Failed ADPrep CU 22

1 view
Skip to first unread message

Jim Kennedy

unread,
Nov 19, 2021, 8:52:19 AM11/19/21
to ntexc...@googlegroups.com

 

First error is here:

 

[ERROR] The operation couldn't be performed because object 'Default Policy' couldn't be found on ‘DC’.

 

When we upgraded to 2016 I recall we had issues with the default policy and that seems to be the cause of this issue also. In the ECP we only show ‘New Default Policy’.

 

However in ADSI Edit I have two as below:

 

This one is called ‘Default Policy’ in ADSI edit, and is not in the ECP.

 

 

This one is the ‘New Default Policy’ that we do see in ADSI and ECP.

 

 

 

Based on the below conversation and the history I believe I need to delete the orphaned ‘default policy’ and perhaps set the policy order on ‘’New Default Policy’ to 2147483647 and perhaps even rename it?

 

https://community.spiceworks.com/topic/2335835-microsoft-exchange-upgrade-cu5-to-cu20-errors

 

 

Michael B. Smith

unread,
Nov 19, 2021, 9:25:30 AM11/19/21
to ntexc...@googlegroups.com

Would you do a “get-adobject -prop *” on both objects and post it? Feel free to send to me privately if you’d prefer.

 

Thanks.

--
You received this message because you are subscribed to the Google Groups "ntexchange" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ntexchange+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ntexchange/MN2PR11MB382139C035F94C60E90570DBF69C9%40MN2PR11MB3821.namprd11.prod.outlook.com.

Jim Kennedy

unread,
Nov 19, 2021, 10:00:40 AM11/19/21
to ntexc...@googlegroups.com

Appreciate the help sir.

 

 

CanonicalName                    : EDUNET.LOCAL/Configuration/Services/Microsoft Exchange/Elyria City Schools/Recipient Policies/New Default Policy

CN                               : New Default Policy

Created                          : 5/24/2021 10:19:19 AM

createTimeStamp                  : 5/24/2021 10:19:19 AM

Deleted                          :

Description                      :

DisplayName                      :

DistinguishedName                : CN=New Default Policy,CN=Recipient Policies,CN=Elyria City Schools,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=EDUNET,DC=LOCAL

dSCorePropagationData            : {12/31/1600 7:00:00 PM}

gatewayProxy                     : {smtp:%m...@elyriaschoolsorg.mail.onmicrosoft.com, smtp:%m...@edunet.local, SMTP:%m...@elyriaschools.org}

instanceType                     : 4

isDeleted                        :

LastKnownParent                  :

Modified                         : 5/25/2021 3:13:27 PM

modifyTimeStamp                  : 5/25/2021 3:13:27 PM

msExchLastAppliedRecipientFilter : Alias -ne $null

msExchMinAdminVersion            : -2147453113

msExchPolicyOptionList           : {252 28 73 38 80 158 87 72 134 27 12 184 223 34 181 215}

msExchPolicyOrder                : 1

msExchPurportedSearchUI          : {Microsoft.PropertyWell_QueryString=(mailNickname=*), Microsoft.PropertyWell_Items=0, DsQuery_EnableFilter=0, DsQuery_ViewMode=4868...}

msExchQueryFilter                : Alias -ne $null

msExchQueryFilterMetadata        : {Microsoft.Exchange12.8f91d340bc0c47e4b4058a479602f94c:RecipientFilterType=2, Microsoft.Exchange12.8f91d340bc0c47e4b4058a479602f94c:IncludedRecipients=-1}

msExchRecipientFilterFlags       : 1

msExchVersion                    : 4535486012416

Name                             : New Default Policy

nTSecurityDescriptor             : System.DirectoryServices.ActiveDirectorySecurity

ObjectCategory                   : CN=ms-Exch-Recipient-Policy,CN=Schema,CN=Configuration,DC=EDUNET,DC=LOCAL

