How to exclude domain controllers from AD access list in Exchange

Exchange server 2007 relies extensively on Active directory. All directory lookups are done using the MS Exchange AD topology DS access service.
For optimal lookups performance in exchange, use this powershell script to exclude some domain controllers that are not required for optimal directory lookups and performance. You will choose the DC exclusion list based on the datacenter your exchange servers are homed. Note that The excluded domain controllers list is based on recommendations from the Active Directory team:
This script must be run in Exchange 2007 management shell. It’s recommended that you run this script on all your exchange servers.

Set-ExchangeServer -Identity exchsrv1 -StaticConfigDomainController $null -StaticDomainControllers $null -StaticGlobalCatalogs $null -StaticExcludedDomainControllers,
Step by Step Configuration Steps:
1. Run the powershell script on the active node of your cluster. Remember to use the exchange server cluster name as the identity for Set-Exchangeserver command
2. Restart MSExchange Topology service. This will also restart transport log search, service host, search indexer, replication service, mail submission and mailbox assistants)
3. Verify by going to the exchange console, right click on cluster properties, system settings. You will see only domain controllers in the list
4. Repeat the same procedure for the passive node of your cluster
4. You have completed the change

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: