Managing DAG: Creating a DAG object

Share this:

When creating a new DAG on top of Windows Server 2012 the new DAG object must be created before running the wizard/cmdlet using either Exchange Admin Center or Exchange Management Shell.

You may want to use the same procedures where the Exchange Admin does not have enough permissions to create AD objects.

In this Series we are going to name our DAG as DAGTOR and it will have 4 members (TOREX01, TOREX02, POAEX01 and POAEX02), as you may have noticed the DAG will be spread in two datacenters, each step required to build that environment will be demonstrated in this series.

Creating the DAG object in Active Directory Users and Computers..

First of all, let’s open the Active Directory Users and Computers, and then click on View  and then Advanced Features.


and create a new computer. Right click on the desired OU, then select New and then computer.


Well done! Computer account created, now let’s right-click on the object that we have just created, and then click on  Disable Account and then Yes.


Permissions required on the new object..

Time to play with the permissions, let’s as properties of the object that we have just created, and let’s go to the Security tab.

The first step is to find out the Exchange Trusted Subsystem entry and after selecting it, make sure to click on the first column of the line Full Control as shown in the figure below.


Now, we need to assign permissions to the first DAG member that will be added to the new DAG. Let’s click on Add… and then click on Object Types… and make sure to select only Computers and then click OK.


Back to the second window, type in the name of the first DAG member (in our case will be TOREX01) and click on Check Names, and finally click on OK.

Now that we are back on the properties of the new DAG computer object, select the computer that we have just added to the list and select the first column of the Full Control. Click on Apply and OK.


That’s it! Now on our series we checked the process to create and manage the DAG Witness Server and how to create the object that will be used to create our future DAG.

Written by Anderson Patricio

Anderson Patricio

Anderson Patricio is a Canadian MVP in Cloud and Datacenter Management, and Office Server and Services, besides the Microsoft Award he also holds a Solutions Master (MCSM) in Exchange and several other certifications. Anderson has been contributing to the Microsoft Community with articles, tutorials, blog posts, twitter, forums and book reviews. He is a regular contributor here at,, and Anderson (Portuguese).

Related Post

IMAP inaccessible on Exchange Server 2013 If you are experiencing an issue where the IMAP clients are not able to connect on the Exchange Server 2013/2016 server, and when trying to telnet the...
Exchange Server 2016 – Creating a DAG Creating a DAG object in an Exchange Server 2016 organization and preparing the witness server to support the new DAG. Solution The DAG is a l...
How to… access EAC after installing the first Exch... As soon as you introduce your first Exchange Server 2013 in your organization you first action may be trying to logon on ECP/EAC to get access however...
Error Property InvalidDatabaseCopiesAllowed In some scenarios when creating a Mailbox Database the error below may appear. This Tutorial was based on Exchange Server 2013 Service Pack 1 (CU4). P...