Learn Exchange the Guru way !!!


Exchange 2013/2016: Create IP Less DAG with SP1 – Another Step to Simplification

Exchange 2013 has already been so revolutionary and the recent release of service pack 1 made it more exciting. Let us see how to create the simple Database Availability Group (DAG) cluster without any cluster IP.

This blog is applicable for Exchange 2016 as well.

Microsoft has always looking to give the simplest and user friendly applications and Operating Systems softwares. Exchange 2013 Service Pack 1 adds some more value to it especially when we install it on Windows 2012 R2. One of the feature is IP Less Database Availability Group.

This DAG does not need a cluster IP which simplifies the DAG more, this means DAG will be managed at application level using the configuration from the configuration partition.

This also reduces on the dependency of the IP of the every DAG node subnet in a multi subnet/datacenter expanded DAG.

You will not see the dead IPs which are not online and network security team will not bother you anymore.

There will be No DAG IP, No DAG Cluster Name, No Cluster Name Object (CNO), No DNS Entry.

In the IP address will be used to fill the property because IP address property is required.

We can still create a traditional DAG. Transition from traditional DAG to DAG without an administrative access point is not supported and there is no way to transition except creating new DAG and moving mailboxes.

We are using windows 2012 R2 Active Directory-detached cluster feature mentioned here where in place of dns we are giving none.

We can only manage this DAG from Exchange management shell or Exchange Admin Center. New DAG can’t be managed from Failover Cluster Manager because it does not have Cluster name object.

So here we see the steps to create new DAG.



-The operating system is Windows Server 2012 R2 or higher

-The exchange server is Exchange 2013 Service Pack 1 or higher



  1. Add “Exchange Trusted Subsystem” active directory group to the local administrators group of the “File share witness” member server. In case you are going to use a domain controller, you need to add “Exchange Trusted Subsystem” group to domain administrators group.


  2. Open ECP on Exchange 2013 SP1 server by opening following url and login
  • https://localhost/ecp


     3. Click on Servers à Database Availability Group


       4. Click on + sign to create new DAG and Fill the following properties

                 Database Availability Group Name

                 Witness server

                 Witness directory

                 Database Availability Group IP Address: then click +

                 Click save.



             Run the below mentioned command from the Exchange Management shell

New-DatabaseAvailabilityGroup -Name DAGName -DatabaseAvailabilityGroupIPAddresses ([System.Net.IPAddress]::None) -WitnessServer WitnessServerName –WitnessDirectory “Path of witness Directory



         5. Now DAG will be created but addition of the servers is not done.


         6. To add the servers Click on sign then click on + sign. In the select server select one server, click add then click ok.




                         ADD the server by running the following command from Exchange management shell. Repeat for all servers.

                        Add-DatabaseAvailabilityGroupServer identity DAGName –MailboxServer mailboxservername


        7. Click Save and you will see below screen.


        8. When you see below screen. Add 2nd server and continue adding all DAG node.



        9. This will create the DAG. Now we need to create the database.


      10. Click on ServersàDatabases



       11. Click on + sign to add new database.


      12. Fill the following fields and click on save.


                       Mailbox Database = Name of the database

                       Server = Browse and select the server on which we will create this DB

                       Database file Path = Database path with the databasename.edb

                       Log file Path = Log file path

                      Check Mount this database if unchecked.



Run the below mentioned command from Exchange management shell

New-Mailboxdatabase -server servername -name DBname -Edbfilepath “DBpathDBname.edb” -logFolderPath “LogFilesPAth”


        13. Database should be created and mounted. But you will see this warning so restart the Information service.

                “Please restart the Microsoft Exchange Information Store service on server R2SP1D3 after adding new mailbox databases.”


         14. Select the database àclick on and select “Add database copy”



                       Run the below mentioned command from Exchange management shell

                        Add-MailboxDatabaseCopy databasename -MailboxServer mailboxservername


        15. Now browse and select 2nd database server, click ok then click save.


        16. Now seeding will begin to the 2nd or another server.

        17. Once seeding finishes restart the information store service on the 2nd or next server.

        18. Check the status of the copies by running the command get-mailboxdatabasecopystatus **.


                You can see the content index is in failed state. This will become healthy after some time of the restart of information store service.


