Exchange 2010 CAS on a DC?

Nikumba · 9 Dec 2014 at 17:12

We currently have 4 DC running Windows 2008R2 on our main site, one of these is running Exchange 2010 CAS role.

We are in the process of promoting 3 new 2012R2 DC's to take over the 2008 ones.

However some people have raised the question about the CAS being demoted, with people suggesting CAS should be on a DC.

I have had a look and can not seem to find a definitive answer as to what is the best way.

Any one have any experience / advice?

Cheers

Kimbie

anything I don't mind · 9 Dec 2014 at 17:15

I have always read that ideally nothing should be on a dc. I don't think i have ever heard that a cas should be on a dc.

#Chri5# · 9 Dec 2014 at 17:23

Can't find the Exchange 2010 version but this for Ex 2013 says it is not recommended to install on a DC ("not recommend" is obviously not the same as "not supported")

MasterOC · 9 Dec 2014 at 17:51

Nothing should be installed on the domain controller other then it's service roll .

n30_mkii · 9 Dec 2014 at 20:15

Agreed, its just plain bad practice to have additional roles placed onto a domain controller. Especially in the case of interactive roles such as IIS. The attack vector on a critical piece of infrastructure is massively increased. In an age of virtualisation its so easy to do proper role separation. Another side to it is in terms of sizing / disk layout etc. If you house something like IIS and someone enables verbose logging etc, the server capacity could easily be consumed and cause (worst case) an outage on a DC if logs are left in default locations

Just to add - Are you also aware that you have entitlement to two additional OSEs (Operating System Environments) i.e virtual instances under a server 2012 standard license? That may or may not make things easier?

Hellsmk2 · 11 Dec 2014 at 19:14

If you've made the mistake of putting Exchange on a DC... make sure you migrate Exchange to a new, non-DC, server before you demote the DC.

If you don't you will have major issues with your Exchange environment.

I've had to do this for a number of clients, and it's always a face palm moment when you see this sort of configuration.

Nikumba · 12 Dec 2014 at 10:33

This was setup before I started working at my current company.

Do you have any documentation about the issues from demoting a DC with the CAS role installed?

We have other servers for HUB and Mailbox roles.

Kimbie

JUMPURS · 14 Dec 2014 at 22:23

why dont you put the CAS on one of your existing exchanges?

Nikumba · 14 Dec 2014 at 23:06

We have 4 servers with the mailbox role on, 1 server for the Hub Transport and 1 for CAS which has the DC role installed.

I can not find anything on the internet where demoting a DC that has the CAS role installed will cause me problems.

Kimbie

JUMPURS · 15 Dec 2014 at 13:37

I can't imagine it causing any issues tbh

My preference would be to migrate the CAS to the hub transport then demote the server.

PurplePhoenix · 15 Dec 2014 at 18:39

Have you thought about looking at O365 ?

Yamahahahahaha · 16 Dec 2014 at 09:50

Promoting machines to DCs with existing local services usually means setting up loads of credentials again as service accounts and system accounts get changed as part of the promotion.

Demoting a machine from a DC shouldn't cause any issues in my experience. I've demoted lots of servers with existing Exchange roles on them and can't think of any issues related to the demotion on any occasion. Sometimes the server can't find a local DC & GC afterwards but that's easily fixed.

As always YMMV and have good backups of your data.