Managing DAG: Creating a DAG object

Share this:

When creating a new DAG on top of Windows Server 2012 the new DAG object must be created before running the wizard/cmdlet using either Exchange Admin Center or Exchange Management Shell.

You may want to use the same procedures where the Exchange Admin does not have enough permissions to create AD objects.

In this Series we are going to name our DAG as DAGTOR and it will have 4 members (TOREX01, TOREX02, POAEX01 and POAEX02), as you may have noticed the DAG will be spread in two datacenters, each step required to build that environment will be demonstrated in this series.

Creating the DAG object in Active Directory Users and Computers..

First of all, let’s open the Active Directory Users and Computers, and then click on View  and then Advanced Features.


and create a new computer. Right click on the desired OU, then select New and then computer.


Well done! Computer account created, now let’s right-click on the object that we have just created, and then click on  Disable Account and then Yes.


Permissions required on the new object..

Time to play with the permissions, let’s as properties of the object that we have just created, and let’s go to the Security tab.

The first step is to find out the Exchange Trusted Subsystem entry and after selecting it, make sure to click on the first column of the line Full Control as shown in the figure below.


Now, we need to assign permissions to the first DAG member that will be added to the new DAG. Let’s click on Add… and then click on Object Types… and make sure to select only Computers and then click OK.


Back to the second window, type in the name of the first DAG member (in our case will be TOREX01) and click on Check Names, and finally click on OK.

Now that we are back on the properties of the new DAG computer object, select the computer that we have just added to the list and select the first column of the Full Control. Click on Apply and OK.


That’s it! Now on our series we checked the process to create and manage the DAG Witness Server and how to create the object that will be used to create our future DAG.

Written by Anderson Patricio

Anderson Patricio

Anderson Patricio is a Canadian MVP in Cloud and Datacenter Management, and Office Server and Services, besides the Microsoft Award he also holds a Solutions Master (MCSM) in Exchange and several other certifications. Anderson has been contributing to the Microsoft Community with articles, tutorials, blog posts, twitter, forums and book reviews. He is a regular contributor here at,, and Anderson (Portuguese).

Related Post

How to create a DAG in Exchange Server 2013 SP1 wi... In this Tutorial we are going to use a new feature introduced in Exchange Server 2013 SP1 which is the capability to create a DAG object without an AA...
How to upgrade to Exchange Server 2013 Service Pac... Let’s go over the process to upgrade your existent Exchange Server 2013 version to the latest Service Pack 1 using command-line. Before starting I wo...
Exchange Server 2013 offsite protection using DPM ... Hello folks, My third article at going over the offsite protection of Exchange Server 2013 using DPM and Microsoft Azure is out. Check ...
Troubleshooting Event ID 15021 in Exchange Server ... In this Tutorial we are going to analyze the Event ID 15021 on Exchange Server 2013 which may be caused by a certificate issue. If you are experiencin...