locked
Exchange says my forest and domain are not up to date RRS feed

  • Dotaz

  •  We have 2 DCs running Server 2008 and 1 DC running 2008 R2. We just recently raised our functionality to 2008 which should be fine for the Exchange install. The installer is telling me that our AD is not up to date and is pre-2000. Both the Forest and the Domain are 2008 functionality.

    Also, the User that I am running the installation with is a domain, enterprise, and schema admin, but the Exchange setup is saying it cannot contact AD because the user is not an enterprise admin or schema admin.

    Does anyone have any advice? I know there is a similar post on here that describes the second issue that I am having. I have tried all the steps mentioned in that thread with no avail

    úterý 13. listopadu 2012 14:50

Odpovědi

  • I solved this by unjoining and rejoining the domain. I cant believe I didnt try that earlier. Sometimes we look for a complex answer, when all that is needed is a simple fix
    středa 21. listopadu 2012 20:38

Všechny reakce

  • Hi  ,

    Please create a new user and add the user to the same group with domain administrator, raise forest functional level and reinstall , verify if the account profile is corrupt.


    Wendy Liu

    TechNet Community Support




    • Upravený wendy_liu středa 14. listopadu 2012 9:54
    středa 14. listopadu 2012 9:49
  • Can you please post the last part of the ExchangeSetupLog? The file can be very long but you should be able to scroll back from the end and find the error about AD setup reported.

    Is this a single forest, single domain?


    Did my post help? Please use "Vote As Helpful", "Mark as answer" or "Propose as answer". Thank you!

    středa 14. listopadu 2012 10:17
  • Did you allow time for replication of the changes? If so, have you checked for AD Replication issues?

    Try running the repadmin /showrepl command on your DCs.

    If you are using AD Sites make sure you have a GC in the local site. Also, check the local IP configuration and the DNS servers for incorrect information.

