Exchange 2007 sp2 & Organization Preparation error: the object cn=,cn=,does not exist
Hello
I am getting the follow error when trying to install service pack 2 for exchange 2007 on my cas server.
It looks like the schema update is failing.
Organization Preparation Failed
Error:
Active Directory operation failed on myadserver.mycompany.local. The object 'CN=Default Global Address List,CN=All Global Address Lists,CN=Address Lists Container,CN=mycompany,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=mycompany,DC=local' already exists.
This is a hosting environment based on this ms article: http://technet.microsoft.com/en-us/exchange/bb936719.aspx
My first thought is that is has something to do with the hosting setup done in this article.
regards
kjetil
Answers
- Just an update on this if anyone has the same problem
I reset the permissions with dsacls > installed sp2 > and removed the permissions again as the white paper states.
Worked ok
Kjetil- Marked As Answer byHvarnes Thursday, September 24, 2009 6:16 PM
All Replies
Hi,
First please use ADSIedit.msc to check the permission on Default Global Address List, especially for “authenticated users” “everyone”
$GAL = “CN=default global address lists, CN=all global address list, CN=address list container, CN=organization, CN=Microsoft exchange, CN=services, CN=configuration, dc=domain, dc=com”
Get-adpermission $gal –user “authenticated users”
Get-adpermission $gal –user “everyone”
Use DSACLS to grant permission
Exchange 2003 / 2007 Address List Segregation Document - Updates!!
Regards,
Xiu
- Thank you for reply
If I grant authenticated users and everyone permission to the Default GAL, then all companies on this hosting solution will see each other.
Every company on this solution has its own GAL. I can not do that.
Or did you mean that I could grant grant authenticated users and everyone the correct permission > install sp2 > remove permission for authencated users and everyone after sp2 install?
Regards
Kjetil - I'm in exactlly the same situation. Sure there must be an easyer way round this...
JEames - Hi,
From the document I note that for default global address list we have to run the cmdlt below to restirct the permission.
Add-ADPermission -User "Authenticated Users" -AccessRights GenericRead -ExtendedRights Open-Address-Book -Deny:$True
So far,I think you'd better to grant the proper permission and then apply sp2 again.
Regards,
Xiu Ok.
It is not a big deal to grant the proper permission for the default GAL and apply sp2 and then remove the permissions again, but I fear I will run into problems with the other companies GAL`s.
I will test this as soon as I can.
And I will check the posts at the hosting forum to see if anyone has the same problem before I give it a go: http://forums.asp.net/default.aspx/29
Thanks Xiu
Regards
Kjetil- Just an update on this if anyone has the same problem
I reset the permissions with dsacls > installed sp2 > and removed the permissions again as the white paper states.
Worked ok
Kjetil- Marked As Answer byHvarnes Thursday, September 24, 2009 6:16 PM
- I ended up doing the same, no problems till now.
A bit of a shame that the deployment of a SP requieres touching ACLs, IMHO this shoud be done better...
JEames - Hvarnes and Jason; can any of you provide me with the exact DSACLS command you used? I have the same config as you but I can`t seem to get DSACLS /S to work!
