skip to Main Content

Create DAG Exchange Server step by step

In the course Exchange Server High Availability, you learned how to load balance Exchange Server and keep the mail flow active. To complete the course, it’s essential to create a Database Availability Group (DAG) in Exchange 2013/2016/2019. Configure Exchange DAG to keep the mailboxes available when an Exchange Server fails.

Exchange Database Availability Group

A database availability group (DAG) is the base component of the Mailbox server high availability and site resilience framework built into Microsoft Exchange Server. A DAG is a group of up to 16 Mailbox servers that hosts a set of databases and provides automatic database-level recovery from failures that affect individual servers or databases.

Note: All servers within a DAG must be running the same version of Exchange. For example, you can’t mix Exchange 2013 servers and Exchange 2016 servers in the same DAG.

IP-less DAG

There are two possibilities to configure DAG for Exchange Server:

  • IP-based DAG (with IP)
  • IP-less DAG (without IP) since Exchange 2013 SP1 (CU4)

Note: In Exchange Server 2016 and higher, the default DAG set up is IP-less DAGs.

In this article, we will cover the IP-less DAG, which we do recommend to set up.

Single network interface

In Exchange Server 2016 and higher, we don’t recommend to create a dedicated network for replication (DAG). Use the same subnet and network that you already have set up.

The preferred architecture leverages a single, non-teamed network interface for both client connectivity and data replication. A single network interface is all that is needed because ultimately our goal is to achieve a standard recovery model regardless of the failure – whether a server failure occurs or a network failure occurs, the result is the same: a database copy is activated on another server within the DAG. This architectural change simplifies the network stack and obviates the need to manually eliminate heartbeat cross-talk.

Read more about the preferred architecture by the Exchange Team.

Convert between IP-based DAG and IP-less DAG

Do you want to move from IP-based DAG to IP-less DAG or the other way around? You have to create a new IP-based DAG or IP-less DAG because there is no option to convert.

Configure Database Availability Group

In four steps, you will configure the Exchange DAG.

Configure File Share Witness (FSW)

The first step is to configure the file share witness server permissions. We recommend you to use a file server and not any other server.

Important: Don’t use a domain controller as a witness server!

Sign in to the File Server. Go to Administrative Tools and start Computer Management.

Create DAG Exchange 2016 step by step Administrative Tools

Expand Local Users and Groups and click on Groups. Double-click on the Administrators group and add the group Exchange Trusted Subsystem.

Add Exchange Trusted Subsystem group to administrators group

Step one is done. Let’s create the DAG in the next step.

Create DAG (Database Availability Group)

Sign in to Exchange Admin Center. Click on servers in the feature pane and click on database availability groups in the tabs. In the toolbar, click on + to create a new DAG.

Create DAG in Exchange Admin Center

Fill in the DAG name, witness server, witness directory. Leave the IP address empty or specify the IP address Click Save.

Note: Exchange Server will automatic add the IP address if you leave it empty.

If Windows Firewall is enabled on the witness server, it may block the creation of the DAG. Exchange uses Windows Management Instrumentation (WMI) to create the directory and file share on the witness server

Do one of the following on the witness server:

  • Enable the WMI exception in Windows Firewall
  • Disable Windows Firewall
Configure new database availability group

The database availability group is created. You will see the DAG in the list view. Double-click on the DAG01-2016.

DAG available in list view after creation

In the menu, click on IP address. Verify that you see the IP address

Verify database availability group IP address

Step two is done. The third step is to add the Exchange Servers to the DAG.

Add Exchange Servers to DAG

Select the database availability group in the list view and click the Manage DAG membership icon.

Manage DAG membership

Click the + icon.

Add the Exchange Servers

Select the Exchange Servers. Click on Add and follow with OK.

Select Exchange Servers for the DAG

Click Save.

Save the Exchange Servers

The task will install the Windows Failover Clustering on both the Exchange Servers.

Task is installing Windows Failover Clustering on Exchange Server

The operation will add the Exchange Server to the database availability group.

Adding server to database availability group

The same will apply to the other Exchange Servers.

Task is installing Windows Failover Clustering on Exchange Server

The operation will complete. Click Close.

DAG operation completed succesfully

The column Member Servers shows the Exchange Servers.

DAG member servers added

Step three is done. In step four, which is the last step, you will verify the witness server folder.

Verify File Share Witness folder

Go to the file server C:\ drive and verify that the DAG01-2016 folder is created. After opening the folder, you will find a GUID folder, and in there you will see two files with the name:

  • VerifyShareWriteAccess.txt
  • Witness.log

It can take a couple of minutes before both files show up. The size is small, and it will stay that way.