    středa 14. listopadu 2012 10:46
  • [11/13/2012 14:42:10.0730] [1] Failed [Rule:SchemaUpdateRequired] [Message:The Active Directory schema isn't up-to-date, and this user account isn't a member of the 'Schema Admins' and/or 'Enterprise Admins' groups.]
    [11/13/2012 14:42:10.0730] [1] Failed [Rule:GlobalUpdateRequired] [Message:Global updates need to be made to Active Directory, and this user account isn't a member of the 'Enterprise Admins' group.]
    [11/13/2012 14:42:10.0730] [1] Failed [Rule:LocalDomainPrep] [Message:The local domain needs to be updated. You must be a member of the 'Domain Admins' group and 'Organization Management' role group, or 'Enterprise Admins' group to continue.]
    [11/13/2012 14:42:10.0730] [1] Failed [Rule:GlobalServerInstall] [Message:You must be a member of the 'Organization Management' role group or a member of the 'Enterprise Admins' group to continue.]
    [11/13/2012 14:42:10.0730] [1] Failed [Rule:DelegatedBridgeheadFirstInstall] [Message:You must use an account that's a member of the Organization Management role group to install or upgrade the first Mailbox server role in the topology.]
    [11/13/2012 14:42:10.0730] [1] Failed [Rule:DelegatedCafeFirstInstall] [Message:You must use an account that's a member of the Organization Management role group to install the first Client Access server role in the topology.]
    [11/13/2012 14:42:10.0730] [1] Failed [Rule:DelegatedFrontendTransportFirstInstall] [Message:You must use an account that's a member of the Organization Management role group to install the first Client Access server role in the topology.]
    [11/13/2012 14:42:10.0730] [1] Failed [Rule:DelegatedMailboxFirstInstall] [Message:You must use an account that's a member of the Organization Management role group to install or upgrade the first Mailbox server role in the topology.]
    [11/13/2012 14:42:10.0730] [1] Failed [Rule:DelegatedClientAccessFirstInstall] [Message:You must use an account that's a member of the Organization Management role group to install or upgrade the first Client Access server role in the topology.]
    [11/13/2012 14:42:10.0730] [1] Failed [Rule:DelegatedUnifiedMessagingFirstInstall] [Message:You must use an account that's a member of the Organization Management role group to install the first Mailbox server role in the topology.]
    [11/13/2012 14:42:10.0730] [1] Failed [Rule:AdInitErrorRule] [Message:Setup encountered a problem while validating the state of Active Directory: Exchange organization-level objects have not been created, and setup cannot create them because the local computer is not in the same domain and site as the schema master.  Run setup with the /prepareAD parameter on a computer in the domain kscfcu and site Deland, and wait for replication to complete.]
    [11/13/2012 14:42:10.0730] [1] Failed [Rule:ForestLevelNotWin2003Native] [Message:The forest functional level of the current Active Directory forest is not Windows Server 2003 native or later. To install Exchange Server 2013, the forest functional level must be at least Windows Server 2003 native.]
    [11/13/2012 14:42:10.0730] [1] Failed [Rule:CannotAccessAD] [Message:Either Active Directory doesn't exist, or it can't be contacted.]
    [11/13/2012 14:42:10.0730] [1] [REQUIRED] This computer requires the update described in Microsoft Knowledge Base article KB2619234 (http://go.microsoft.com/fwlink/?LinkId=262359). Without this update, the Outlook Anywhere feature may not work reliably.
    [11/13/2012 14:42:10.0730] [1] Help URL: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.Win7RpcHttpAssocCookieGuidUpdateNotInstalled.aspx
    [11/13/2012 14:42:10.0730] [1] [REQUIRED] The Active Directory schema isn't up-to-date, and this user account isn't a member of the 'Schema Admins' and/or 'Enterprise Admins' groups.
    [11/13/2012 14:42:10.0730] [1] Help URL: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.SchemaUpdateRequired.aspx
    [11/13/2012 14:42:10.0730] [1] [REQUIRED] Global updates need to be made to Active Directory, and this user account isn't a member of the 'Enterprise Admins' group.
    [11/13/2012 14:42:10.0730] [1] Help URL: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.GlobalUpdateRequired.aspx
    [11/13/2012 14:42:10.0730] [1] [REQUIRED] The local domain needs to be updated. You must be a member of the 'Domain Admins' group and 'Organization Management' role group, or 'Enterprise Admins' group to continue.
    [11/13/2012 14:42:10.0730] [1] Help URL: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.LocalDomainPrep.aspx
    [11/13/2012 14:42:10.0730] [1] [REQUIRED] You must be a member of the 'Organization Management' role group or a member of the 'Enterprise Admins' group to continue.
