Removing last Exchange Server 2019 server - last step

Paulschnack 31 Reputation points
2022-11-20T10:37:28.37+00:00

Following on from this question and excellent answers https://learn.microsoft.com/en-us/answers/questions/1081125/removing-the-last-exchange-2019-server-in-client39.html - I need help with the last step, running the AD Cleanup script.

I'm following this article (https://learn.microsoft.com/en-gb/Exchange/manage-hybrid-exchange-recipients-with-management-tools) to remove the last Exchange 2019 server in our 4 DC environment. Running CleanupActiveDirectoryEMT.ps1 fails. I first ran it on the Exchange 2019 server, which failed (see attached screenshots), at the time my account was Domain Admin, Enterprise Admin and Exchange Organization Manager. Then I tried running it on a Win 2019 DC itself, it also fails (see attached).

The article doesn't qualify the exact requirements of environment and account permissions required for this script. What's my next step here?

Looking forward to your reply,

Paul Schnackenburg

262118-running-cleanupactivedirectoryemt-on-dc.png262182-last-steps-in-posh-13th-nov-2022-1.png

Exchange | Exchange Server | Management
0 comments No comments
{count} votes

8 answers

Sort by: Most helpful
  1. Paulschnack 31 Reputation points
    2022-11-29T22:11:57.917+00:00

    Hi Andy & LilyLi,

    Andy - that didn't work, same error "Add-PSSnapin : No snap-ins have been registered for Windows PowerShell version 5".

    However, the client went ahead (without asking me) and deleted the Exchange security groups OU manually in AD, so I guess that's it for this case.

    As many people will follow the instructions in that article to "get rid of their last Exchange Server", I would recommend that someone add to the instructions where the AD Cleanup script should be run (DC or Exchange server), and what permissions the user needs to have.

    Thanks everyone for your help,

    Paul

    1 person found this answer helpful.

  2. Amit Singh 5,306 Reputation points
    2022-11-21T06:57:53.287+00:00
    0 comments No comments

  3. LilyLi2-MSFT 1,981 Reputation points
    2022-11-21T07:14:47.273+00:00

    Hi @Paulschnack ,

    By default, Exchange Trusted Subsystem is not granted the "modify permissions" permission. This causes the Add-ADPermission cmdlet to fail with an Access Denied error in some circumstances.

    Please check if the Exchange Trusted Subsystems are authorized: access-denied-when-you-try-to-give-user-send-as-or-receive-as-permission-for-a-distribution-group-in-exchange-server-505822f4-8dca-7b97-d378-c8416553f6d2
    262438-1.png


    If an Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

  4. Paulschnack 31 Reputation points
    2022-11-24T05:44:39.747+00:00

    Hi LilyLi2 and Amit,

    Thank you for your replies. Amit - yes I have looked at both articles, nothing that'll help this particular situation. LilyLi2 - we don't have any distribution lists on premises (or any other Exchange objects) anymore. I did find the Monitoring mailboxes and applied your suggested permissions to it, and then ran the cleanup script again, with the same result (errors).

    The account that I run the PowerShell script on, on a Windows Server 2019 DC, is a Domain Admin, Enterprise Admin and Exchange Organization Management account.

    I note that this line (101) in the script fails:

    Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010

    If I run this line by itself in PowerShell I get:

    PS C:\Users\pauls\Downloads> Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010
    Add-PSSnapin : No snap-ins have been registered for Windows PowerShell version 5.
    At line:1 char:1

    • Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010
    • ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    • CategoryInfo : InvalidArgument: (Microsoft.Excha...owerShell.E2010:String) [Add-PSSnapin], PSArgumentException
    • FullyQualifiedErrorId : AddPSSnapInRead,Microsoft.PowerShell.Commands.AddPSSnapinCommand

    I suspect that's why subsequent commands fail.

    Should this script be run on a DC? On an Exchange 2019 server? (I've now tried both, and it's failed on both). How can I load the Exchange snap in so that the Exchange cmdlets work?

    Looking forward to your answer,

    Paul Schnackenburg


  5. Andy David - MVP 157.8K Reputation points MVP Volunteer Moderator
    2022-11-24T12:55:47.453+00:00

    Can you change that line to:

    Add-PSSnapin Microsoft.Exchange.Management.PowerShell.SnapIn  
    
    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.