Exchange setup error: the attribute () points to an invalid DN or a deleted object

 Issue:

we closed the last exchange server on Prem, and run a script to delete the AD remnant,
when we try to download Exchange Mangement tools we get the following error:

The well-known object entry B:32:A1C2016C84D003458132789127B84:CN=Exchange Servers\0ADEL:b2360aad-5e45-40ae-a52a-22397689104a,CN=Deleted Objects,DC=contoso,DC=lab on the otherWellKnownObjects attribute in the container object CN=Configuration,DC=contoso,DC=lab points to an invalid DN or a deleted object.  Remove the entry, and then rerun the task.

Cause:

After deletion of ADSI remnants of exchange server, some attribute transferred to deleted object container but is still added to otherWellKnownObjects attribute.

Solution:

1. Log on a Domain Controller with Domain Admin permissions
2. Run ldp.exe -- the LDAP GUI pops up
3. Click on the Connection menu item and choose the "Connect" item. Leave everything as it is. DO NOT ENTER THE SERVER. Click OK
The right side panel populates with domain info.
4. Click on the Connection menu item and choose the "Bind" item. Make sure that 'Bind as currently logged on user' radio button is selected (it is the default option). Click OK

5. Click on the 'View' Menu item and choose 'Tree' > 'Tree View' > BaseDN drop down menu. Choose CN=Configuration,DC=contoso,DC=lab same as the one mentioned in the error message.The Configuration context shows up on the Left Side Panel
6. Expand the Configuration Context by clicking on the + sign
7. Choose CN=Configuration,DC=contoso,DC=lab and doubleclick to expand it.
8. Right-Click on CN=Configuration,DC=contoso,DC=lab and choose 'Modify'. 
In the Edit Entry Attribute type: 
otherWellKnownObjects
In the Operation Radio Button Box choose 'Delete'
On the right panel, look for otherWellKnownObjects in the information generated by double-clicking 'CN=Configuration,DC=contoso,DC=lab
Identify the entry to remove. It starts with B: and ends with ";" (which does not need to be included). In this example it is B:32:A1C2016C84D003458132789127B84:CN=Exchange Servers\0ADEL:b2360aad-5e45-40ae-a52a-22397689104a,CN=Deleted Objects,DC=contoso,DC=lab
Enter it in the "Values" text box.
Hit the Enter button
The Entry list is populated with an entry starting with: "[DELETE]otherWellKnownObjects:B:32:..."
Select it.
Hit the Run Button.
If the Right Side panel does not show an error message, it means that the operation was successful. 
9. Exit LDP.exe 
10. On the Exchange server, run again:
e:\setup.exe /PrepareAD /IAcceptExchangeServerLicenseTerms
This time the operation should be successful.


Other information:

The paths are color coded, and can be replaced from the error to the solution.


Comments

Post a Comment

Popular posts from this blog

Can't find msexchHideFromAddressLists Attribute

  Issue: Can't find msexchHideFromAddressLists Attribute in ADSI edit or in AD users and computers to change it for the users. Cause: In the environment there is only Exchange online, no exchange on Prem and there never was, so the MSexch attributes are not there. Resolution: We downloaded the Exchange server prerequisites on another domain joined server as in here: Exchange Server prerequisites, Exchange 2019 system requirements, Exchange 2019 requirements | Microsoft Learn Downloaded Exchange server ISO from here: Exchange Server build numbers and release dates | Microsoft Learn Mount the ISO and then we run the command: <Virtual DVD drive letter>:\Setup.exe /IAcceptExchangeServerLicenseTerms_DiagnosticDataON /PrepareSchema and the Attribute appeared.
Read more

Outlook on prem prompts for O365 Password

  Issue: In an Exchange on prem environment Outlook prompts for O365 Password trying to connect to exchange online or Office365. and is not connecting after that. Cause: Moder authentication was enabled Solution: First, we thought of postponing the O365 request, by adding registry Dword (ExcludeExplicitO365Endpoint) this will tell Outlook to postpone the O365 Autodiscover request to the last. 1- Open Registry Editor 2- Navigate to: HKEY_CURRENT_USER\Software\Microsoft\Office\<x.0>\Outlook\AutoDiscover 3- 3- 3- Create new Dword : ExcludeExplicitO365Endpoint  value 1  but this didn't solve the issue  so we decided to disable Modern authentication 1- Open Registry Editor 2- Navigate to: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\<x.0>\Common\Identity   3- Create Dword: EnableADAL value 0 DisableAADWAM  value 1 DisableADALatopWAMOverride  value 1 then the Prompt stopped and outlook connected to On-prem Autodiscover 
Read more

After March24 SU Search issue in Outlook (cached mode)

  Issue: After installing the Security Update, some of the customers have issue with Search in Outlook (cached mode). Error message: "We're having trouble fetching results from the server..." when performing Outlook search.  Reason:  Issue with the SU. Solution : There is no direct solution but there is a workaround: 1) Use OWA or Outlook online mode if possible. 2) Disable server assisted search by creating following registry key: Path: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Search • Value name: DisableServerAssistedSearch • Value type: REG_DWORD • Value: 1
Read more