ObjectClass                      : msExchRecipientPolicy

ObjectGUID                       : 10d54f63-7327-4c93-b2d7-23d0ae38f314

ProtectedFromAccidentalDeletion  : False

purportedSearch                  : (mailNickname=*)

sDRightsEffective                : 15

showInAdvancedViewOnly           : True

systemFlags                      : 1073741824

uSNChanged                       : 88614552

uSNCreated                       : 88546763

whenChanged                      : 5/25/2021 3:13:27 PM

whenCreated                      : 5/24/2021 10:19:19 AM

 

 

 

 

CanonicalName                                : EDUNET.LOCAL/Configuration/Services/Microsoft Exchange/Elyria City Schools/Recipient Policies/Default Policy

CN                                           : Default Policy

Created                                      : 6/26/2001 11:22:47 AM

createTimeStamp                              : 6/26/2001 11:22:47 AM

Deleted                                      :

Description                                  :

DisplayName                                  :

DistinguishedName                            : CN=Default Policy,CN=Recipient Policies,CN=Elyria City Schools,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=EDUNET,DC=LOCAL

dSCorePropagationData                        : {6/13/2017 10:34:17 AM, 12/31/1600 7:00:01 PM}

gatewayProxy                                 : {smtp:@edunet.local, smtp:@ElyriaSchools.K12.oh.us, SMTP:@elyriaschools.org, X400:c=US;a= ;p=ECSD;o=ECSDNET;}

instanceType                                 : 4

isDeleted                                    :

LastKnownParent                              :

Modified                                     : 5/24/2021 4:24:25 PM

modifyTimeStamp                              : 5/24/2021 4:24:25 PM

msExchMailboxManagerMode                     : 3

msExchMailboxManagerSendUserNotificationMail : False

msExchMailboxManagerUserMessageFooter        : For additional information contact your Exchange Administrator.

msExchMailboxManagerUserMessageHeader        : The Microsoft Exchange Server Mailbox Manager has performed an automated

                                               cleanup of your mailbox.

msExchPolicyEnabled                          : True

msExchPolicyOrder                            : 2147483647

Name                                         : Default Policy

nTSecurityDescriptor                         : System.DirectoryServices.ActiveDirectorySecurity

ObjectCategory                               : CN=ms-Exch-Recipient-Policy,CN=Schema,CN=Configuration,DC=EDUNET,DC=LOCAL

ObjectClass                                  : msExchRecipientPolicy

ObjectGUID                                   : c0e4ae15-5b14-4e6c-bc67-1423ab1b94a0

ProtectedFromAccidentalDeletion              : False

purportedSearch                              : (mailnickname=*)

sDRightsEffective                            : 15

showInAdvancedViewOnly                       : True

systemFlags                                  : 1610612736

uSNChanged                                   : 88563705

uSNCreated                                   : 11724

whenChanged                                  : 5/24/2021 4:24:25 PM

whenCreated                                  : 6/26/2001 11:22:47 AM

Michael B. Smith

unread,
Nov 19, 2021, 10:39:07 AM11/19/21
to ntexc...@googlegroups.com

So, yeah, your current ‘default policy’ is holdover from Exchange 2000. I’m guessing it’s got some bad security on it. It should’ve been updated a long long time ago.

 

I recommend you ‘move’ the existing ‘default policy’ elsewhere (just as a temporary step) and set msExchPolicyEnabled=FALSE on it. Then, on the remaining policy:

 

               [1] rename ‘new default policy’ to ‘default policy’

[2] set msExchPolicyEnabled=TRUE

[3] set msExchPolicyOrder=2147483647

[4] perhaps update gatewayProxy value if you still have any of those addresses

 

Then run your adprep. The above should clear the error.

 

Once you get through it, you should be clear to delete the old policy that you saved.

 

If that doesn’t fix it, I’ll need to see the ExchangeSetup log file.

 

Thanks.

 

Regards,

Michael B. Smith

Jim Kennedy

unread,
Nov 19, 2021, 1:13:02 PM11/19/21
to ntexc...@googlegroups.com

Yes, that policy has been through many upgrades. I now recall very vividly the pain it cause the last upgrade. Thank you so much for the assist Michael, the prep completed without error. I am good to go. The school is now just a side gig for me, but it is nice to get them through the tough spots. They don’t have anyone for that right now.

 

Jim

Reply all
Reply to author
Forward
0 new messages