    [11/13/2012 14:42:10.0730] [1] Help URL: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.GlobalServerInstall.aspx
    [11/13/2012 14:42:10.0730] [1] [REQUIRED] You must use an account that's a member of the Organization Management role group to install or upgrade the first Mailbox server role in the topology.
    [11/13/2012 14:42:10.0730] [1] Help URL: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.DelegatedBridgeheadFirstInstall.aspx
    [11/13/2012 14:42:10.0730] [1] [REQUIRED] You must use an account that's a member of the Organization Management role group to install the first Client Access server role in the topology.
    [11/13/2012 14:42:10.0730] [1] Help URL: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.DelegatedCafeFirstInstall.aspx
    [11/13/2012 14:42:10.0730] [1] [REQUIRED] You must use an account that's a member of the Organization Management role group to install the first Client Access server role in the topology.
    [11/13/2012 14:42:10.0730] [1] Help URL: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.DelegatedFrontendTransportFirstInstall.aspx
    [11/13/2012 14:42:10.0730] [1] [REQUIRED] You must use an account that's a member of the Organization Management role group to install or upgrade the first Mailbox server role in the topology.
    [11/13/2012 14:42:10.0730] [1] Help URL: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.DelegatedMailboxFirstInstall.aspx
    [11/13/2012 14:42:10.0730] [1] [REQUIRED] You must use an account that's a member of the Organization Management role group to install or upgrade the first Client Access server role in the topology.
    [11/13/2012 14:42:10.0730] [1] Help URL: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.DelegatedClientAccessFirstInstall.aspx
    [11/13/2012 14:42:10.0730] [1] [REQUIRED] You must use an account that's a member of the Organization Management role group to install the first Mailbox server role in the topology.
    [11/13/2012 14:42:10.0730] [1] Help URL: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.DelegatedUnifiedMessagingFirstInstall.aspx
    [11/13/2012 14:42:10.0746] [1] [RECOMENDED] Setup will prepare the organization for Exchange 2013 by using 'Setup /PrepareAD'. No Exchange 2010 server roles have been detected in this topology. After this operation, you will not be able to install any Exchange 2010 servers.
    [11/13/2012 14:42:10.0746] [1] Help URL: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.NoE14ServerWarning.aspx
    [11/13/2012 14:42:10.0746] [1] [REQUIRED] Setup encountered a problem while validating the state of Active Directory: Exchange organization-level objects have not been created, and setup cannot create them because the local computer is not in the same domain and site as the schema master.  Run setup with the /prepareAD parameter on a computer in the domain kscfcu and site Deland, and wait for replication to complete.
    [11/13/2012 14:42:10.0746] [1] Help URL: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.AdInitErrorRule.aspx
    [11/13/2012 14:42:10.0746] [1] [REQUIRED] The forest functional level of the current Active Directory forest is not Windows Server 2003 native or later. To install Exchange Server 2013, the forest functional level must be at least Windows Server 2003 native.
    [11/13/2012 14:42:10.0746] [1] Help URL: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.ForestLevelNotWin2003Native.aspx
    [11/13/2012 14:42:10.0746] [1] [REQUIRED] Either Active Directory doesn't exist, or it can't be contacted.
    [11/13/2012 14:42:10.0746] [1] Help URL: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.CannotAccessAD.aspx
    [11/13/2012 14:42:10.0746] [1] Ending processing test-SetupPrerequisites
    [11/13/2012 15:59:01.0973] [0] The registry key, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ExchangeServer\V15\Setup, wasn't found.
    [11/13/2012 15:59:01.0973] [0] End of Setup
    [11/13/2012 15:59:01.0973] [0] **********************************************
    středa 14. listopadu 2012 17:18
  • This server was brand new install just for testing with Server 2008 R2 enterprise. I have tried two different profiles that are enterprise,schema, and domain admins. How can I raise my forest functional level when I am already on 2008? I have a mix of 2008 and 2008 R2 DCs so I cant raise my functional level any higher
    středa 14. listopadu 2012 17:22
  • Thanks for the reply stuart. Yes, Replication is working properly now. I raise the functionality level 3 days ago. Replication started working again the next morning as it should.