        19. Now DAG status will look like the below screen

Now the question came if we wanted to see the cluster from “Failover Cluster manager” then how can we see it. Initially after Exchange 2013 SP1, I was able to use . to connect to the cluster on the exchange dag node but updates has fixed this bug and now we can’t connect to the cluster with .

So how will we manage the cluster beyond Exchange which is the question for a situation when you have to review the configuration or do a disaster recovery.

Here are the command lines for the powershell to review and change DAG cluster.

To Check Cluster properties run this command: Get-Cluster -Name ClusterNodename | select *

To Determine the nodes in the cluster and node state: Get-ClusterNode -Cluster Clusternodename

To get individual node properties: Get-ClusterNode -Cluster Clusternodename -Name Clusternodename | select *

To get cluster network states: Get-ClusterNetwork -Cluster Clusternodename

To get cluster network properties: Get-ClusterNetwork -Name “Cluster Network 1” -Cluster Clusternodename | select *

To get cluster interface properties: Get-ClusterNetworkInterface -Cluster Clusternodename -Node Clusternodename

To get individual cluster network interface properties: Get-ClusterNetworkInterface -Cluster Clusternodename -Name “Clusternodenicname” | select *

To get the cluster quorum status configuration: Get-ClusterQuorum -Cluster Clusternodename | fl

To get the cluster group status: Get-ClusterGroup -Cluster Clusternodename

To move the cluster group between nodes: Move-ClusterGroup -Cluster Clusternodename -Name “Cluster Group” -Node MBX-2

 To get the cluster logs: Get-ClusterLog –cluster Clusternodename

 To get the cluster resource state: Get-ClusterResource -ClusterClusternodename | fl

To get cluster group: Get-ClusterGroup -Cluster Clusternodename

To get Primary Active Manager in Dag: Get-DatabaseAvailabilityGroup -Identity DAG -status | fl name,primaryActiveManager

Prabhat Nigam

Microsoft MVP | Exchange Server



74 Responses to “Exchange 2013/2016: Create IP Less DAG with SP1 – Another Step to Simplification”

  1. Sebastian Says:

    Hi quick question, do we need to create a Active Directory-detached cluster before the DAG? Thanks.

  2. Prabhat Nigam Says:


  3. Exchange 2016: New Features in compare to Exchange 2010 « Says:

    […] No need of Cluster administrative access point: Since Exchange 2013 SP1 we have an option to create DAG with no IP and cluster administrative access point. This has already taken care multiple issue around IP DAG. In Exchange 2016 Default DAG creation will be without IP and cluster administrative access point so it is recommended to install Exchange 2016 on Windows 2012 R2 or higher. Check out my blog on it here. […]

  4. » Exchange – 2015 – Backup New York City Techstravaganza Says:

    […] Dive into DAGs in Exchange 2013 SP1 – Prabhat Nigam Download Presentation Session Details Watch […]

  5. Ihsan Says:

    Hi. What about the network Adapter configuration or preparation? Do we Need to disable for example QoS Packet Scheduler, Client for Microsoft Networks or File and Printer Sharing for Microsoft Networks?


  6. Prabhat Nigam Says:

    No changes required

  7. arirang Says:

    I would like to ask if there is any update when we can expect the “upcoming release” supporting IP-less Exchange DAG’s ?

  8. Prabhat Nigam Says:

    Arirang – What are you asking? DAG is already at its best.

  9. Zaman Says:

    Hi, Since there will be more than 1 exchange servers and DAG is IP-less, which IP would MX record point to in the Firewall?


  10. Prabhat Nigam Says:

    Load Balancer IP which you are using for SMTP High Availability. If no load balancer, give any mailbox server but remember to change when you need to restart the server.

  11. Zaman Says:

    Thanks a lot for the reply Prabhat. In fact I have installed two exchange 2016 servers and grouped them through DAG. I have also enabled DNS Round Robbin. Do I still need to the IP in the fire wall when I restart the server. Shouldn’t DNS Round Robbin automatically point to the other server. Thank you

  12. Prabhat Nigam Says:

    Firewall still need an IP to do 1-1 nat with external IP.

