capr Posted June 16, 2012 Share Posted June 16, 2012 Hey guys, noobie here... I am trying to prepare my Domain for an exchange server. I am running the following commands on the Domain Controller. setup /PrepareSchema setup /PrepareAD /OrganizationName:ph2304 setup /PrepareDomain First one goes well, other two not so much... Configuring Microsoft Exchange Server Organization Preparation ......................... FAILED The following error was generated when "$error.Clear(); initialize-Exchange ConfigurationPermissions -DomainController $RoleDomainController" was run: "You don't have permissions to read the security descriptor on CN=Deleted Objects,CN= Configuration,DC=PH2304,DC=com.". And the third one also fails at the last step. Prepare Domain Progress ......................... FAILED The following error was generated when "$error.Clear(); if ($RolePrepareAll Domains) { initialize-DomainPermissions -AllDomains:$true -CreateTenantRoot:$Rol eIsDatacenter; } elseif ($RoleDomain -ne $null) { initialize-DomainPermissions - Domain $RoleDomain -CreateTenantRoot:$RoleIsDatacenter; } else { initialize-Doma inPermissions -CreateTenantRoot:$RoleIsDatacenter; }" was run: "You don't have p ermissions to read the security descriptor on CN=Deleted Objects,DC=PH2304,DC=co m.". Given those errors, what am I doing wrong? I can make out that it is telling me I don't have permissions, but the account is a member of domain admins, enterprise admins, and schema admins. I also tried using the default administrator account since it has permission to do pretty much anything. But that didn't work either. Link to comment Share on other sites More sharing options...
timmmay Posted June 16, 2012 Share Posted June 16, 2012 What is the FQDN of your domain? ie is it ph2304.com or ph2304.local etc Use the FQDN with the "setup /PrepareAD /OrganizationName:" command. Otherwise it would appear that the account you're running it from does not have permission. Make sure you're logged in as a domain admin and use an elevated command prompt (or turn off UAC and reboot). Link to comment Share on other sites More sharing options...
xendrome Posted June 17, 2012 Share Posted June 17, 2012 What version OS is your DC also.. Link to comment Share on other sites More sharing options...
sc302 Veteran Posted June 17, 2012 Veteran Share Posted June 17, 2012 Looks like you aren't logged in with the administrator account, you are logged in with someone who is a member of domain admins only. That is great and all, but the user needs more permissions than just domain admins. read up here http://technet.microsoft.com/en-us/library/aa997914.aspx http://technet.microsoft.com/en-us/library/bb125224.aspx http://technet.microsoft.com/en-us/library/ee681663.aspx Link to comment Share on other sites More sharing options...
capr Posted June 17, 2012 Author Share Posted June 17, 2012 What is the FQDN of your domain? ie is it ph2304.com or ph2304.local etc Use the FQDN with the "setup /PrepareAD /OrganizationName:" command. Otherwise it would appear that the account you're running it from does not have permission. Make sure you're logged in as a domain admin and use an elevated command prompt (or turn off UAC and reboot). FQDN = host name + primary dns suffix ??? so my host name is 2k8-DC and dns suffix is ph2304.com so my FQDN would be 2k8-DC.ph2304.com ??? Everyone else, I know it seems like the account doesn't have permissions, but it does. That's why I am stuck and asking for help. Link to comment Share on other sites More sharing options...
capr Posted June 17, 2012 Author Share Posted June 17, 2012 I did a bunch of stuff.... now I get this when I try to do it manually or allow the setup to run setup /prepareAD Organization PreparationFailed Error: The following error was generated when "$error.Clear(); initialize-ExchangeUniversalGroups -DomainController $RoleDomainController" was run: "The well-known object entry B:32:C262A929D691B74A9E068728F8F842EA:CN=Organization Management\0ADEL:6e5820cf-60ba-4aae-8cc8-d28750d35864,CN=Deleted Objects,DC=PH2304,DC=com on the otherWellKnownObjects attribute in the container object CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=PH2304,DC=com points to an invalid DN or a deleted object. Remove the entry, and then rerun the task.". The well-known object entry B:32:C262A929D691B74A9E068728F8F842EA:CN=Organization Management\0ADEL:6e5820cf-60ba-4aae-8cc8-d28750d35864,CN=Deleted Objects,DC=PH2304,DC=com on the otherWellKnownObjects attribute in the container object CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=PH2304,DC=com points to an invalid DN or a deleted object. Remove the entry, and then rerun the task. Elapsed Time: 00:00:11 I used ADSI Edit to go and try to find this but the only exchange related think is "OU=Microsoft Exchange Security Groups" and in that, otherWellKnownObjects has a <not set> value. Link to comment Share on other sites More sharing options...
sc302 Veteran Posted June 17, 2012 Veteran Share Posted June 17, 2012 Keep looking through adsiedit. you are almost there. Link to comment Share on other sites More sharing options...
Recommended Posts