Ramblings of an IT Junkie

Exchange 2007 Active Directory Nightmare March 24, 2010

Today we decided to reinstall our test Exchange Server 2007 since we needed to use the machine it was originally slated to be on for something else. Unfortunately, we couldn’t just “reinstall” exchange in the domain due to Active Directory Nightmares.

I spent nearly 2 hours trying to solve this problem before finally hitting on the solution.

The problem occured because we had deleted the Security OU from the Active Directory (we had numerous orphaned Exchange 2007 objects and duplicates from failed installs). We did this because we wanted a fresh start for the install in the AD. We started receiving the following errors however during the install:

The well-known object entry B:32:A7D2016C83F003458132789EEB127B84:CN=Exchange Servers1ADEL:e6db790a-2bdf-4cf6-948e-e10fa2fd74da,CN=Deleted Objects,DC=bryan,DC=local of the otherWellKnownObjects attribute on container object CN=Configuration,DC=bryan,DC=local points to an invalid DN or a deleted object.

Let the nightmare begin.

 As Falstaff said: “The better part of valor is discretion” (Henry IV, Part I, Act V, Scene IV)

However, we’re gung-ho IT pros, so discretion isn’t in our dictionaries or vocabularies. Due to an oversight by deleting an entire OU without knowing all the full ramifications. Thankfully, even though we are in an enterprise where we have both Exchange 2003 and Exchange 2007, this OU didn’t affect our mail ability.

The fix took me two hours of searching, piecing together, and experimenting to finally find the appropriate solution. Of course, the example on Microsoft’s site really fit the bill, and would have saved me two hours of searching had Google not failed me.

You can read the complete article here: http://technet.microsoft.com/en-us/library/bb288907(EXCHG.80).aspx

But I’ll save you some time by pinpointing the exact solution to the problem.

1. If you don’t have it, get Ldp.exe as it is one of the MOST invaluable AD Tools you can have.
   
2. Run Ldp.exe and connect to your domain
   
3. Expand Configuration >> Services and double click on Microsoft Exchange.
   
4. Right click on Microsfot Exchange, and select Modify.
   
5. Type otherWellKnownObjects into the Edit Entry Attribute field.
   
6. Select the Delete option
   
7. In the ldp.exe results pane (the right hand side) find otherWellKnownObjects.
   
   1. Copy the entry and paste into notepad
      

      
      

   2. Organize to taste
      
   3. Select an entire entry (leave out the trailing semi-colon)
      
   4. Paste the entry into the Values textbox of the Modify dialog box, then press the Insert button.
      

      
      

   5. Repeat for each entry.
      
8. Once you have all the Entries in the box, hit the Run button.
   

Voila!

You have cleared the issue, and should now be able to rerun Exchange 2007′s setup /p and have it complete successfully.

If you have any other further questions or problems, feel free to ask, and I’ll help you out how I can.