Note: Exclude the File Share Witness folder from your Antivirus/Security product. Read more in the article Antivirus exclusions for Exchange Server.

Verify file share witness files

You did successfully configure an Exchange database availability group. The next step is to add mailbox database copies.

Keep reading: DAG activation preference behavior change in Exchange 2016 CU2 »


You learned how to create a DAG in Exchange Server step by step. Before you start, add the Exchange Trusted Subsystem to the Witness Server local administrator group. After that, create the DAG in Exchange Admin Center and add the Exchange Servers to the DAG. Don’t forget to verify your work as always.

Did you enjoy this article? You may also like Exchange Server in DMZ or LAN network. Don’t forget to follow us and share this article.



ALI TAJRAN is a passionate IT Architect, IT Consultant, and Microsoft Certified Trainer. He started Information Technology at a very young age, and his goal is to teach and inspire others. Read more »

This Post Has 25 Comments

  1. Hi Ali,
    I have a IP-less DAG in Exchange 2013 and now i want migrate to Exchange 2019. Is it possible to make another IP-less DAG on Exchange 2019 ??

      1. Tnx ali ,
        I did It but i have a lot of queue in shadow redundancy and SmtRrelayWithAdSitetoEdge .
        ok , i must find the problem. do you have any idea ???

  2. Hello Ali,
    I have one simple question. Does this tutorial cover Exchange 2013? We have two same version Exchange 2013 servers but Im not sure should we use this tutorial?

  3. Thanks for sharing Ali,

    We want to configure Ip Less new DAG2019 for our 2 Exchange2019 servers.
    We use for our Organisation 3th Party Backup Software(Veeam).
    Does using Ip Less prevent backup? I read this somewhere.

    Thanks for your answer.

  4. Hi,ALI,Exchange 2019 DAG Create is changed! Witness directory must be in the following format to be created successfully.

    Database Availability Group Name: DAG01-2019
    Witness Server:
    Witness directory: C:\DAG01-2019\

    1. There are different combinations of options available to create an Exchange DAG. The one you showed is one of the options. The one I showed in the article works fine (just tested on Exchange Server 2019).

  5. Hi,ALI,I found a very strange problem. I created a database high-availability group on exchange. After the creation was successful, no error was reported, but the witness directory could not be found in the C drive of the witness server.

      1. Hi,
        Can the DAG server be regularly backed up and restored as a snapshot? After the DAG server snapshot is restored, will the mail server work normally? grateful.

    1. Yes, you can mix them. But, try to keep the same CUs between both Exchange Server versions. If you keep a couple of weeks difference between the CUs, it’s okay. Just don’t keep that for the long term. In your case, both will be on Exchange Server 2016 CU22.

      Read more: Install Exchange Server Cumulative Update.

      What isn’t possible is to have different Exchange Server releases in a DAG. For example, Exchange Server 2016 and Exchange Server 2019 can’t be in a DAG setup.

  6. Hi Ali,
    Thanks a lot for your support.
    I am running on the following issue: Event ID 1564 even through the replication is working fine.

    File share witness resource ‘File Share Witness (\\\’ failed to arbitrate for the file share ‘\\\’. Please ensure that file share ‘\\\’ exists and is accessible by the cluster.

    Since, we are using an IP less, it is hard to identify if the witness file is up or not, from every server tried to access the file server and it is working fine.
    Any suggestion

  7. Hello.
    Did all by your guide, but in failover cluster snap got error:

    Cluster network name resource ‘Cluster Name’ cannot be brought online. Ensure that the network adapters for dependent IP address resources have access to at least one DNS server. Alternatively, enable NetBIOS for dependent IP addresses.

  8. I have completed everything as per your description. There were no errors during coping.
    Database status on the second server passive healthy but after switching to the second server it is not possible to connect to any mailbox in the server.

  9. Hi Ali,
    Why did you configure the witness folder on the local exchange server?
    Isn’t it better to configure the witness folder in a shared folder?
    Thanks for your advice


    1. Hi Eddy,

      I did configure the witness server on the FS01-2016, which is the fileserver.
      The name of the DAG is DAG01-2016.

      Don’t configure the witness folder on the Exchange Server.


  10. What should I do at the step of adding servers to the DAG, if my exchange only sees itself? It doesn’t see my other server in the network?

Leave a Reply

Your email address will not be published. Required fields are marked *