.

Solution:

   Go to the following folder and delete the Exchange Management Console file.

   C:\users\<specific user>\AppData\Roaming\Microsoft\MMC\Exchange Management Console

   Close EMC and reopen it.

Reference: http://support.microsoft.com/kb/2019500

Speed up EMC and Powershell when working on a LAB

1. Disable CRL Checking (only if you don’t have internet access)
   • http://msexchangeteam.com/archive/2010/05/14/454877.aspx
     • Name: ChainUrlRetrievalTimeoutMilliseconds
       Location: HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config
       Type: REG_DWORD
• Decreasing the amount of time to allow CRL retrieval can significantly improve performance when internet access is poor or non-existent. Setting the value to 200 decimal (milliseconds) may be a reasonable timeout.
• Name: ChainRevAccumulativeUrlRetrievalTimeoutMilliseconds
  Location: HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config
  Type: REG_DWORD
  • Decreasing the amount of time to allow all CRL retrievals can significantly improve performance when internet access is poor or non-existent. Setting the value to 500 (milliseconds) may be a reasonable timeout.
• You can speed up service start by following this KB
2. Point to a specific CAS when Starting (Keep in mind you could have issues accessing tools if the specific server is unavailable)
   1. EMC
      1. Right click Microsoft Exchange on-Premise
      2. Click Properties
      3. Specify a CAS server
      4. 
   2. Exchange Powershell
      1. Right Click the Exchange Powershell in the start menu
      2. Click Properties
      3. Replace –auto at the end of the shortcut with the FQDN for a CAS server
      4. 

New user takes a long time to show up in the GAL

Add these all together and you can have quite a lag in seeing new users in your GAL.

1. GAL generation (should happen at time of user creation but may be delayed by DC replication)
2. Offline address book generation (every 24 hrs)
3. OAB replicated to the CAS (can take up to 8 hours)
4. Outlook download of OAB (24 hours from last download)

Things you can do to reduce lag.

• Increase the OAB generation schedule (default is once a day @ 5:00 am)
  • EMC –> Organization Configuration –> Mail Box –> Offline address Book <tab> –> Properties of OAB –> Click Customize next to Update schedule –> modify to fit your needs (be careful to not make it often)
  • Sample script to set it to 4 times a day for every OAB (use caution as this could cause undue load on the server\client)
    • get-offlineaddressbook | set-offlineaddressbook -schedule “Sun.5:00 AM-Sun.6:00 AM, Sun.10:00 AM-Sun.11:00 AM, Sun.3:00 PM-Sun.4:00 PM, Sun.8:00 PM-Sun.9:00 PM, Mon.5:00 AM-Mon.6:00 AM, Mon.10:00 AM-Mon.11:00 AM, Mon.3:00 PM-Mon.4:00 PM, Mon.8:00 PM-Mon.9:00 PM, Tue.5:00 AM-Tue.6:00 AM, Tue.10:00 AM-Tue.11:00 AM, Tue.3:00 PM-Tue.4:00 PM, Tue.8:00 PM-Tue.9:00 PM, Wed.5:00 AM-Wed.6:00 AM, Wed.10:00 AM-Wed.11:00 AM, Wed.3:00 PM-Wed.4:00 PM, Wed.8:00 PM-Wed.9:00 PM”
• Change OAB download interval in outlook (From MSKB# 841273)
  1. On the Tools menu, point to Send/Receive, point to Send/Receive Settings, and then click Define Send/Receive Groups.
  2. Click New.
  3. Type a name for the custom group.
  4. Click your Exchange account, and then click to select the Include the selected account in this group check box.
  5. Under Select the options you want for the selected account group, make sure that the only check box that is selected is Download offline address book, and then click OK.
  6. In the Send/Receive Groups dialog box, click your new group.
  7. Under Setting for group Group_name, click to select only the Schedule an automatic send/receive every check box, and then enter the number of minutes.
  8. Under When Outlook is offline, click to clear the check boxes.
  9. Click Close.

Forcing update

1. Get-GlobalAddressList | Update-GlobalAddressList
2. Get-OfflineAddressBook | Update-OfflineAddressBook
3. Get-ClientAccessServer | Update-FileDistributionService
4. Download Full OAB in outlook
   1. On the Tools menu, point to Send/Receive, and then click Download Address Book.
   2. In the Offline Address Book dialog box, make sure that the Download changes since last Send/Receive check box is checked.
   3. Click OK.