    DNS settings are correct as well.

    středa 14. listopadu 2012 17:24
  • Yes, single forest and single domain.
    středa 14. listopadu 2012 17:25
  • [11/13/2012 14:42:10.0730] [1] Failed [Rule:SchemaUpdateRequired] [Message:The Active Directory schema isn't up-to-date, and this user account isn't a member of the 'Schema Admins' and/or 'Enterprise Admins' groups.]
    [11/13/2012 14:42:10.0730] [1] Failed [Rule:GlobalUpdateRequired] [Message:Global updates need to be made to Active Directory, and this user account isn't a member of the 'Enterprise Admins' group.]
    [11/13/2012 14:42:10.0730] [1] Failed [Rule:LocalDomainPrep] [Message:The local domain needs to be updated. You must be a member of the 'Domain Admins' group and 'Organization Management' role group, or 'Enterprise Admins' group to continue.]
    [11/13/2012 14:42:10.0730] [1] Failed [Rule:GlobalServerInstall] [Message:You must be a member of the 'Organization Management' role group or a member of the 'Enterprise Admins' group to continue.]
    [11/13/2012 14:42:10.0730] [1] Failed [Rule:DelegatedBridgeheadFirstInstall] [Message:You must use an account that's a member of the Organization Management role group to install or upgrade the first Mailbox server role in the topology.]
    [11/13/2012 14:42:10.0730] [1] Failed [Rule:DelegatedCafeFirstInstall] [Message:You must use an account that's a member of the Organization Management role group to install the first Client Access server role in the topology.]
    [11/13/2012 14:42:10.0730] [1] Failed [Rule:DelegatedFrontendTransportFirstInstall] [Message:You must use an account that's a member of the Organization Management role group to install the first Client Access server role in the topology.]
    [11/13/2012 14:42:10.0730] [1] Failed [Rule:DelegatedMailboxFirstInstall] [Message:You must use an account that's a member of the Organization Management role group to install or upgrade the first Mailbox server role in the topology.]
    [11/13/2012 14:42:10.0730] [1] Failed [Rule:DelegatedClientAccessFirstInstall] [Message:You must use an account that's a member of the Organization Management role group to install or upgrade the first Client Access server role in the topology.]
    [11/13/2012 14:42:10.0730] [1] Failed [Rule:DelegatedUnifiedMessagingFirstInstall] [Message:You must use an account that's a member of the Organization Management role group to install the first Mailbox server role in the topology.]
    [11/13/2012 14:42:10.0730] [1] Failed [Rule:AdInitErrorRule] [Message:Setup encountered a problem while validating the state of Active Directory: Exchange organization-level objects have not been created, and setup cannot create them because the local computer is not in the same domain and site as the schema master.  Run setup with the /prepareAD parameter on a computer in the domain kscfcu and site Deland, and wait for replication to complete.]
    [11/13/2012 14:42:10.0730] [1] Failed [Rule:ForestLevelNotWin2003Native] [Message:The forest functional level of the current Active Directory forest is not Windows Server 2003 native or later. To install Exchange Server 2013, the forest functional level must be at least Windows Server 2003 native.]
    [11/13/2012 14:42:10.0730] [1] Failed [Rule:CannotAccessAD] [Message:Either Active Directory doesn't exist, or it can't be contacted.]
    [11/13/2012 14:42:10.0730] [1] [REQUIRED] This computer requires the update described in Microsoft Knowledge Base article KB2619234 (http://go.microsoft.com/fwlink/?LinkId=262359). Without this update, the Outlook Anywhere feature may not work reliably.
    [11/13/2012 14:42:10.0730] [1] Help URL: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.Win7RpcHttpAssocCookieGuidUpdateNotInstalled.aspx
    [11/13/2012 14:42:10.0730] [1] [REQUIRED] The Active Directory schema isn't up-to-date, and this user account isn't a member of the 'Schema Admins' and/or 'Enterprise Admins' groups.
    [11/13/2012 14:42:10.0730] [1] Help URL: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.SchemaUpdateRequired.aspx
    [11/13/2012 14:42:10.0730] [1] [REQUIRED] Global updates need to be made to Active Directory, and this user account isn't a member of the 'Enterprise Admins' group.
    [11/13/2012 14:42:10.0730] [1] Help URL: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.GlobalUpdateRequired.aspx
    [11/13/2012 14:42:10.0730] [1] [REQUIRED] The local domain needs to be updated. You must be a member of the 'Domain Admins' group and 'Organization Management' role group, or 'Enterprise Admins' group to continue.
    [11/13/2012 14:42:10.0730] [1] Help URL: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.LocalDomainPrep.aspx
    [11/13/2012 14:42:10.0730] [1] [REQUIRED] You must be a member of the 'Organization Management' role group or a member of the 'Enterprise Admins' group to continue.
    [11/13/2012 14:42:10.0730] [1] Help URL: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.GlobalServerInstall.aspx
    [11/13/2012 14:42:10.0730] [1] [REQUIRED] You must use an account that's a member of the Organization Management role group to install or upgrade the first Mailbox server role in the topology.
    [11/13/2012 14:42:10.0730] [1] Help URL: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.DelegatedBridgeheadFirstInstall.aspx
    [11/13/2012 14:42:10.0730] [1] [REQUIRED] You must use an account that's a member of the Organization Management role group to install the first Client Access server role in the topology.
    [11/13/2012 14:42:10.0730] [1] Help URL: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.DelegatedCafeFirstInstall.aspx
    [11/13/2012 14:42:10.0730] [1] [REQUIRED] You must use an account that's a member of the Organization Management role group to install the first Client Access server role in the topology.
    [11/13/2012 14:42:10.0730] [1] Help URL: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.DelegatedFrontendTransportFirstInstall.aspx
    [11/13/2012 14:42:10.0730] [1] [REQUIRED] You must use an account that's a member of the Organization Management role group to install or upgrade the first Mailbox server role in the topology.
    [11/13/2012 14:42:10.0730] [1] Help URL: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.DelegatedMailboxFirstInstall.aspx
    [11/13/2012 14:42:10.0730] [1] [REQUIRED] You must use an account that's a member of the Organization Management role group to install or upgrade the first Client Access server role in the topology.
    [11/13/2012 14:42:10.0730] [1] Help URL: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.DelegatedClientAccessFirstInstall.aspx
    [11/13/2012 14:42:10.0730] [1] [REQUIRED] You must use an account that's a member of the Organization Management role group to install the first Mailbox server role in the topology.
    [11/13/2012 14:42:10.0730] [1] Help URL: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.DelegatedUnifiedMessagingFirstInstall.aspx
    [11/13/2012 14:42:10.0746] [1] [RECOMENDED] Setup will prepare the organization for Exchange 2013 by using 'Setup /PrepareAD'. No Exchange 2010 server roles have been detected in this topology. After this operation, you will not be able to install any Exchange 2010 servers.
    [11/13/2012 14:42:10.0746] [1] Help URL: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.NoE14ServerWarning.aspx
    [11/13/2012 14:42:10.0746] [1] [REQUIRED] Setup encountered a problem while validating the state of Active Directory: Exchange organization-level objects have not been created, and setup cannot create them because the local computer is not in the same domain and site as the schema master.  Run setup with the /prepareAD parameter on a computer in the domain kscfcu and site Deland, and wait for replication to complete.
    [11/13/2012 14:42:10.0746] [1] Help URL: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.AdInitErrorRule.aspx
    [11/13/2012 14:42:10.0746] [1] [REQUIRED] The forest functional level of the current Active Directory forest is not Windows Server 2003 native or later. To install Exchange Server 2013, the forest functional level must be at least Windows Server 2003 native.
    [11/13/2012 14:42:10.0746] [1] Help URL: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.ForestLevelNotWin2003Native.aspx
    [11/13/2012 14:42:10.0746] [1] [REQUIRED] Either Active Directory doesn't exist, or it can't be contacted.
    [11/13/2012 14:42:10.0746] [1] Help URL: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.CannotAccessAD.aspx
    [11/13/2012 14:42:10.0746] [1] Ending processing test-SetupPrerequisites
    [11/13/2012 15:59:01.0973] [0] The registry key, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ExchangeServer\V15\Setup, wasn't found.
    [11/13/2012 15:59:01.0973] [0] End of Setup
    [11/13/2012 15:59:01.0973] [0] **********************************************

