Failed ADPrep CU 22
Jim Kennedy
First error is here:
[ERROR] The operation couldn't be performed because object 'Default Policy' couldn't be found on ‘DC’.
When we upgraded to 2016 I recall we had issues with the default policy and that seems to be the cause of this issue also. In the ECP we only show ‘New Default Policy’.
However in ADSI Edit I have two as below:
This one is called ‘Default Policy’ in ADSI edit, and is not in the ECP.
This one is the ‘New Default Policy’ that we do see in ADSI and ECP.
Based on the below conversation and the history I believe I need to delete the orphaned ‘default policy’ and perhaps set the policy order on ‘’New Default Policy’ to 2147483647 and perhaps even rename it?
https://community.spiceworks.com/topic/2335835-microsoft-exchange-upgrade-cu5-to-cu20-errors
Michael B. Smith
Would you do a “get-adobject -prop *” on both objects and post it? Feel free to send to me privately if you’d prefer.
Thanks.
--
You received this message because you are subscribed to the Google Groups "ntexchange" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
ntexchange+...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ntexchange/MN2PR11MB382139C035F94C60E90570DBF69C9%40MN2PR11MB3821.namprd11.prod.outlook.com.
Jim Kennedy
Appreciate the help sir.
CanonicalName : EDUNET.LOCAL/Configuration/Services/Microsoft Exchange/Elyria City Schools/Recipient Policies/New Default Policy
CN : New Default Policy
Created : 5/24/2021 10:19:19 AM
createTimeStamp : 5/24/2021 10:19:19 AM
Deleted :
Description :
DisplayName :
DistinguishedName : CN=New Default Policy,CN=Recipient Policies,CN=Elyria City Schools,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=EDUNET,DC=LOCAL
dSCorePropagationData : {12/31/1600 7:00:00 PM}
gatewayProxy : {smtp:%m...@elyriaschoolsorg.mail.onmicrosoft.com, smtp:%m...@edunet.local, SMTP:%m...@elyriaschools.org}
instanceType : 4
isDeleted :
LastKnownParent :
Modified : 5/25/2021 3:13:27 PM
modifyTimeStamp : 5/25/2021 3:13:27 PM
msExchLastAppliedRecipientFilter : Alias -ne $null
msExchMinAdminVersion : -2147453113
msExchPolicyOptionList : {252 28 73 38 80 158 87 72 134 27 12 184 223 34 181 215}
msExchPolicyOrder : 1
msExchPurportedSearchUI : {Microsoft.PropertyWell_QueryString=(mailNickname=*), Microsoft.PropertyWell_Items=0, DsQuery_EnableFilter=0, DsQuery_ViewMode=4868...}
msExchQueryFilter : Alias -ne $null
msExchQueryFilterMetadata : {Microsoft.Exchange12.8f91d340bc0c47e4b4058a479602f94c:RecipientFilterType=2, Microsoft.Exchange12.8f91d340bc0c47e4b4058a479602f94c:IncludedRecipients=-1}
msExchRecipientFilterFlags : 1
msExchVersion : 4535486012416
Name : New Default Policy
nTSecurityDescriptor : System.DirectoryServices.ActiveDirectorySecurity
ObjectCategory : CN=ms-Exch-Recipient-Policy,CN=Schema,CN=Configuration,DC=EDUNET,DC=LOCAL
ObjectClass : msExchRecipientPolicy
ObjectGUID : 10d54f63-7327-4c93-b2d7-23d0ae38f314
ProtectedFromAccidentalDeletion : False
purportedSearch : (mailNickname=*)
sDRightsEffective : 15
showInAdvancedViewOnly : True
systemFlags : 1073741824
uSNChanged : 88614552
uSNCreated : 88546763
whenChanged : 5/25/2021 3:13:27 PM
whenCreated : 5/24/2021 10:19:19 AM
CanonicalName : EDUNET.LOCAL/Configuration/Services/Microsoft Exchange/Elyria City Schools/Recipient Policies/Default Policy
CN : Default Policy
Created : 6/26/2001 11:22:47 AM
createTimeStamp : 6/26/2001 11:22:47 AM
Deleted :
Description :
DisplayName :
DistinguishedName : CN=Default Policy,CN=Recipient Policies,CN=Elyria City Schools,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=EDUNET,DC=LOCAL
dSCorePropagationData : {6/13/2017 10:34:17 AM, 12/31/1600 7:00:01 PM}
gatewayProxy : {smtp:@edunet.local, smtp:@ElyriaSchools.K12.oh.us, SMTP:@elyriaschools.org, X400:c=US;a= ;p=ECSD;o=ECSDNET;}
instanceType : 4
isDeleted :
LastKnownParent :
Modified : 5/24/2021 4:24:25 PM
modifyTimeStamp : 5/24/2021 4:24:25 PM
msExchMailboxManagerMode : 3
msExchMailboxManagerSendUserNotificationMail : False
msExchMailboxManagerUserMessageFooter : For additional information contact your Exchange Administrator.
msExchMailboxManagerUserMessageHeader : The Microsoft Exchange Server Mailbox Manager has performed an automated
cleanup of your mailbox.
msExchPolicyEnabled : True
msExchPolicyOrder : 2147483647
Name : Default Policy
nTSecurityDescriptor : System.DirectoryServices.ActiveDirectorySecurity
ObjectCategory : CN=ms-Exch-Recipient-Policy,CN=Schema,CN=Configuration,DC=EDUNET,DC=LOCAL
ObjectClass : msExchRecipientPolicy
ObjectGUID : c0e4ae15-5b14-4e6c-bc67-1423ab1b94a0
ProtectedFromAccidentalDeletion : False
purportedSearch : (mailnickname=*)
sDRightsEffective : 15
showInAdvancedViewOnly : True
systemFlags : 1610612736
uSNChanged : 88563705
uSNCreated : 11724
whenChanged : 5/24/2021 4:24:25 PM
whenCreated : 6/26/2001 11:22:47 AM
To view this discussion on the web visit https://groups.google.com/d/msgid/ntexchange/fcd41f58f8654cdfb8867af505645074%40smithcons.com.
Michael B. Smith
So, yeah, your current ‘default policy’ is holdover from Exchange 2000. I’m guessing it’s got some bad security on it. It should’ve been updated a long long time ago.
I recommend you ‘move’ the existing ‘default policy’ elsewhere (just as a temporary step) and set msExchPolicyEnabled=FALSE on it. Then, on the remaining policy:
[1] rename ‘new default policy’ to ‘default policy’
[2] set msExchPolicyEnabled=TRUE
[3] set msExchPolicyOrder=2147483647
[4] perhaps update gatewayProxy value if you still have any of those addresses
Then run your adprep. The above should clear the error.
Once you get through it, you should be clear to delete the old policy that you saved.
If that doesn’t fix it, I’ll need to see the ExchangeSetup log file.
Thanks.
Regards,
Michael B. Smith
To view this discussion on the web visit https://groups.google.com/d/msgid/ntexchange/MN2PR11MB3821E80069EA56F0CE9417C6F69C9%40MN2PR11MB3821.namprd11.prod.outlook.com.
Jim Kennedy
Yes, that policy has been through many upgrades. I now recall very vividly the pain it cause the last upgrade. Thank you so much for the assist Michael, the prep completed without error. I am good to go. The school is now just a side gig for me, but it is nice to get them through the tough spots. They don’t have anyone for that right now.
Jim
To view this discussion on the web visit https://groups.google.com/d/msgid/ntexchange/4583159b986449a8bd5498eca3656e4e%40smithcons.com.