$theTitle=wp_title(" - ", false); if($theTitle != "") { ?>
About Virtualization, VDI, SBC, Application Compatibility and anything else I feel like
24 Jun // php the_time('Y') ?>
Today I was testing the installation of Exchange 2010 in a VMWare sandbox environment. We created the sandbox to test migration from a 2003 AD and Exchange environment to 2008 R2 with Exchange 2010.
We used a P2V to get real copies of the Active Directory and the AD upgrade to 2008 R2 was already tested.
But during the Exchange installation in the sandbox I got the following error:
The setup log (located in C:\ExchangeSetupLogs) shows a little more detail:
1 2 3 4 5 6 7 8 9 10 11 12 | [06-22-2011 11:28:58.0530] [2] [ERROR] Unexpected Error [06-22-2011 11:28:58.0530] [2] [ERROR] The well-known object entry B:32:C262A929D691B74A9E068728F8F842EA:CN=Organization Management\0ADEL:c1b94668-b67b-4231-8e5a-b11ecf5b7838,CN=Deleted Objects,DC=zorg,DC=local on the otherWellKnownObjects attribute in the container object CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=zorg,DC=local points to an invalid DN or a deleted object. Remove the entry, and then rerun the task. [06-22-2011 11:28:58.0546] [2] Ending processing initialize-ExchangeUniversalGroups [06-22-2011 11:28:58.0546] [1] The following 1 error(s) occurred during task execution: [06-22-2011 11:28:58.0546] [1] 0. ErrorRecord: The well-known object entry B:32:C262A929D691B74A9E068728F8F842EA:CN=Organization Management\0ADEL:c1b94668-b67b-4231-8e5a-b11ecf5b7838,CN=Deleted Objects,DC=zorg,DC=local on the otherWellKnownObjects attribute in the container object CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=zorg,DC=local points to an invalid DN or a deleted object. Remove the entry, and then rerun the task. [06-22-2011 11:28:58.0546] [1] 0. ErrorRecord: Microsoft.Exchange.Management.Tasks.InvalidWKObjectException: The well-known object entry B:32:C262A929D691B74A9E068728F8F842EA:CN=Organization Management\0ADEL:c1b94668-b67b-4231-8e5a-b11ecf5b7838,CN=Deleted Objects,DC=zorg,DC=local on the otherWellKnownObjects attribute in the container object CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=zorg,DC=local points to an invalid DN or a deleted object. Remove the entry, and then rerun the task. [06-22-2011 11:28:58.0546] [1] [ERROR] The following error was generated when "$error.Clear(); initialize-ExchangeUniversalGroups -DomainController $RoleDomainController -ActiveDirectorySplitPermissions $RoleActiveDirectorySplitPermissions " was run: "The well-known object entry B:32:C262A929D691B74A9E068728F8F842EA:CN=Organization Management\0ADEL:c1b94668-b67b-4231-8e5a-b11ecf5b7838,CN=Deleted Objects,DC=zorg,DC=local on the otherWellKnownObjects attribute in the container object CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=zorg,DC=local points to an invalid DN or a deleted object. Remove the entry, and then rerun the task.". [06-22-2011 11:28:58.0546] [1] [ERROR] The well-known object entry B:32:C262A929D691B74A9E068728F8F842EA:CN=Organization Management\0ADEL:c1b94668-b67b-4231-8e5a-b11ecf5b7838,CN=Deleted Objects,DC=zorg,DC=local on the otherWellKnownObjects attribute in the container object CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=zorg,DC=local points to an invalid DN or a deleted object. Remove the entry, and then rerun the task. [06-22-2011 11:28:58.0546] [1] [ERROR-REFERENCE] Id=443949901 Component= |
The strange thing is that it’s referring to a deleted object (since it’s in the deleted objects container). So what’s going on?
I used the ldp.exe tool to connect to the deleted objects container and inspect the Organization Management object but I couldn’t find any invalid data in it. So I was looking at the wrong place
But if you break down the error message then it’s actually very clear where you need to look:
The attribute otherWellKnownObjects of the object CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=zorg,DC=local (which is a multivalued object) has a value that refers to a deleted item (B:32:C262A929D691B74A9E068728F8F842EA:CN=Organization Management\0ADEL:c1b94668-b67b-4231-8e5a-b11ecf5b7838,CN=Deleted Objects,DC=zorg,DC=local).
So I opened ADSI Edit and navigated to the Microsoft Exchange container:
Then I looked at the properties of CN=Microsoft Exchange we can see the otherWellKnownObjects attribute:
But unfortunately ADSI Edit cannot view or modify this attribute:
My next attempt was ADExplorer from SysInternals (version 1.42). Once again I navigated to the Microsoft Exchange container:
AD Explorer has no problems showing the values:
I thought I was almost there: I right clicked the wellKnownObjects Attribute then Modify and after selecting the Deleted value I clicked Remove followed by OK:
And this made AD Explorer hang itsself:
Followed by Crash:
So I had to solve it myself with the help of a PowerShell script.
First I read the the otherWellKnownObjects attribute with PowerShell (I wrote about that earlier).
This returns a Collection that I walk backwards with a for loop, this is important when removing items in a collection during a loop (don’t shoot yourself in the foot).
For each item in the Collection I get the distinguishedName from the DNString property and if it contains “0ADEL” then I assume the object it refers to has been deleted so I remove this item from the Collection.
