Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Exchange 2010 Installation

Posted on 2012-09-14
5
Medium Priority
?
97 Views
Last Modified: 2014-09-17
Hello Experts!

I have a unique and problematic situation, and am seeking additional help to resolve it. I have a client with Exchange 2003. I am in the process of trying to upgrade them to Exchange 2010. They have two DC's in the domain, and our a single site.

The problem is the previous admins employed by the organization were retards, who thought it would be a good idea to remove default permissions from critical groups within AD (Enterprise Admins and Schema Admins) to name a few, as well as heavily modify both the default domain group policy object, and the local security policy on both DCs to further restrict permissions.

As of now, I have stood up a new server that will become the new Exchange box. I have all the pre-reqs installed, and am at the point where I need to prepare the legacy exchange permissions. So I have the iso for Exchange 2010 mounted and verified. I using a elevated CMD prompt, run the command: "Setup /PrepareLegacyExchangePermissions".

The response is that I am not a member of the Enterprise Admins group. BTW the account I am using is not only a member of the Enterprise Admins group, but also the schema admins, and domain admins.

I have already restored the group structure in AD (making sure that the correct memberships are present for the above groups, and the administrator account. As well I have gone to top of the tree in ADUC and corrected the permissions where Enterprise Admins permission had been removed, and into the MMC and brought up the schema mgmt tool, and corrected the permissions there as well, but adding back in the schema admins group to the tree.

However, this is still not working. I can call MSFT if need be and I'm sure they can put it back the way it should be, but I would rather avoid that if I can.

Does anyone here know if there are any obscure permissions that Enterprise Admins, Domain Admins, and/or Schema admins need to have, in order to Prepare the Forest and Domain for Exchange 2010? As well where to set them at?

I have already done a side by side comparison with a healthy domain running Exch 10, and Server 08 DCs, have update ADUC, SCHMMGMT, permissions and inheritance. Where else do I need to look?
0
Comment
Question by:Ntiva
5 Comments
 
LVL 44

Expert Comment

by:Amit
ID: 38399168
You need to run from a server, where Schema role is present.
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 1500 total points
ID: 38399182
Have you reset the group policy settings?
You can get them back to the default. Follow these instructions

http://www.windowsitpro.com/article/group-policy/how-can-i-restore-the-contents-of-the-default-domain-and-default-domain-controller-dc-group-policy-objects-gpos-

You will have to reboot the domain controllers to get them to take full effect.

Although depending on the number of users, I would seriously considering a new forest/domain and start from scratch. you could end up chasing your tail for months if everything wasn't documented.

Simon.
0
 
LVL 23

Expert Comment

by:Stelian Stan
ID: 38399185
Like  amitkulshrestha mentioned run

netdom /query fsmo to find which server holds the schema master role

copy the content of Exchange DVD to a temp folder and run all the commands like
setup.exe /ps from that server
0
 

Author Comment

by:Ntiva
ID: 38399208
Dear amitkulshrestha,

I am running that command from the schema master DC.

Simon,

I thought about rolling back the changes, and am not opposed to it, as once again, bad practice to modify the default domain policy, better at least in my opinion, to create separate policies for each group of configurations, so that you can easily roll it back, but still.

Creating a new Forest/Domain, has been considered, but not very practical, I will try the article this weekend and report back, please continue to answer however :)
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 38399765
A new forest may not be practical in the short term, but if the domain has been mucked about with to the levels you have indicated you may not have much choice. Short term pain for long term gain.

Simon.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Are you looking for the options available for exporting EDB files to PST? You may be confused as they are different in different Exchange versions. Here, I will discuss some options available.
If something goes wrong with Exchange, your IT resources are in trouble.All Exchange server migration processes are not designed to be identical and though migrating email from on-premises Exchange mailbox to Cloud’s Office 365 is relatively simple…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Suggested Courses

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question