This might be a controversial statement, but I kind of think it is too easy to setup database availability groups in Exchange 2010 and later. It’s not that I would want DAGs to be harder to setup, it’s just that the ease with which one can setup a basic DAG allows too many people to stop there and not work on really understanding the deeper features and configurations of high availability for mailboxes. With that in mind, I want to cover what I think might be the least understood DAG configuration feature, DAC.

DAC mode is a feature of DAGs that is designed to prevent situations where an outage causes two copies of a database to be live on two different servers. DAC does this by stopping all your Exchange databases from coming online without manual intervention, so it’s very important to understand how it works, and why it does what it does before enabling it. Microsoft best practices calls for DAC mode to be activated on any DAG that has two or more members and uses continual replication. The only cases where DAC mode for a DAG is not recommended would be if you are using a 3^rd party replication tool.

With DAC active there is an additional communication between DAG nodes at startup that includes Datacenter Activation Coordination Protocol (DACP). DACP is a bit in memory of the Active Manager of DAG nodes with DAC mode active that is set to 0 on startup. As long as the DACP bit remains at 0, the Active Manager will not attempt to start any databases on that node. The DACP bit is set to 1 in one of two cases; when the DAG node contacts another DAG member with its DACP bit set to 1, or when a DAG node can contact all servers on is DAG membership list.

The primary scenario that DAC mode is intended to protect against is where a primary datacenter fails completely and a backup datacenter is activated. In the event of a primary datacenter power failure, it almost always is the case that when power returns the servers will come up before the WAN connection is back online. When this happens, different copies of the same databases can end up active in both datacenters.

For a DAG with two nodes, DAC mode uses a comparison of the boot time of the alternate witness server and the time the DACP bit was set to 1 to determine if it can mount databases. If the DACP bit was set to 1 earlier than the boot time of the alternate witness server the system assume that the two servers were rebooted at the same time (possibly because of a power failure at the primary data center) and the DAG member is not allowed to mount databases. If the DACP bit was set to 1 after the boot time of the alternate witness server, the system assumes it is safe to mount databases.

In addition to preventing split brain conditions, enabling DAC mode enables the stop, restore, and start DatabaseAvailabilityGroup commandlets. These commandlets are used to perform manual datacenter switch-overs. When DAC mode is not active, the process of a manual datacenter is complex and involves both Exchange tools and cluster manager.