Installing Exchange 2016 CU18 error: /PrepareAD

Ponleu Sisowath 196 Reputation points
2020-10-09T13:39:48.86+00:00

Current environment: Exchange 2010 SP3 on Windows Server 2008 R2. One Exchange 2010 server (Mailbox, CAS, and HUB), and one Exchange Edge Transport 2010.

All prerequisites for Exchange 2016 have been installed: Windows components, .NET 4.8, Visual C++ Red, and UM.

Forest/Domain Functional Level: 2008R2. Site has Global Catalog.

Trying to upgrade to Exchange 2016 CU18, one Mailbox role and one Edge Transport Role.

After successfully running the extended Schema prep, I went ahead and attempted the /PrepareAD command. I received the following error below:

The following error was generated when "$error.Clear();
initialize-ExchangeUniversalGroups -DomainController $RoleDomainController -ActiveDirectorySplitPermissions $RoleActiveDirectorySplitPermissions

" was run: "Microsoft.Exchange.Data.Directory.AdminLimitExceededException: The administrative limit for this request was exceeded. ---> System.DirectoryServices.Protocols.DirectoryOperationException: The administration limit on the server was exceeded.
at System.DirectoryServices.Protocols.LdapConnection.ConstructResponse(Int32 messageId, LdapOperation operation, ResultAll resultType, TimeSpan requestTimeOut, Boolean exceptionOnTimeOut)
at System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout)
at Microsoft.Exchange.Data.Directory.GuardedDirectoryExecution.ExecuteT
at Microsoft.Exchange.Data.Directory.PooledLdapConnection.GuardedSendRequest(String forestName, GuardedDirectoryExecution guardedDirectoryExecution, DirectoryRequest request, TimeSpan timeout, Func3 sendRequestDelegate, Int64& concurrency) at Microsoft.Exchange.Data.Directory.PooledLdapConnection.SendRequest(DirectoryRequest request, LdapOperation ldapOperation, Nullable1 clientSideSearchTimeout, IADLogContext logContext, Boolean shouldLogLastFilter)
at Microsoft.Exchange.Data.Directory.ADDataSession.ExecuteModificationRequest(ADObject entry, DirectoryRequest request, ADObjectId originalId, Boolean emptyObjectSessionOnException, Boolean isSync)

Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,586 questions
0 comments No comments
{count} vote

Accepted answer
  1. Ponleu Sisowath 196 Reputation points
    2020-10-20T12:49:19.09+00:00

    I was able to resolve the issue by removing values in the globalAddressList attribute with LDP.exe. Please refer to the article below for reference. Thank you to everyone that attempted to help.

    https://learn.microsoft.com/en-us/archive/blogs/mahuynh/exchange-2013-domainprep-preparead-fails-with-microsoft-exchange-data-directory-adminlimitexceededexception-error_ds_admin_limit_exceeded

    0 comments No comments

4 additional answers

Sort by: Most helpful
  1. Edward van Biljon 6 Reputation points
    2020-10-11T07:04:33.55+00:00

    Hi

    I have seen a number of people posting issues with Shared Mailboxes on CU18, you might want to hold off your upgrade till CU19


  2. KyleXu-MSFT 26,256 Reputation points
    2020-10-12T02:30:38.837+00:00

    @Ponleu Sisowath
    I also want to confirm with you that what is the RU version of your Exchange 2010? You need to update Exchange 2010 at least to RU 11, before installing Exchange 2016 coexist with it. After installing Exchange 2016, then migration mailboxes from Exchange 2010 to Exchange 2016(You cannot update from Exchange 2010 to Exchange 2016 directly).

    You also need to update DC to Windows Server 2008 R2 SP1. As far as I know, this issue may caused by some setting on Windows server, if you still cannot install Exchange 2016 successfully, I would suggest you migrate DC to Windows server 2012 R2, then try to install Exchange 2016 again.


    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


  3. Ponleu Sisowath 196 Reputation points
    2020-10-12T03:12:40.71+00:00

    Looking at the Exchange setup logs and Events Viewer, it looks like the Exchange setup is erroring out when it tries to create a security object/account ‘Compliance Management’ in the Microsoft Exchange Security Groups OU. Do you think that has anything to do with Active Directory Split Permissions?

    Exchange Setup Logs:

    31478-eximage2.png

    Event Viewer: Two errors.

    First error in Event Viewer:
    The following error was generated when "$error.Clear();

              initialize-ExchangeUniversalGroups -DomainController $RoleDomainController -ActiveDirectorySplitPermissions $RoleActiveDirectorySplitPermissions  
    

    " was run: "Microsoft.Exchange.Data.Directory.AdminLimitExceededException: The administrative limit for this request was exceeded. ---> System.DirectoryServices.Protocols.DirectoryOperationException: The administration limit on the server was exceeded.

