Jump to content



Photo

Preparing for Exchange 2010 deployment

exchange 2010 installing exchange

  • Please log in to reply
6 replies to this topic

#1 capr

capr

    Neowinian Senior

  • Joined: 01-July 05

Posted 16 June 2012 - 23:52

Hey guys, noobie here... I am trying to prepare my Domain for an exchange server. I am running the following commands on the Domain Controller.

setup /PrepareSchema

setup /PrepareAD /OrganizationName:ph2304

setup /PrepareDomain

First one goes well, other two not so much...

Configuring Microsoft Exchange Server
Organization Preparation ......................... FAILED
The following error was generated when "$error.Clear(); initialize-Exchange
ConfigurationPermissions -DomainController $RoleDomainController" was run: "You
don't have permissions to read the security descriptor on CN=Deleted Objects,CN=
Configuration,DC=PH2304,DC=com.".


And the third one also fails at the last step.


Prepare Domain Progress ......................... FAILED
The following error was generated when "$error.Clear(); if ($RolePrepareAll
Domains) { initialize-DomainPermissions -AllDomains:$true -CreateTenantRoot:$Rol
eIsDatacenter; } elseif ($RoleDomain -ne $null) { initialize-DomainPermissions -
Domain $RoleDomain -CreateTenantRoot:$RoleIsDatacenter; } else { initialize-Doma
inPermissions -CreateTenantRoot:$RoleIsDatacenter; }" was run: "You don't have p
ermissions to read the security descriptor on CN=Deleted Objects,DC=PH2304,DC=co
m.".


Given those errors, what am I doing wrong? I can make out that it is telling me I don't have permissions, but the account is a member of domain admins, enterprise admins, and schema admins.
I also tried using the default administrator account since it has permission to do pretty much anything. But that didn't work either.


#2 timmmay

timmmay

    Neowinian Senior

  • Joined: 29-April 02

Posted 16 June 2012 - 23:58

What is the FQDN of your domain? ie is it ph2304.com or ph2304.local etc

Use the FQDN with the "setup /PrepareAD /OrganizationName:" command.

Otherwise it would appear that the account you're running it from does not have permission. Make sure you're logged in as a domain admin and use an elevated command prompt (or turn off UAC and reboot).

#3 xendrome

xendrome

    In God We Trust; All Others We Monitor

  • Tech Issues Solved: 12
  • Joined: 05-December 01
  • OS: Windows 8.1 Pro x64

Posted 17 June 2012 - 00:03

What version OS is your DC also..

#4 sc302

sc302

    Neowinian Senior

  • Tech Issues Solved: 31
  • Joined: 12-July 05
  • Location: NJ, USA

Posted 17 June 2012 - 02:30

Looks like you aren't logged in with the administrator account, you are logged in with someone who is a member of domain admins only. That is great and all, but the user needs more permissions than just domain admins.

read up here
http://technet.micro...y/aa997914.aspx
http://technet.micro...y/bb125224.aspx
http://technet.micro...y/ee681663.aspx

#5 OP capr

capr

    Neowinian Senior

  • Joined: 01-July 05

Posted 17 June 2012 - 02:50

What is the FQDN of your domain? ie is it ph2304.com or ph2304.local etc

Use the FQDN with the "setup /PrepareAD /OrganizationName:" command.

Otherwise it would appear that the account you're running it from does not have permission. Make sure you're logged in as a domain admin and use an elevated command prompt (or turn off UAC and reboot).


FQDN = host name + primary dns suffix ???

so my host name is 2k8-DC and dns suffix is ph2304.com

so my FQDN would be 2k8-DC.ph2304.com ???

Everyone else, I know it seems like the account doesn't have permissions, but it does. That's why I am stuck and asking for help.

#6 OP capr

capr

    Neowinian Senior

  • Joined: 01-July 05

Posted 17 June 2012 - 05:22

I did a bunch of stuff.... now I get this when I try to do it manually or allow the setup to run setup /prepareAD

Organization Preparation
Failed

Error:
The following error was generated when "$error.Clear(); initialize-ExchangeUniversalGroups -DomainController $RoleDomainController" was run: "The well-known object entry B:32:C262A929D691B74A9E068728F8F842EA:CN=Organization Management\0ADEL:6e5820cf-60ba-4aae-8cc8-d28750d35864,CN=Deleted Objects,DC=PH2304,DC=com on the otherWellKnownObjects attribute in the container object CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=PH2304,DC=com points to an invalid DN or a deleted object. Remove the entry, and then rerun the task.".

The well-known object entry B:32:C262A929D691B74A9E068728F8F842EA:CN=Organization Management\0ADEL:6e5820cf-60ba-4aae-8cc8-d28750d35864,CN=Deleted Objects,DC=PH2304,DC=com on the otherWellKnownObjects attribute in the container object CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=PH2304,DC=com points to an invalid DN or a deleted object. Remove the entry, and then rerun the task.

Elapsed Time: 00:00:11


I used ADSI Edit to go and try to find this but the only exchange related think is "OU=Microsoft Exchange Security Groups" and in that, otherWellKnownObjects has a <not set> value.

#7 sc302

sc302

    Neowinian Senior

  • Tech Issues Solved: 31
  • Joined: 12-July 05
  • Location: NJ, USA

Posted 17 June 2012 - 17:18

Keep looking through adsiedit. you are almost there.