  13. JDG Says:

    This was great, we set this up and would fail over back and forth when our two site were operational. We thought with this setup alone we would be covered in the event of a primary site failure. We just had one and couldn’t mount the database on the secondary site. After reasearch we realized that we needed an alternate witness server in the 2nd site or to have one in Azure. Is this accurate? Or is a third option to some how force the secondary site to mount even though there were not enough votes on that secondary site?

    If so do you know the commands and steps to force the 2nd exchange server to mount when it can’t contact the witness server. After that is done when you restore the primary site how would you fail back to the primary and clean up.

    I really enjoy your work and I think some good follow up articles that would help people not feel safe like i did:

    1. How to force a take over when your using your above scenario and don’t have an alternate witness where you 2nd dag exchange server is and clean when failing back.
    2. How to create an alternative witness in the 2nd site and how to fail back and forth with clean up
    3. Let users know about this link. How to run a witness server in Azure

    Thanks again

  14. Prabhat Nigam Says:

    You should have 3rd Ad site for the auto failover in case of 1 AD site is down.

    In any case 1 AD site and FSW should not be down for auto failover.

    In case of only 2 AD sites 3rd ad site can be Azure(you need a DC there as well or DC can host FSW)

    Now in case of no 3rd AD site, you need to run the tradition 2nd AD site activation by following our exchange 2010 DIsaster Recovery blog. Search for it. I am typing from phone so can’t link it.

  15. JDG Says:

    You are the man replying on a Saturday !!

    Is it this link?

    Does it not matter that its 2013 I’m talking about and the fact that its an IP less dag as described in this post?

  16. Ishwar Says:


    We are using PowerShell to remotely manage mailboxes of users. In case of IP based DAG, an exchange session is created to DAG to manage mailboxes. We are facing issues in case of IP less DAG environment. The session creation to DAG is failing.

    The IP less DAG is configured on Exchange 2013 SP1. The following command to create session through PowerShell fails where “DAG1” is the name of Database Availability Group. Also “ping DAG1” fails. The IP Address of DAG is set to

    New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://DAG1/PowerShell/ -Authentication Kerberos -Credential $UserCredential

    Here is the error:
    New-PSSession : [dag1] Connecting to remote server dag1 failed with the following error message : WinRM cannot
    complete the operation. Verify that the specified computer name is valid, that the computer is accessible over the
    network, and that a firewall exception for the WinRM service is enabled and allows access from this computer. By
    default, the WinRM firewall exception for public profiles limits access to remote computers within the same local
    subnet. For more information, see the about_Remote_Troubleshooting Help topic.
    At line:1 char:12
    + $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri ht …
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : OpenError: (System.Manageme….RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotingTransportException
    + FullyQualifiedErrorId : WinRMOperationTimeout,PSSessionOpenFailed

    When I update DAG and clear all the IP address entries then it works fine i.e. ping to DAG works fine and also the New-PSSession command succeeds. I am not sure if this is called an IP less DAG as an IP address is getting assigned to DAG1.

    I need help in creating exchange session to an IP less DAG through remote PowerShell. Do I need to look into any specific configuration to make it work?

  17. Prabhat Nigam Says:

    Do the session to exchange server and not to DAG. is a broadcast IP address which is unusable so configuration is correct. It should be same.

  18. Sudhir Says:

    Nice explanation…Keep it up…

  19. Ishwar Says:


    Thanks for the quick response.
    If I access the one of the exchange server directly, does the failover happen when it down?

  20. Prabhat Nigam Says:


  21. Ishwar Says:

    In that case, how do I open a session to IP less DAG through Powershell which can handle the failover as well.

  22. Prabhat Nigam Says:

    Configure the URL and connect to the URL. Let your load balancer connect you to the different server.

  23. Steven Says:

    Why do you want to open a PS connection to the DAG? You only need to use PS on the DAG when checking Health Stats, Mailbox Database Copy Status, and when putting the DAG into Maintenance Mode. Once you have your IP Less DAG setup, add the virtual IP’s of your Exchange Servers to your Load-Balancer(s). The Load Balancer will determine which Mailbox Server to connect to when a failure occurs.

  24. Dheeraj Mishra Says:

    Nice explanation sir

Leave a Reply




Do NOT follow this link or you will be banned from the site!