    ---------------------------------------------

    Second Error in Event Viewer:

    ExSetup.exe
    2060
    Get Servers for myexampledomain.local
    TopologyClientTcpEndpoint (localhost)
    3
    System.ServiceModel.EndpointNotFoundException: Could not connect to net.tcp://localhost:890/Microsoft.Exchange.Directory.TopologyService. The connection attempt lasted for a time span of 00:00:02.0470637. TCP error code 10061: No connection could be made because the target machine actively refused it 127.0.0.1:890. ---> System.Net.Sockets.SocketException: No connection could be made because the target machine actively refused it 127.0.0.1:890


  4. Ponleu Sisowath 196 Reputation points
    2020-10-15T17:07:16.587+00:00

    The only other member group that I was not a part of, according to your list, is 'Group Policy Creator Owner'. I added it. Also, the FW team removed all rules between the Exchange Server and DCs. Rebooted the Exchange box and attempted to run Setup.exe. Same error during Step 1 of 15: Organization Preparation.
    Error:
    The following error was generated when "$error.Clear();
    initialize-ExchangeUniversalGroups -DomainController $RoleDomainController -ActiveDirectorySplitPermissions $RoleActiveDirectorySplitPermissions

    " was run: "Microsoft.Exchange.Data.Directory.AdminLimitExceededException: The administrative limit for this request was exceeded. ---> System.DirectoryServices.Protocols.DirectoryOperationException: The administration limit on the server was exceeded.
    at System.DirectoryServices.Protocols.LdapConnection.ConstructResponse(Int32 messageId, LdapOperation operation, ResultAll resultType, TimeSpan requestTimeOut, Boolean exceptionOnTimeOut)
    at System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout)
    at Microsoft.Exchange.Data.Directory.GuardedDirectoryExecution.ExecuteT
    at Microsoft.Exchange.Data.Directory.PooledLdapConnection.GuardedSendRequest(String forestName, GuardedDirectoryExecution guardedDirectoryExecution, DirectoryRequest request, TimeSpan timeout, Func3 sendRequestDelegate, Int64& concurrency) at Microsoft.Exchange.Data.Directory.PooledLdapConnection.SendRequest(DirectoryRequest request, LdapOperation ldapOperation, Nullable1 clientSideSearchTimeout, IADLogContext logContext, Boolean shouldLogLastFilter)
    at Microsoft.Exchange.Data.Directory.ADDataSession.ExecuteModificationRequest(ADObject entry, DirectoryRequest request, ADObjectId originalId, Boolean emptyObjectSessionOnException, Boolean isSync)
    --- End of inner exception stack trace ---
    at Microsoft.Exchange.Data.Directory.ADDataSession.AnalyzeDirectoryError(PooledLdapConnection connection, DirectoryRequest request, DirectoryException de, Int32 totalRetries, Int32 retriesOnServer, String callerFilePath, Int32 callerFileLine, String memberName)
    at Microsoft.Exchange.Data.Directory.ADDataSession.ExecuteModificationRequest(ADObject entry, DirectoryRequest request, ADObjectId originalId, Boolean emptyObjectSessionOnException, Boolean isSync)
    at Microsoft.Exchange.Data.Directory.ADDataSession.Save(ADObject instanceToSave, IEnumerable`1 properties, Boolean bypassValidation)
    at Microsoft.Exchange.Data.Directory.SystemConfiguration.ADConfigurationSession.Save(ADConfigurationObject instanceToSave, String callerFilePath, Int32 callerFileLine, String memberName)
    at Microsoft.Exchange.Management.Tasks.InitializeExchangeUniversalGroups.CreateWKGuid(ADContainer container, ADObjectId dn, Guid wkGuid)
    at Microsoft.Exchange.Management.Tasks.InitializeExchangeUniversalGroups.CreateGroup(ADOrganizationalUnit usgContainer, String groupName, Int32 groupId, Guid wkGuid, String groupDescription, GroupTypeFlags groupType, Boolean createAsRoleGroup)
    at Microsoft.Exchange.Management.Tasks.InitializeExchangeUniversalGroups.CreateRoleGroup(ADOrganizationalUnit usgContainer, RoleGroupDefinition roleGroup)
    at Microsoft.Exchange.Management.Tasks.InitializeExchangeUniversalGroups.CreateAndValidateRoleGroups(ADOrganizationalUnit usgContainer, RoleGroupCollection roleGroups)
    at Microsoft.Exchange.Management.Tasks.InitializeExchangeUniversalGroups.InternalProcessRecord()
    at Microsoft.Exchange.Configuration.Tasks.Task.<ProcessRecord>b__91_1()
    at Microsoft.Exchange.Configuration.Tasks.Task.InvokeRetryableFunc(String funcName, Action func, Boolean terminatePipelineIfFailed)".

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.