'Hybrid Configration already exists' error during Exchange 2010 Hybrid upgrade

Question

Hi,

My client has a fully working W2012/Exchange 2010 hybrid environment with the latest CU applied and all mailboxes already on the cloud. Long story short, I am getting the following error when running PrepareAD with TenantOrganizationConfig switch as part to Hybrid upgrade to Exchange 2016 CU23:

The following error was generated when "$error.Clear();
if ($RoleIsDatacenter -eq $false) { install-Container -Name "Hybrid Configuration" -DomainController $RoleDomainController }" was run: "Microsoft.Exchange.Data.Directory.ADObjectAlreadyExistsException: Active Directory operation failed on XXXX. The object 'CN=Hybrid Configuration,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=XXX...' already exists. ---> System.DirectoryServices.Protocols.DirectoryOperationException: The object exists.
... (truncated)

As a curiosity I try renaming the mentioned container on ADSI Edit and getting this message:

Operation failed. Error code: 0x2185
A system flag has been set on the object and does not allow the object to be removed or renamed.
00002185: SvcErr" DSID-031B0F26, problem 5003 (WILL_NOT_PERFORM), data 0

When I try to do the same on Exchange Hybrid deployment on other client, the container can be renamed without issue. Comparing the object's security permission between the two deployment looks OK. I have tried removing all Deny permission on the object but still no luck.

Regards,

JarotS

Answer 1

Hi @JarotS ,
Please have a check that the SystemFlags property of the "Hybrid Configuration" container has this value set. If the value is not in the container, the system will not allow the object to be deleted or moved to another domain.

System-Flags attribute - Win32 apps | Microsoft Learn

I would like to know on which server you are running PrepareAD.
According to my research, adding an Exchange 2016 server in a hybrid environment requires updating the Active Directory schema before preparing Active Directory.
Here is an article detailing how to upgrade from hybrid Exchange 2010 to hybrid 2016 .for you reference:Hybrid Exchange 2010 To Hybrid Exchange 2016 - Part One (c-sharpcorner.com)
(note:Microsoft provides third-party contact information to help you find additional information about this topic. This contact information may change without notice. Microsoft does not guarantee the accuracy of third-party contact information.)

---

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 2

I was running PrepareAD from a freshly installed Svr2016. The object had empty systemFlags value, no wonder it can't be renamed.
Anyway, further checking the object, I noticed it's missing msExchContainer objectClass. I suspect it's either corrupted or it was created manually in the past without that attribute.
So here's what I did in brief:

• removed Hybrid Config from on-prem and O365, leave the AzureADConnect intact
• deleted the container using ADSI Edit
• ran PrepAD again with TenantOrganizationConfig switch. The "Hybrid Configuration" container was recreated automatically here.
• continued with Exc2016 setup and the rest is a typical Ex2010 to 2016 migration followed by HCW setup from Ex2016 at the end.
  Thanks everyone for the thoughts.

Answer 3

Check this link - https://learn.microsoft.com/en-us/archive/blogs/manjubn/1-exchange-server-2013-preparead-or-cumultive-update-installation-fails

Answer 4

There was no need to add that switch (TenantOrganizationConfig) if hybrid already existed:
https://learn.microsoft.com/en-us/exchange/plan-and-deploy/prepare-ad-and-domains?view=exchserver-2019

Undo whatever changes you made to that object via adsiedit and run the command again WITHOUT that switch!