An introduction to the DSAccess service in Exchange Server 2007

The DSAccess service is one of the most critical services that Exchange Server uses. Its job is to monitor Active Directory (AD) and make Exchange Server aware of the current AD topology. While the architectural elements of various Exchange Server products are important, you can't see exactly what they're doing. The DSAccess service tells Exchange which domain controllers to use and allows administrators to see which controllers and global catalog servers are active.

If you want to see the choices that DSAccess has made, open the Exchange Management Console and expand the Server Configuration container. Beneath this container, you will see containers for each Exchange Server 2007 role. Select the container for the role associated with the server you want to examine. The details pane will display a list of all Exchange 2007 servers that are assigned to that role.

Right-click on the listing for the server that you want and choose Properties from the menu. Exchange to display the server's properties sheet. If you go to the System Settings tab, you'll see a list of the domain controllers and the global catalog servers that Exchange is using, as shown in Figure 1.
Figure 1. The Exchange Management Console shows which domain controllers are being used.

This raises the question of why Exchange is using these particular domain controllers. In a small organization with only a few domain controllers, the answer is obvious. Those are the only domain controllers on the network, so Exchange has no choice but to use them. But on larger networks, Exchange will only use some of the available domain controllers.

Exchange is designed to use the domain controllers and global catalog servers that are the most suitable. To determine which to use, the DSAccess service performs 10 different tests on each domain controller. You can see the results of these tests by looking for Event ID 2080 in your System log.

Figure 2 shows what these tests and their results look like. The section that starts with the words Server Name lists the 10 different tests that are performed. Test results are then listed for each server and are grouped by site.

Figure 2. The codes to the right of the server names are an indication of the test results.

The event log entry lists all servers in the same site as the Exchange server that generated the event. It then lists servers located in a different site. To the right of the individual server names are a series of codes, which indicate test results.

The following table shows tests that the DSAccess service performs and explanations of their results:

Test	Explanation
Roles	The roles test tells you what roles the domain controller is performing. There are three different codes listed in the results section. Typically, you will see a combination of these codes listed for each server. The codes that are used include: C -- Configuration D -- Domain Controller G -- Global Catalog If you look at Figure 2, you will notice that the server Tazmania uses the codes CD-. The dash in the G position indicates that the server cannot be used as a global catalog server.
Reachability	The reachability test indicates whether or not the domain controller is reachable over specific TCP ports. Here is an example of what each test result means: 1 - The server is reachable as a global catalog server over port 3268. 2 - The server is reachable as a domain controller over port 389. 3 - The server is reachable as a global catalog server and as a domain controller. 4 - The server is reachable as a configuration domain controller. 7 - The server is reachable as a global catalog server, a domain controller and a configuration domain controller.
Synchronized	The synchronized test tells you whether or not the RootDSE flag indicates synchronization. 1 - The flag is set to True. 0 - The flag is set to False.
GC Capable	The GC capable column tells you whether or not the server is a global catalog server. 1 - The server is a global catalog server. 0 - The server is not a global catalog server.
PDC	The PDC column tells you whether or not the domain controller is hosting the PDC emulator role for the domain. 1 - The domain controller is the PDC emulator. 0 - The domain controller is not the PDC emulator.
SACL Right	The SACL right column tells you whether or not the DSAccess service has the permissions needed to read the SACL portion of the NT Security Descriptor on the domain controller. 1 - DSAccess has the necessary rights. 0 - DSAccess does not have the required rights.
Critical Data	The critical data column confirms that the domain controller is aware of the Exchange organization and that it contains a copy of critical Exchange Server-related objects. 1 - The domain controller is aware of critical Exchange Server objects. 0 - The domain controller does not know about some of the required Exchange Server objects.
NetLogon	The NetLogon test (first introduced in Exchange 2000 SP3) confirms that the DSAccess service was able to connect to the domain controller's RPC service using Remote Procedure Calls (RPC). Keep in mind that a failure may not necessarily indicate a server problem, but could be due to a firewall that is blocking an RPC request. The codes used by the NetLogon test are: 1 - The NetLogon check was successful for the global catalog server role. 2 - The NetLogon check was successful for the domain controller role. 3 - The NetLogon check was successful for the global catalog server and the domain controller roles. 4 - The NetLogon check was successful for the configuration domain controller role. 7 - The NetLogon check was successful for the global catalog server, domain controller and the configuration domain controller roles.
OS Version	The OS version test (first introduced in Exchange 2003) confirms that the domain controller is running Windows 2000 Server with SP3 or higher or a later Windows Server OS. 1 - The domain controller meets Exchange Server's OS requirements. 0 - The domain controller's OS is too outdated to be used by Exchange.

About the author: Brien M. Posey, MCSE, is a five-time recipient of Microsoft's Most Valuable Professional (MVP) award for his work with Exchange Server, Windows Server, Internet Information Services (IIS), and File Systems and Storage. Brien has served as CIO for a nationwide chain of hospitals and was once responsible for the Department of Information Management at Fort Knox. As a freelance technical writer, Brien has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies. You can visit Brien's personal website at www.brienposey.com.

Do you have comments on this tip? Let us know.

Please let others know how useful this tip was via the rating scale below. Do you know a helpful Exchange Server, Microsoft Outlook or SharePoint tip, timesaver or workaround? Email the editors to talk about writing for SearchExchange.com.

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Exchange Server Administration Tips Remove Exchange 2003 objects from AD to install Exchange 2010 Don'ts for optimal Exchange 2007 mailbox server efficiency Is your Exchange 2007 hub transport server healthy? Avoid Outlook 2007 performance issues during repairs Developing an Exchange 2007 server role DR plan How DSAccess service improves Exchange Server 2007 reliability An introduction to the Exchange Remote Connectivity Analyzer tool Monitor Exchange 2007 with disk- and RPC-related counters DPM 2007 replica inconsistencies in Exchange databases Track Exchange 2007 mailbox server health using database counters Microsoft Exchange Server 2007 How to install Forefront Security for Exchange Server Displaying Exchange 2007 public folders in SharePoint Don'ts for optimal Exchange 2007 mailbox server efficiency Is your Exchange 2007 hub transport server healthy? Top 5 Exchange ActiveSync tips Two useful tools for documenting an Exchange Server installation Controlling spam in Exchange 2007 at the edge transport server level Restore Exchange storage groups with DPM 2007 How a hosted Exchange service can help you Email issues after configuring hosted Exchange server on laptop Microsoft Exchange Server 2007 Research Microsoft Exchange Server and Active Directory Remove Exchange 2003 objects from AD to install Exchange 2010 How DSAccess service improves Exchange Server 2007 reliability Restoring user accounts and mailbox links in Active Directory Changing email address formats in Exchange Server 2003 Restore contacts from an Exchange public folder Exchange users receiving email addressed to legacy users Mailbox viewing problems after migrating to Exchange 2007 Installing Exchange Server 2003 and a domain controller on the same hardware Top 10 Microsoft Exchange Server tips of 2008 Deployment tool errors during a migration from Exchange 5.5 to Exchange 2003 Microsoft Exchange Server and Active Directory Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary User Principal Name  (SearchExchange.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary