Exchange 2007: PrepareAD will fail if Deleted Objects OU is missing
Recently I was building a lab for my customer and did the prepareAD which gave me this error. Let us see how we proceeded.
It is a new windows 2008 R2 AD environment.
We successfully completed the prepardschema. Enabled the replication. Tested AD replication.
After all came healthy we decided to go ahead with setup.com /prepareAD.
Issue:
We got the following error while running setup.com /prepareAD /OrganizationName:ORGNAME
===============================================
Configuring Microsoft Exchange Server
Organization Preparation ……………………. FAILED
You do not have permissions to read the security descriptor on CN=Deleted Objects,CN=Configuration,DC=domain,DC=net.
===============================================
Resolution:
Create a domain user
Replicate this user to all domain controllers
Delete this user
Replicate this change to all domain controllers
Conclusion:
We need to have “Deleted Objects” organization unit present in the AD to give the permissions on this OU for Exchange groups. So make sure you have deleted objects OU created.
Reference:
Prabhat Nigam
Microsoft MVP | Exchange Server
Team @MSExchangeGuru