Finally I check if we have deleted at least one item and if so I call SetInfo() to commit the changes to Active Directory.
If you want to test the script, be sure to comment the SetInfo() call to prevent the actual deletion in your Active Directory!
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 | # Get Microsoft Exchange Container $objDE = New-Object System.DirectoryServices.DirectoryEntry $ExchangeDN = [string]::Concat("LDAP://CN=Microsoft Exchange,CN=Services,CN=Configuration,", $objDE.distinguishedName) $objCN = New-Object System.DirectoryServices.DirectoryEntry($ExchangeDN) $gp = [Reflection.Bindingflags]::GetProperty # get otherWellKnownObjects Collection $objCol = $objCN.otherWellKnownObjects $delCount = 0 # Walk though the Collection backwards (always do that when deleting items) for ($i=$objCol.Count-1; $i -ge 0; $i--) { $objWKO = $objCol[$i] $objType = $objWKO.GetType() # Get the distinguishedName $DNString = $objType.InvokeMember("DNString", $gp, $null, $objWKO, $null) $BV = $objType.InvokeMember("BinaryValue", $gp, $null, $objWKO, $null) $Guid = [GUID][System.BitConverter]::ToString($BV).Replace("-", "") Write-Host "DNString: $DNString" Write-Host "Guid: $Guid" # Check if the item was deleted if ($DNString.Contains("0ADEL")) { Write-Host "This is a Deleted Item" -foregroundcolor Red # Remove the item (WARNING: No Confirmation asked) $objCol.RemoveAt($i) Write-Host "Object Removed" -foregroundcolor Red $DelCount++ } } # Did we delete something? if ($DelCount -gt 0) { Write-Host "Commiting Changes" -foregroundcolor Blue # Commit changes, remove this line if you just want to test # If you don't commit you will not delete anything $objCN.SetInfo() } |
25 Responses for "Exchange 2010 well-known object entry install error"
[…] command will delete BOTH objects having the same sid!Sidenote: It seems that the problem with the otherWellKnownObjects attribute I described earlier was actually caused by the Exchange Setup as well!My recommendations for P2V of Domain […]
Unfortunately your really helpful script does not work for me. Are you able to take a look at the error i got?
That’ll be very kind!
Greetings,
Joachim
—–
PS C:\Users\Administrator.INTRA\Desktop> .\exchange-del-obj.ps1
Sie müssen auf der rechten Seite des Operators “-” einen Wertausdruck angeben.
Bei C:\Users\Administrator.INTRA\Desktop\exchange-del-obj.ps1:13 Zeichen:39
+ for ($i=$objCol.Count-1; $i -ge 0; $i- <<<< )
+ CategoryInfo : ParserError: (:) [], ParseException
+ FullyQualifiedErrorId : ExpectedValueExpression
Hi Joachim,
It seems to go wrong at this part: $i– (did you make a typo?)
Try replacing it with:
$i = $i -1
Remko
It is from your code above??
…
# Walk though the Collection backwards (always do that when deleting items)
for ($i=$objCol.Count-1; $i -ge 0; $i–)
{
…
So can you give me the complete fixed line?
Thanks a lot!!
Joachim,
I think in the copy/paste a minus sign was lost, the correct line is:
# Walk though the Collection backwards (always do that when deleting items) for ($i=$objCol.Count-1; $i -ge 0; $i–)
So after the last $i should follow 2 times minus sign
Remko
with the 2 minus signs it works!
Great job, thank you!
I had to use LDP.EXE in order to cerrect this issue, the configuration was pointing to the wrong Groups, but them where not deleted.
Connect to the Configuration container, navigate to Exchange Container and right click option modify, then insert the attribute name: otherWellKnownObjects, and replace as method.
After that you will need to run setup with /preparead switch again,
Nice error & nice solution.
Thank you very much!!!! It works for me!
Greetings from Germany! 🙂
Worked like a charm! Thanks for a slick solution!
Awesome dude! helped me out so much! my exchange crashed, and coulnd reinstall.. but after this it can install again! cant thank you enough!
It’s worked for me. Thanks! But I have modified the script as follows:
…
if ($DNString.Contains(“0ADEL:d42”))
…
where “:d42” is my incorrect record. And it have deleted only one record.
The script worked great, thanks!
[…] Thank you for this article- It helped me get the missing references to well known objects removed. They were preventing the install from moving forward. https://www.remkoweijnen.nl/blog/2011/06/24/exchange-2010-well-known-object-entry-install-error/ […]
[…] security objects, this script actual works well for Exchange 2013. The script is republished from this article at the bottom of the […]
Hello, you could also delete the Value with a free tool like Apache Directory Studio:
http://directory.apache.org/studio/downloads.html
“it works perfectly”. Thank you for your great contribution.
Great script, you saved my day. Thx!
this works
Exchange 2013 Restore: Remove objects in The Deleted Objects Active Directory Container
https://support.software.dell.com/appassure/kb/132118
Made my day! Thanks for the Script!
This worked like a charm – thank you so much. You are a hero!
Worked in my test lab. Thanks.
Thanks for this – saved my bacon!
Previous admin didn’t remove exchange correctly it seems…
Perfect, worked great for 2013 error as well. 🙂
Dude.. you rock. Thanks a lot for the great powershell script. Made short work of this problem.
Leave a reply