When installing Exchange 2013 /prepareschema ran fine. When trying /prepareAD it always ends with this error:
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\administrator.NOUVEAUEYEWEAR>g:\setup.exe /prepareAD /OrganizationName:
Nouveau /IAcceptExchangeServerLicenseTerms
Welcome to Microsoft Exchange Server 2013 Service Pack 1 Unattended Setup
Copying Files...
File copy complete. Setup will now collect additional information needed for
installation.
Performing Microsoft Exchange Server Prerequisite Check
Prerequisite Analysis COMPLETED
Setup will prepare the organization for Exchange 2013 by using 'Setup /PrepareA
D'. No Exchange 2007 server roles have been detected in this topology. After thi
s operation, you will not be able to install any Exchange 2007 servers.
For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms
.exch.setupreadiness.NoE12ServerWarning.aspx
Setup will prepare the organization for Exchange 2013 by using 'Setup /PrepareA
D'. No Exchange 2010 server roles have been detected in this topology. After thi
s operation, you will not be able to install any Exchange 2010 servers.
For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms
.exch.setupreadiness.NoE14ServerWarning.aspx
Configuring Microsoft Exchange Server
Organization Preparation FAILED
The following error was generated when "$error.Clear();
$createTenantRoot = ($RoleIsDatacenter -or $RoleIsPartnerHosted);
$createMsoSyncRoot = $RoleIsDatacenter;
#$RoleDatacenterIsManagementForest is set only in Datacenter deploymen
t; interpret its absense as $false
[bool]$isManagementForest = ($RoleDatacenterIsManagementForest -eq $tr
ue);
if ($RolePrepareAllDomains)
{
initialize-DomainPermissions -AllDomains:$true -CreateTenantRoot:$
createTenantRoot -CreateMsoSyncRoot:$createMsoSyncRoot -IsManagementForest:$isMa
nagementForest;
}
elseif ($RoleDomain -ne $null)
{
initialize-DomainPermissions -Domain $RoleDomain -CreateTenantRoot
:$createTenantRoot -CreateMsoSyncRoot:$createMsoSyncRoot -IsManagementForest:$is
ManagementForest;
}
else
{
initialize-DomainPermissions -CreateTenantRoot:$createTenantRoot -
CreateMsoSyncRoot:$createMsoSyncRoot -IsManagementForest:$isManagementForest;
}
" was run: "Multiple objects with Sid S-1-5-21-1409082233-329068152-8395
22115-513 were found.".
The Exchange Server setup operation didn't complete. More details can be found
in ExchangeSetup.log located in the <SystemDrive>:\ExchangeSetupLogs folder.
The SID belongs to the Domain Users Group .
NOUVEAUEYEWEAR Domain Users S-1-5-21-1409082233-329068152-839522115-513
NTDSUtil check duplicate SID finds nothing.
LDP.exe only finds the Domain Users.
Anyone have any help on this?
Check if you can find the SID on multiple objects using this...
Get-ADObject -filter * -Properties objectsid| Select name,objectsid,DistinguishedName | export-csv sids.csv
You might need to install AD module for Powershell first and import it to run above cmdlet...
Import-Module ServerManager
Add-WindowsFeature RSAT-AD-PowerShell
Import-Module ActiveDirectory
I haven't ran that. Is it available on the cd or will I need to download it?
Ah nevermind, you said your Exchange 2003 is crashed and never recovered and there isn't any Exchange in the environment currently...
Do you still see the server object in ADSIEdit for old Exchange 2003? Wondering if this is something related to that...
There are some lingering remnants but the SID doesn't match. My thought moving forward is to create a Temporary Domain and migrate the AD using ADMT. Hopefully this will clean up any garbage and then I will migrate back to the original.
I'd sure like to figure out how to solve the dup SID first though. There has got to be something I'm missing.
I did a search of the registry on all my DCs. All 3 had these entries:
HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy\GroupMemebership\Group12 REG_SZ S-1-5-21-1409082233-329068152-839522115-513
HKLM\Software\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-1409082233-329068152-839522115-500\GroupMemebership\Group12 REG_SZ S-1-5-21-1409082233-329068152-839522115-513
HKUSERS\S-1-5-21-1409082233-329068152-839522115-500\Software\Microsoft\Windows\CurrentVersion\Group Policy\GroupMemebership\Group12 REG_SZ S-1-5-21-1409082233-329068152-839522115-513
The Master had this added entry (Im assuming because it is 64bit OS)
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-1409082233-329068152-839522115-500\GroupMemebership\Group12 REG_SZ S-1-5-21-1409082233-329068152-839522115-513
One DC had this extra entry which I think may be the issue:
HKLM\Software\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-1409082233-329068152-839522115-1492\Group Membership\Group0 REG_SZ S-1-5-21-1409082233-329068152-839522115-513
The new exchange returned the same results as the Master DC but Group9 instead of Group12.
I removed the extra entry on the one DC and tweaked the Exchange Server to match the Master Registry with no success.
Using ADSIedit I manually removed Exchange objects from CN=Configuration and CN=Default Naming Context
This is the last thing that runs in the /prepareAD setup:
[06/11/2014 15:45:55.0803] [2] Used domain controller NOU08DC.nouveaueyewear.com to read object CN=Exchange Windows Permissions,OU=Microsoft Exchange Security Groups,DC=nouveaueyewear,DC=com.
This is in the AD Schema. Also Ive noticed the timestamp in the log generated is a few hours off. The above example was run 15 minutes ago.
- Edited by TheDude_68 Wednesday, June 11, 2014 6:05 PM Addtl info
I did a search of the registry on all my DCs. All 3 had these entries:
HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy\GroupMemebership\Group12 REG_SZ S-1-5-21-1409082233-329068152-839522115-513
HKLM\Software\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-1409082233-329068152-839522115-500\GroupMemebership\Group12 REG_SZ S-1-5-21-1409082233-329068152-839522115-513
HKUSERS\S-1-5-21-1409082233-329068152-839522115-500\Software\Microsoft\Windows\CurrentVersion\Group Policy\GroupMemebership\Group12 REG_SZ S-1-5-21-1409082233-329068152-839522115-513
The Master had this added entry (Im assuming because it is 64bit OS)
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-1409082233-329068152-839522115-500\GroupMemebership\Group12 REG_SZ S-1-5-21-1409082233-329068152-839522115-513
One DC had this extra entry which I think may be the issue:
HKLM\Software\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-1409082233-329068152-839522115-1492\Group Membership\Group0 REG_SZ S-1-5-21-1409082233-329068152-839522115-513
The new exchange returned the same results as the Master DC but Group9 instead of Group12.
I removed the extra entry on the one DC and tweaked the Exchange Server to match the Master Registry with no success.
Using ADSIedit I manually removed Exchange objects from CN=Configuration and CN=Default Naming Context
This is the last thing that runs in the /prepareAD setup:
[06/11/2014 15:45:55.0803] [2] Used domain controller NOU08DC.nouveaueyewear.com to read object CN=Exchange Windows Permissions,OU=Microsoft Exchange Security Groups,DC=nouveaueyewear,DC=com.
This is in the AD Schema. Also Ive noticed the timestamp in the log generated is a few hours off. The above example was run 15 minutes ago.
- Edited by TheDude_68 Wednesday, June 11, 2014 6:05 PM Addtl info
I'm marking this closed since it can't be fixed. Moving on. Thanks for the help everyone!!
Cheers.
- Marked as answer by TheDude_68 10 hours 58 minutes ago
I'm marking this closed since it can't be fixed. Moving on. Thanks for the help everyone!!
Cheers.
- Marked as answer by TheDude_68 Saturday, June 14, 2014 11:54 PM