Preparing for Exchange 2010 deployment

By capr
in Microsoft (Windows)

 Share

Recommended Posts

Grand Master

capr

Posted
Posted

Hey guys, noobie here... I am trying to prepare my Domain for an exchange server. I am running the following commands on the Domain Controller.

setup /PrepareSchema

setup /PrepareAD /OrganizationName:ph2304

setup /PrepareDomain

First one goes well, other two not so much...

Configuring Microsoft Exchange Server

Organization Preparation ......................... FAILED

The following error was generated when "$error.Clear(); initialize-Exchange

ConfigurationPermissions -DomainController $RoleDomainController" was run: "You

don't have permissions to read the security descriptor on CN=Deleted Objects,CN=

Configuration,DC=PH2304,DC=com.".

And the third one also fails at the last step.

Prepare Domain Progress ......................... FAILED

The following error was generated when "$error.Clear(); if ($RolePrepareAll

Domains) { initialize-DomainPermissions -AllDomains:$true -CreateTenantRoot:$Rol

eIsDatacenter; } elseif ($RoleDomain -ne $null) { initialize-DomainPermissions -

Domain $RoleDomain -CreateTenantRoot:$RoleIsDatacenter; } else { initialize-Doma

inPermissions -CreateTenantRoot:$RoleIsDatacenter; }" was run: "You don't have p

ermissions to read the security descriptor on CN=Deleted Objects,DC=PH2304,DC=co

m.".

Given those errors, what am I doing wrong? I can make out that it is telling me I don't have permissions, but the account is a member of domain admins, enterprise admins, and schema admins.

I also tried using the default administrator account since it has permission to do pretty much anything. But that didn't work either.

Mentor

timmmay

Posted
Posted

What is the FQDN of your domain? ie is it ph2304.com or ph2304.local etc

Use the FQDN with the "setup /PrepareAD /OrganizationName:" command.

Otherwise it would appear that the account you're running it from does not have permission. Make sure you're logged in as a domain admin and use an elevated command prompt (or turn off UAC and reboot).

Grand Master

sc302 Veteran

Posted
  • Veteran
Posted

Looks like you aren't logged in with the administrator account, you are logged in with someone who is a member of domain admins only. That is great and all, but the user needs more permissions than just domain admins.

read up here

http://technet.microsoft.com/en-us/library/aa997914.aspx

http://technet.microsoft.com/en-us/library/bb125224.aspx

http://technet.microsoft.com/en-us/library/ee681663.aspx

Grand Master

capr

Posted
  • Author
Posted

What is the FQDN of your domain? ie is it ph2304.com or ph2304.local etc

Use the FQDN with the "setup /PrepareAD /OrganizationName:" command.

Otherwise it would appear that the account you're running it from does not have permission. Make sure you're logged in as a domain admin and use an elevated command prompt (or turn off UAC and reboot).

FQDN = host name + primary dns suffix ???

so my host name is 2k8-DC and dns suffix is ph2304.com

so my FQDN would be 2k8-DC.ph2304.com ???

Everyone else, I know it seems like the account doesn't have permissions, but it does. That's why I am stuck and asking for help.

Grand Master

capr

Posted
  • Author
Posted

I did a bunch of stuff.... now I get this when I try to do it manually or allow the setup to run setup /prepareAD

Organization Preparation

Failed

Error:

The following error was generated when "$error.Clear(); initialize-ExchangeUniversalGroups -DomainController $RoleDomainController" was run: "The well-known object entry B:32:C262A929D691B74A9E068728F8F842EA:CN=Organization Management\0ADEL:6e5820cf-60ba-4aae-8cc8-d28750d35864,CN=Deleted Objects,DC=PH2304,DC=com on the otherWellKnownObjects attribute in the container object CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=PH2304,DC=com points to an invalid DN or a deleted object. Remove the entry, and then rerun the task.".

The well-known object entry B:32:C262A929D691B74A9E068728F8F842EA:CN=Organization Management\0ADEL:6e5820cf-60ba-4aae-8cc8-d28750d35864,CN=Deleted Objects,DC=PH2304,DC=com on the otherWellKnownObjects attribute in the container object CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=PH2304,DC=com points to an invalid DN or a deleted object. Remove the entry, and then rerun the task.

Elapsed Time: 00:00:11

I used ADSI Edit to go and try to find this but the only exchange related think is "OU=Microsoft Exchange Security Groups" and in that, otherWellKnownObjects has a <not set> value.

