• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 100
  • Last Modified:

Exchange 2010 Installation

Hello Experts!

I have a unique and problematic situation, and am seeking additional help to resolve it. I have a client with Exchange 2003. I am in the process of trying to upgrade them to Exchange 2010. They have two DC's in the domain, and our a single site.

The problem is the previous admins employed by the organization were retards, who thought it would be a good idea to remove default permissions from critical groups within AD (Enterprise Admins and Schema Admins) to name a few, as well as heavily modify both the default domain group policy object, and the local security policy on both DCs to further restrict permissions.

As of now, I have stood up a new server that will become the new Exchange box. I have all the pre-reqs installed, and am at the point where I need to prepare the legacy exchange permissions. So I have the iso for Exchange 2010 mounted and verified. I using a elevated CMD prompt, run the command: "Setup /PrepareLegacyExchangePermissions".

The response is that I am not a member of the Enterprise Admins group. BTW the account I am using is not only a member of the Enterprise Admins group, but also the schema admins, and domain admins.

I have already restored the group structure in AD (making sure that the correct memberships are present for the above groups, and the administrator account. As well I have gone to top of the tree in ADUC and corrected the permissions where Enterprise Admins permission had been removed, and into the MMC and brought up the schema mgmt tool, and corrected the permissions there as well, but adding back in the schema admins group to the tree.

However, this is still not working. I can call MSFT if need be and I'm sure they can put it back the way it should be, but I would rather avoid that if I can.

Does anyone here know if there are any obscure permissions that Enterprise Admins, Domain Admins, and/or Schema admins need to have, in order to Prepare the Forest and Domain for Exchange 2010? As well where to set them at?

I have already done a side by side comparison with a healthy domain running Exch 10, and Server 08 DCs, have update ADUC, SCHMMGMT, permissions and inheritance. Where else do I need to look?
1 Solution
AmitIT ArchitectCommented:
You need to run from a server, where Schema role is present.
Simon Butler (Sembee)ConsultantCommented:
Have you reset the group policy settings?
You can get them back to the default. Follow these instructions


You will have to reboot the domain controllers to get them to take full effect.

Although depending on the number of users, I would seriously considering a new forest/domain and start from scratch. you could end up chasing your tail for months if everything wasn't documented.

Stelian StanNetwork AdministratorCommented:
Like  amitkulshrestha mentioned run

netdom /query fsmo to find which server holds the schema master role

copy the content of Exchange DVD to a temp folder and run all the commands like
setup.exe /ps from that server
NtivaAuthor Commented:
Dear amitkulshrestha,

I am running that command from the schema master DC.


I thought about rolling back the changes, and am not opposed to it, as once again, bad practice to modify the default domain policy, better at least in my opinion, to create separate policies for each group of configurations, so that you can easily roll it back, but still.

Creating a new Forest/Domain, has been considered, but not very practical, I will try the article this weekend and report back, please continue to answer however :)
Simon Butler (Sembee)ConsultantCommented:
A new forest may not be practical in the short term, but if the domain has been mucked about with to the levels you have indicated you may not have much choice. Short term pain for long term gain.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: SQL Server Core 2016

This course will introduce you to SQL Server Core 2016, as well as teach you about SSMS, data tools, installation, server configuration, using Management Studio, and writing and executing queries.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now