Troubleshooting Exchange Server 2013 Incorrect Active Directory Site Association


9 views

In Exchange Server 2013 environments, incorrect Active Directory site association can cause serious replication and service issues. The core symptom appears when running:

Get-ExchangeServer | fl Name,Site

Which returns YGXXX site instead of the expected Default-First-Site. The DC is correctly registered in Default-First-Site while sharing the same subnet (10.10.0.0/24).

First, verify the server's actual network configuration:

ipconfig /all
nltest /dsgetsite

Then check AD site configuration details:

Get-ADReplicationSite -Identity * | Format-Table Name,Subnets -AutoSize
Get-ADReplicationSubnet -Filter * | Format-Table Name,Site -AutoSize

The most likely scenarios include:

  • Incorrect subnet-to-site mapping in Active Directory
  • Cached site information on the Exchange server
  • DNS resolution issues for domain controllers
  • Site link configuration problems

To manually reset the site association:

Restart-Service Netlogon
nltest /dsgetsite
nltest /dsgetsites

For persistent cases, clear the cached site information:

Stop-Service Netlogon
Remove-Item "HKLM:\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\DynamicSiteName" -ErrorAction SilentlyContinue
Start-Service Netlogon

Ensure proper subnet registration in AD:

$subnet = "10.10.0.0/24"
$site = "Default-First-Site"
Set-ADReplicationSubnet -Identity $subnet -Site $site

Exchange maintains its own site awareness. Verify with:

Get-ExchangeServer | Select Name, Site, IsHubTransportServer, IsMailboxServer

To force Exchange to rediscover its site:

Restart-Service MSExchangeADTopology
Restart-Service MSExchangeServiceHost

Key event logs to monitor:

Get-WinEvent -LogName "Directory Service" -MaxEvents 20 | Where-Object {$_.Id -eq 1586}
Get-WinEvent -LogName "Application" -Source "MSExchange ADAccess" -MaxEvents 50

For complex environments, enable diagnostic logging:

Set-EventLogLevel "MSExchange ADAccess\Topology" -Level Expert
Set-EventLogLevel "MSExchange ADAccess\Configuration" -Level Expert

Review the detailed logs in the Exchange Tracing folder for site detection issues.

When Exchange 2013 servers exhibit unexpected Active Directory site affiliation, we typically see these symptoms in the application logs:

Event ID 2080: The Directory Service failed to discover a site for this Exchange server.
Event ID 1587: Site membership for server XXXX-EX01 changed from Default-First-Site to YGXXX

First, verify the AD site configuration using PowerShell:

# Get all AD sites and subnets
Get-ADReplicationSite -Filter * | Format-Table Name,Description
Get-ADReplicationSubnet -Filter * | Format-Table Name,Site

# Check which site the Exchange server belongs to
[System.DirectoryServices.ActiveDirectory.ActiveDirectorySite]::GetComputerSite().Name

Windows servers determine their AD site membership through this sequence:

  1. Checks HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\DynamicSiteName registry value
  2. Compares server IP against AD subnets
  3. Falls back to Default-First-Site-Name if no match found

For our case where 10.10.0.26 belongs to YGXXX instead of Default-First-Site:

# 1. Validate subnet assignments
nltest /dsgetsite

# 2. Force site rediscovery
nltest /dsregdns

# 3. Check DNS SRV records
nslookup -type=SRV _ldap._tcp.dc._msdcs.yourdomain.com

# 4. Verify netlogon debugging output
nltest /dbflag:0x2080ffff

In environments with Hyper-V virtualization, we often find:

  • Incorrect subnet-to-site mappings in Active Directory
  • DNS scavenging deleting required _msdcs records
  • VPN configurations causing site misidentification
  • Group Policy overwriting DynamicSiteName registry value

Create a PowerShell remediation script:

# Force correct site membership
$correctSite = "Default-First-Site"
$subnet = "10.10.0.0/24"

# Update subnet mapping
Set-ADReplicationSubnet -Identity $subnet -Site $correctSite

# Restart netlogon service
Restart-Service Netlogon -Force

# Verify changes
$site = [System.DirectoryServices.ActiveDirectory.ActiveDirectorySite]::GetComputerSite()
if($site.Name -ne $correctSite) {
    Write-Warning "Site mismatch persists, checking registry..."
    Set-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters" -Name DynamicSiteName -Value $correctSite
    gpupdate /force
}

Implement these monitoring checks:

# Scheduled task to verify site membership
$siteCheck = {
    $expected = "Default-First-Site"
    $actual = (nltest /dsgetsite).Trim()
    if($actual -ne $expected) {
        Send-MailMessage -To "admin@domain.com" -Subject "AD Site Alert" -Body "Server changed to $actual"
    }
}

Register-ScheduledJob -Name "SiteVerification" -ScriptBlock $siteCheck -Trigger (New-JobTrigger -Daily -At "12:00")