Is it possible to deploy an IP-less DAG in Exchange SE without a Cluster Name Object

Hi Piskovszky

Regarding your concern, my answer is yes, but in depend, this article explicitly states there is an option to create a DAG without a cluster administrative access point if you are running this on Windows Sever 2012 R2:

However, Exchange also supports creating a DAG without a cluster administrative access point. In that supported design, the underlying cluster has no Network Name resource and no IP Address resource, the cluster name is not registered in DNS, and no CNO is created or used in Active Directory.

Given this, in this context, I suggest that you can use the supported “DAG without an administrative access point” (IP-less) configuration if your goal is to avoid a CNO and cluster IP resources.

Microsoft documentation explicitly states that in this mode the cluster won’t have a CNO in Active Directory and won’t include network name/IP resources in the cluster core resource group.

If the wizard continues to force the traditional model (static IP + CNO), create the DAG using the Exchange Management Shell method that corresponds to the “no administrative access point” design. This aligns with the supported behavior where no cluster administrative access point is used and no CNO is created.

Hope my answer will help you.

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".   

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Yes, a fully functional DAG can be deployed without a CNO, but only when using the “IP-less / no administrative access point” model that is supported under specific OS and Exchange versions. In that model, the underlying Windows Failover Cluster does not create or use a Cluster Name Object in Active Directory.

Key points from the supported designs:

1. Traditional DAGs (with cluster administrative access point)
   • Require one or more IP addresses on the MAPI subnets.
   • Windows Failover Clustering registers the cluster IP in DNS and creates a cluster name object (CNO) in Active Directory.
   • The DAG’s cluster administrative access point (network name + IP + CNO) is used only internally and optionally by some third‑party tools (backup/monitoring), not by Exchange clients or admins for normal DAG operations.
   • Example creation (with CNO and IPs):

          New-DatabaseAvailabilityGroup -Name DAG1 -WitnessServer EX4 -DatabaseAvailabilityGroupIPAddresses 10.0.0.5,192.168.0.5
     

2. DAGs without a cluster administrative access point (IP‑less DAGs)
   • Supported when:
     • Exchange 2013 SP1 or later is running on Windows Server 2012 R2 or later, or
     • Exchange 2016/2019 on Windows Server 2012 R2 or later.
   • Characteristics of the underlying Windows failover cluster:
     1. No IP address is assigned to the cluster (no IP Address resource).
     2. No network name is assigned (no Network Name resource).
     3. The cluster/DAG name is not registered in DNS and is not resolvable.
     4. A cluster name object (CNO) is not created in Active Directory.
     5. The cluster cannot be managed with Failover Cluster Manager; it must be managed with PowerShell against individual nodes.
   • Example creation (IP‑less, no CNO):

          New-DatabaseAvailabilityGroup -Name DAG1 -WitnessServer EX4 -DatabaseAvailabilityGroupIPAddresses ([System.Net.IPAddress])::None
     

   • In this model, the DAG is fully functional for Exchange purposes; DAG operations do not depend on the cluster name, IP, or CNO. The DAG uses member server names for internal communication.
3. Practical implications
   • If the wizard insists on a static IP and CNO, the environment is likely:
     • Not on Windows Server 2012 R2 or later for all DAG members, or
     • Not on a supported Exchange build for IP‑less DAGs, or
     • Using a creation path that assumes a traditional DAG.
   • For a “modern, simplified” AD footprint with no CNO:
     • Ensure all DAG members run a supported Windows version (2012 R2+).
     • Ensure Exchange is at least Exchange 2013 SP1 (or Exchange 2016/2019) on those OS versions.
     • Create the DAG using the New-DatabaseAvailabilityGroup cmdlet (or the EAC option where available) with DatabaseAvailabilityGroupIpAddresses ([System.Net.IPAddress])::None so that no administrative access point (and therefore no CNO) is created.
   • If third‑party tools require connecting to the cluster administrative access point, an IP‑less DAG is not appropriate; a traditional DAG with CNO and IPs is required.

So, the underlying Windows Failover Cluster does not always require a CNO: when configured as a cluster without an administrative access point (IP‑less DAG), no CNO is created, and Exchange DAG functionality remains fully supported in that configuration.

References:

• Planning for high availability and site resilience
• Changes to high availability and site resilience over previous versions of Exchange Server
• Changes to high availability and site resilience over previous versions
• Database availability groups (DAGs)
• Managing database availability groups
• Database availability groups