This topic is now closed to further replies.
 Share
Go to topic listing

  • Posts

    • Rockstar confirms Grand Theft Auto VI pre-orders begin next week, unveils cover art

      By jordanspringer · Posted

      The helicopter is still in the top left corner, thats all that matters.
    • This is how much iPhone 18 Pro could cost after Apple's price hike confirmed

      By Steven P. · Posted

      Kind of glad I upgraded to S26 Ultra 1TB this year, with trade-in and discounts it cost me €1199, that's only €119 more than the S23 Ultra (256 GB) cost me. Last time I bought it via my phone provider outright with committing to two years, now via Samsung.com I reckon the S27 series will be more expensive too.
    • Politically funny images of the World

      By PsYcHoKiLLa · Posted

    • Neowin's 2026 Desktop Thread

      By TCA · Posted

      Yes. Yes, I would.
    • Save 66% on a MagTag Ultra Slim Tracker Card for Apple or Android

      By News Staff · Posted

      Save 66% on a MagTag Ultra Slim Tracker Card for Apple or Android by Steven Parker Never Lose Anything Again with MagTag Today's highlighted deal comes via our Gear + Gadgets section of the Neowin Deals store where you can save 66% on this MagTag Ultra Slim Tracker Card - Works with Apple Find My App. Keep track of your world with MagTag, a sleek, ultra-slim, reliable tracker that’s built to help you safeguard your most important items. In the size of a credit card, just 1.5mm thick, you can slip MagTag easily into your wallet, backpack, passport pouch luggage…etc. Integrated seamlessly with Apple’s FindMy app, MagTag offers precise real-time global tracking, instant left-behind alerts, loud location beeping, and a long-lasting rechargeable battery. Whether you’re heading to work, on vacation, or simply running errands, MagTag ensures you never lose what matters most. No item left behind Precision Global Tracking: Works seamlessly with the Apple FindMy app, providing real-time tracking anywhere in the world, powered by the vast Apple network. Ultra Slim Design: At just 1.5mm thick and the size of a credit card, MagTag slips easily into your wallet, passport pouch, backpack, or luggage. Instant Alerts: Receive notifications the moment you leave behind your valuables, and locate them easily with a loud beeping sound. Versatile Attachment Options: With a built-in keyring hole, attach MagTag to keys, ID lanyards, kids’ bags, or name tags for easy access and protection. Long Battery Life & Wireless Charging: Lasts up to 5 months on a single charge and can be easily recharged with any Qi wireless charger. Durable & Waterproof: IP68 waterproof and dustproof built to withstand your adventures, perfect for vacations and everyday use, no matter where life takes you. Specs Color: Black Materials: ABS Dimensions: 0.05" x 3.35" x 2.13" (1.5mm x 85mm x 54mm) Ultra-slim Apple FindMy App Built-in keyring hole Battery life: up to 5 months Charging: Qi wireless IP68 rating (waterproof, dustproof) Manufacturer's 90-day warranty Good to know Ships to US Expected Delivery: Expected Delivery: Jun 23 - Jul 2 All sales final. This item is excluded from coupons. Here's the deal: This MagTag Ultra Slim Tracker Card (for Apple or Android) normally costs $59.99, but you can pick it up for just $19.99 for a limited time - that represents a saving of $19. For a full description, specs, and shipping info, click the link below. MagTag Ultra Slim Tracker Card now just $19.99 (was $59.99) Get the two-pack and save 70% Ships only to Contiguous US Support queries If you have queries or need support for any of the Neowin Deals, please use the contact form here. Neowin Deals are managed and sold by StackCommerce who represent Neowin on an affiliate basis. Why we post these deals We post these because we earn commission on each sale so as not to rely solely on advertising, which many of our readers block. It all helps toward paying staff reporters, servers and hosting costs. So for those that keep moaning and complaining, be thankful we're still online for you to even do that. Other ways to support Neowin Whitelist Neowin by not blocking our ads Create a free member account to see fewer ads Make a donation to support our day to day running costs Subscribe to Neowin - for $14 a year, or $28 a year for an ad-free experience Disclosure: Neowin benefits from revenue of each sale made through our branded deals site powered by StackCommerce.

  • Recent Achievements

    • Week One Done
      Huge Trailer earned a badge
      Week One Done
    • Week One Done
      Classifyskilleducation earned a badge
      Week One Done
    • One Month Later
      eurospharma62 earned a badge
      One Month Later
    • Week One Done
      With What earned a badge
      Week One Done
    • Week One Done
      Harris Gilbert earned a badge
      Week One Done

  • Popular Contributors

    1. 1
      +primortal
      586
    2. 2
      +Edouard
      169
    3. 3
      PsYcHoKiLLa
      73
    4. 4
      Michael Scrip
      66
    5. 5
      ATLien_0
      64
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!