7 posts in this topic

Posted

Hey guys, noobie here... I am trying to prepare my Domain for an exchange server. I am running the following commands on the Domain Controller.

setup /PrepareSchema

setup /PrepareAD /OrganizationName:ph2304

setup /PrepareDomain

First one goes well, other two not so much...

Configuring Microsoft Exchange Server

Organization Preparation ......................... FAILED

The following error was generated when "$error.Clear(); initialize-Exchange

ConfigurationPermissions -DomainController $RoleDomainController" was run: "You

don't have permissions to read the security descriptor on CN=Deleted Objects,CN=

Configuration,DC=PH2304,DC=com.".

And the third one also fails at the last step.

Prepare Domain Progress ......................... FAILED

The following error was generated when "$error.Clear(); if ($RolePrepareAll

Domains) { initialize-DomainPermissions -AllDomains:$true -CreateTenantRoot:$Rol

eIsDatacenter; } elseif ($RoleDomain -ne $null) { initialize-DomainPermissions -

Domain $RoleDomain -CreateTenantRoot:$RoleIsDatacenter; } else { initialize-Doma

inPermissions -CreateTenantRoot:$RoleIsDatacenter; }" was run: "You don't have p

ermissions to read the security descriptor on CN=Deleted Objects,DC=PH2304,DC=co

m.".

Given those errors, what am I doing wrong? I can make out that it is telling me I don't have permissions, but the account is a member of domain admins, enterprise admins, and schema admins.

I also tried using the default administrator account since it has permission to do pretty much anything. But that didn't work either.

Share this post


Link to post
Share on other sites

Posted

What is the FQDN of your domain? ie is it ph2304.com or ph2304.local etc

Use the FQDN with the "setup /PrepareAD /OrganizationName:" command.

Otherwise it would appear that the account you're running it from does not have permission. Make sure you're logged in as a domain admin and use an elevated command prompt (or turn off UAC and reboot).

Share this post


Link to post
Share on other sites

Posted

What version OS is your DC also..

Share this post


Link to post
Share on other sites

Posted

Looks like you aren't logged in with the administrator account, you are logged in with someone who is a member of domain admins only. That is great and all, but the user needs more permissions than just domain admins.

read up here

http://technet.microsoft.com/en-us/library/aa997914.aspx

http://technet.microsoft.com/en-us/library/bb125224.aspx

http://technet.microsoft.com/en-us/library/ee681663.aspx

Share this post


Link to post
Share on other sites

Posted

What is the FQDN of your domain? ie is it ph2304.com or ph2304.local etc

Use the FQDN with the "setup /PrepareAD /OrganizationName:" command.

Otherwise it would appear that the account you're running it from does not have permission. Make sure you're logged in as a domain admin and use an elevated command prompt (or turn off UAC and reboot).

FQDN = host name + primary dns suffix ???

so my host name is 2k8-DC and dns suffix is ph2304.com

so my FQDN would be 2k8-DC.ph2304.com ???

Everyone else, I know it seems like the account doesn't have permissions, but it does. That's why I am stuck and asking for help.

Share this post


Link to post
Share on other sites

Posted

I did a bunch of stuff.... now I get this when I try to do it manually or allow the setup to run setup /prepareAD

Organization Preparation

Failed

Error:

The following error was generated when "$error.Clear(); initialize-ExchangeUniversalGroups -DomainController $RoleDomainController" was run: "The well-known object entry B:32:C262A929D691B74A9E068728F8F842EA:CN=Organization Management\0ADEL:6e5820cf-60ba-4aae-8cc8-d28750d35864,CN=Deleted Objects,DC=PH2304,DC=com on the otherWellKnownObjects attribute in the container object CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=PH2304,DC=com points to an invalid DN or a deleted object. Remove the entry, and then rerun the task.".

The well-known object entry B:32:C262A929D691B74A9E068728F8F842EA:CN=Organization Management\0ADEL:6e5820cf-60ba-4aae-8cc8-d28750d35864,CN=Deleted Objects,DC=PH2304,DC=com on the otherWellKnownObjects attribute in the container object CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=PH2304,DC=com points to an invalid DN or a deleted object. Remove the entry, and then rerun the task.

Elapsed Time: 00:00:11

I used ADSI Edit to go and try to find this but the only exchange related think is "OU=Microsoft Exchange Security Groups" and in that, otherWellKnownObjects has a <not set> value.

Share this post


Link to post
Share on other sites

Posted

Keep looking through adsiedit. you are almost there.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.