    According to the above logs, the account you attempted the install with wasn't a member of the Schema or Enterprise Admins groups.

    It also looks like the Exchange setup routine thinks you are in a different site or domain to the DC. You say you have a single domain so again, check the local IP configuration. You don't mention whether or not you are using multiple sites?

    It is easier to run the Schema and Active Directory preperation separately on a Domain Controller, preferrably the Schema Master (use 'dsquery server -hasfsmo schema' to establish which DC that is if you are unsure). Use the command line to run:

    setup /PrepareSchema /IAcceptExchangeServerLicenseTerms

    setup /PrepareAD /OrganizationName:"Your Organisation Name Here" /IAcceptExchangeServerLicenseTerms

    setup /PrepareDomain

    Allow time for replication between each step. In my case (Forest root and 2 child domains across 2 sites) that takes about 30 - 45 minutes because of the way I have designed the replication topology.

    Once you have run those routines successfully log onto the target server using the same account and run the Exchange server role installation.

    • Navržen jako odpověď wendy_liu středa 21. listopadu 2012 2:13
    čtvrtek 15. listopadu 2012 9:30
  • I solved this by unjoining and rejoining the domain. I cant believe I didnt try that earlier. Sometimes we look for a complex answer, when all that is needed is a simple fix
    středa 21. listopadu 2012 20:38
  • I had the same issue and this solved it. Thanks.
    středa 29. října 2014 17:42