Exchange 2010 well-known object entry install error

SNAGHTML1ca684cToday I was testing the installation of Exchange 2010 in a VMWare sandbox environment. We created the sandbox to test migration from a 2003 AD and Exchange environment to 2008 R2 with Exchange 2010.

We used a P2V to get real copies of the Active Directory and the AD upgrade to 2008 R2 was already tested.

But during the Exchange installation in the sandbox I got the following error:

The well-known object entry on the otherWellKnownObjects attribute in the container object CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=zorg,DC=local points to an invalid DN or a deleted object.  Remove the entry, and then rerun the task.

The setup log (located in C:\ExchangeSetupLogs) shows a little more detail:

The strange thing is that it’s referring to a deleted object (since it’s in the deleted objects container). So what’s going on?

I used the ldp.exe tool to connect to the deleted objects container and inspect the Organization Management object but I couldn’t find any invalid data in it. So I was looking at the wrong place

But if you break down the error message then it’s actually very clear where you need to look:

The attribute otherWellKnownObjects of the object CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=zorg,DC=local (which is a multivalued object) has a value that refers to a deleted item (B:32:C262A929D691B74A9E068728F8F842EA:CN=Organization Management\0ADEL:c1b94668-b67b-4231-8e5a-b11ecf5b7838,CN=Deleted Objects,DC=zorg,DC=local).

So I opened ADSI Edit and navigated to the Microsoft Exchange container:

CN=Microsoft Exchange, CN=Configuration

Then I looked at the properties of CN=Microsoft Exchange we can see the otherWellKnownObjects attribute:

otherWellKnownObjects Value

But unfortunately ADSI Edit cannot view or modify  this attribute:

There is no editor registered to handle this attribute type

My next attempt was ADExplorer from SysInternals (version 1.42). Once again I navigated to the Microsoft Exchange container:

Sysinternals Active Directory Explorer

AD Explorer has no problems showing the values:

otherWellKnownObjects Properties

I thought I was almost there: I right clicked the wellKnownObjects Attribute then Modify and after selecting the Deleted value I clicked Remove followed by OK:

Modify Attribute

And this made AD Explorer hang itsself:

AD Explorer Hangs

Followed by Crash:

AD Explorer Crashes

So I had to solve it myself with the help of a PowerShell script.

First I read the the otherWellKnownObjects attribute with PowerShell (I wrote about that earlier).

This returns a Collection that I walk backwards with a for loop, this is important when removing items in a collection during a loop (don’t shoot yourself in the foot).

For each item in the Collection I get the distinguishedName from the DNString property and if it contains “0ADEL” then I assume the object it refers to has been deleted so I remove this item from the Collection.

Finally I check if we have deleted at least one item and if so I call SetInfo() to commit the changes to Active Directory.

If you want to test the script, be sure to comment the SetInfo() call to prevent the actual deletion in your Active Directory!

Leave a Reply

  1. Pingback: The case of the duplicate SID’s

  2. Unfortunately your really helpful script does not work for me. Are you able to take a look at the error i got?
    That’ll be very kind!


    PS C:\Users\Administrator.INTRA\Desktop> .\exchange-del-obj.ps1
    Sie müssen auf der rechten Seite des Operators “-” einen Wertausdruck angeben.
    Bei C:\Users\Administrator.INTRA\Desktop\exchange-del-obj.ps1:13 Zeichen:39
    + for ($i=$objCol.Count-1; $i -ge 0; $i- <<<< )
    + CategoryInfo : ParserError: (:) [], ParseException
    + FullyQualifiedErrorId : ExpectedValueExpression

  3. Hi Joachim,

    It seems to go wrong at this part: $i– (did you make a typo?)
    Try replacing it with:
    $i = $i -1


  4. It is from your code above??

    # Walk though the Collection backwards (always do that when deleting items)
    for ($i=$objCol.Count-1; $i -ge 0; $i–)

    So can you give me the complete fixed line?

    Thanks a lot!!

  5. Joachim,

    I think in the copy/paste a minus sign was lost, the correct line is:
    # Walk though the Collection backwards (always do that when deleting items) for ($i=$objCol.Count-1; $i -ge 0; $i–)

    So after the last $i should follow 2 times minus sign


  6. I had to use LDP.EXE in order to cerrect this issue, the configuration was pointing to the wrong Groups, but them where not deleted.

    Connect to the Configuration container, navigate to Exchange Container and right click option modify, then insert the attribute name: otherWellKnownObjects, and replace as method.

    After that you will need to run setup with /preparead switch again,

  7. Awesome dude! helped me out so much! my exchange crashed, and coulnd reinstall.. but after this it can install again! cant thank you enough!

  8. It’s worked for me. Thanks! But I have modified the script as follows:

    if ($DNString.Contains(“0ADEL:d42”))

    where “:d42” is my incorrect record. And it have deleted only one record.

  9. Pingback: exchange 2013 failure to work after 2010 coexistance setup. Script to look for deleted well known objects atributes | digitalbamboo's Blog

  10. Pingback: Exchange 2013 fails to install and then when i get it installed I cant connect to the console administrative center | digitalbamboo's Blog