• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1646
  • Last Modified:

Getting an error when trying to remove the last legacy exchange server

I've followed the article on Microsoft TechNet on removing the last legacy Exchange 2003 server, but I'm running into an error when running the last command:

Remove-ADPermission "dc=<Domain>" -user "<RootDomain>\Exchange Servers"  -AccessRights WriteDACL -InheritedObjectType Group

When I run this command in the Exchange Management Shell, I get an error that says,
"Remove-ADPermission: "dc=<my domain name>" was not found.  Please make sure you have typed it correctly."

Can anyone shed any light on this one?  Does this mean that this command has alrady been exectued previously?
Thanks.
0
luchianoduckman
Asked:
luchianoduckman
  • 5
  • 4
1 Solution
 
theras2000Commented:
Well in your command, it appears that you're missing a space after the -user.
I think the "" should go after the = sign for the dc=, and after the space on -user .
0
 
luchianoduckmanAuthor Commented:
Oh weird.  No I did put a space there.  Here is the text of my exact command as I typed it in the console window (with my domain name replaced with "<my domain name>"):


[PS] C:\Windows\System32>Remove-ADPermission "dc=<my domain name>" -user "<my domain name>\Exchange Servers" -AccessRights WriteDACL -InheritedObjectType Group
Remove-ADPermission : dc=<my domain name> was not found. Please make sure you hav
e typed it correctly.
At line:1 char:20
+ Remove-ADPermission  <<<< "dc=<my domain name>" -user "<my domain name>\Exchange
Servers" -AccessRights WriteDACL -InheritedObjectType Group


This is really strange.  Makes me think that perhaps this command was already run previously and may or may not have completed successfully.
0
 
FearNoMoreCommented:
Whats the name of your domain?
If your domain name is xyz..com you need to specify
Remove-adpermission "dc=xyz,dc=com"  -user "xyz..com\Exchange
Servers" -AccessRights WriteDACL -InheritedObjectType Group

0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
luchianoduckmanAuthor Commented:
Understood.....
Remove-adpermission "dc=xyz" -user "xyz.com\Exchange
Servers" -AccessRights WriteDACL -InheritedObjectType Group

I did not however include "dc=com".  I wondered about that.
 
0
 
FearNoMoreCommented:
Ideally you should include it but management shell recognized it fine for you.
So now that the command was successful, you can proceed with the decommissioning of the legacy server
0
 
luchianoduckmanAuthor Commented:
including "dc=com" got me a little farther, but now I'm getting the following error:

Remove-ADPermission : Cannot remove ACE on object "DC=xyz,DC=com" fo
r account "xyz\Exchange Servers" because it is not present.
At line:1 char:20
+ Remove-ADPermission <<<< "dc=xyz,dc=com" -user "xyz.co
m\Exchange Servers" -AccessRights WriteDACL -InheritedObjectType Group
0
 
FearNoMoreCommented:
Use this command:
Remove-ADPermission "dc=xyz,dc=com" -user "xyz.com\Exchange Enterprise Servers" -AccessRights WriteDACL -InheritedObjectType Group
0
 
luchianoduckmanAuthor Commented:
Ok thanks.  Before doing so, I can't find a group or object called "Exchange Enterprise Servers".  However I do have one called "Exchange Servers".

I just want to make sure that I'm not going to blow something up.
What does this command do anyway?  Why do they tell you to run it?
Thanks again.
0
 
luchianoduckmanAuthor Commented:
Nice.  This worked.  Thank you!!
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now