Setup /PrepareAD fails during upgrading exchange 2003 to Exchange 2010 sp1

While migrating exchange 2003 server to exchange 2010, Active directory preparation part failed giving error after trying to modify the active directory.

Setup /PrepareLegacyExchangePermissions or setup /pl …….  COMPLETED successfully

Setup /PrepareSchema or setup /ps …. COMPLETED successfully

Setup /PrepareActiveDirectory or setup /prepareAD …. FAILED

“The following error was generated when “$error.Clear(); install-GlobalAddressLists -DomainController $RoleDomainController ” was run: “Active Directory operation failed on xxxAD.xxxx.com. The object ‘CN=Default Global Address List,CN=All Global Address Lists, CN=Address Lists Container,CN=xxxx, CN=Microsoft Exchange,CN=Services, CN=Configuration, DC=xxxx,DC=com’ already exists.”

While Googling the errors, all information pointed towards the access permission in “All Global Address Lists” container.

ran ADSIedit, Navigated to “All Global Address Lists” location through following steps

CN=All Global Address Lists,CN=Address Lists Container,CN=xxxx, CN=Microsoft Exchange, CN=Services, CN=Configuration, DC=xxxx,DC=com

Found a strange object “Default Global Address List” which was empty of any attributes. The only attribute could see was the Distinguished Name (DN) of  “Default Global Address List”.

Resolution:

Removed all the explicitly set permissions for Authenticated Users and Everyone group, which also removed any Deny permissions.

Rerun the setup.com /PrepareAD command switch and everything worked just fine this time.

Root Cause:

It was the Deny Read permission for the Authenticated Users and Everyone group that blocked the setup program from running the /PrepareAD.  The customer in his effort to hide the “Default Global Address List” probably made an administrator mistake and denied everyone the rights to read the “Default Global Address List”.

Advertisements

About Jayachandran PK
My passion is for Microsoft technologies and how if properly implemented, they can provide actual value for an organization especially in the field of infrastructure, virtualization and system monitoring. I work for the biggest Microsoft partner in Kuwait, specialized in project consultation and implementation services for enterprise clients. When I'm not at work, I try to contribute back through a charitable organization dedicated to prompting cultural values of Kerala. In my free time, I dabble in gardening and am also an avid solar power aficionado.

One Response to Setup /PrepareAD fails during upgrading exchange 2003 to Exchange 2010 sp1

  1. ed says:

    Excellent document. Root cause was completely accurate.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: