During Exchange 2007 installation, one of the steps that is required is to prepare your existing Active Directory Infrastructure for the Exchange Server installation. This will need to be done even if you are already using previous versions of Exchange as there are a number of Schema updates required for Exchange to function correctly.
To do this you need to run the following commands:
One of the processes that these commands performs is the preparation of the required permissions for the Exchange Services in your existing domain.
If these preparatory steps are not performed, then you will see, amongst other errors the "Exchange 2007 error : Process MAD.EXE (PID=1520). Topology discovery failed" this is caused because the Exchange Services don't have access to the Security log on the domain controllers.
This can very easily be resolved by modifying the Default Domain Controller's Policy.
Using the Group Policy Management Console, locate the Default Domain Controller Policy, right click on the policy and select Edit.
Once you have the Policy Editor open, navigate to Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment and locate the Manage auditing and security log setting.
Modify the entry for the groups that have permissions so that the Exchange Server group is included. If you still have Exchange 2003 in your enterprise then you will also need to ensure that Exchange Enterprise Servers is entered here. The groups should be entered in the format of DOMAIN\Exchange Server and DOMAIN\Exchange Enterprise Servers.
Make sure you use the browse option to find the group as there are no validation checks performed in the user interface, so if the group doesn't exist or is spelled incorrectly it will still include it.
This issue is not limited to Exchange 2007 and can also be seen in previous and newer versions of Exchange if the preparation tasks are not completed.
For more information on the Exchange preperation tasks please see the following: