I have a unique and problematic situation, and am seeking additional help to resolve it. I have a client with Exchange 2003. I am in the process of trying to upgrade them to Exchange 2010. They have two DC's in the domain, and our a single site.
The problem is the previous admins employed by the organization were retards, who thought it would be a good idea to remove default permissions from critical groups within AD (Enterprise Admins and Schema Admins) to name a few, as well as heavily modify both the default domain group policy object, and the local security policy on both DCs to further restrict permissions.
As of now, I have stood up a new server that will become the new Exchange box. I have all the pre-reqs installed, and am at the point where I need to prepare the legacy exchange permissions. So I have the iso for Exchange 2010 mounted and verified. I using a elevated CMD prompt, run the command: "Setup /PrepareLegacyExchangePermissions".
The response is that I am not a member of the Enterprise Admins group. BTW the account I am using is not only a member of the Enterprise Admins group, but also the schema admins, and domain admins.
I have already restored the group structure in AD (making sure that the correct memberships are present for the above groups, and the administrator account. As well I have gone to top of the tree in ADUC and corrected the permissions where Enterprise Admins permission had been removed, and into the MMC and brought up the schema mgmt tool, and corrected the permissions there as well, but adding back in the schema admins group to the tree.
However, this is still not working. I can call MSFT if need be and I'm sure they can put it back the way it should be, but I would rather avoid that if I can.
Does anyone here know if there are any obscure permissions that Enterprise Admins, Domain Admins, and/or Schema admins need to have, in order to Prepare the Forest and Domain for Exchange 2010? As well where to set them at?
I have already done a side by side comparison with a healthy domain running Exch 10, and Server 08 DCs, have update ADUC, SCHMMGMT, permissions and inheritance. Where else do I need to look?