FIX: Installing Exchange CU multiple errors Active Directory

Either Active Directory doesn’t exist, or it can’t be contacted.‘, what?

With the Exchange Security updates two weeks ago I got a nice list of errors while updating an Exchange server.

I went through the steps and at the last step where Exchange checks if the updates can be installed, I got quite a few errors. The main ones were the Active Directory error messages.

My account was in the correct groups and yet it looked like it couldn’t access Active Directory at all and because he cannot access active directory you will get all other error messages.


So, what is the issue here?

The main issue is that the Exchange Update cannot update the Active Directory schema because the Exchange server is not in the same site as the Schema master.

For more about the Schema master click here


How can I resolve this?

Make the Domain Controller in the same site as the Exchange server the Schema master. This may be temporary to install the updates. In the below steps I’ll explain how you can do that.

Open PowerShell as Administrator

Let’s first check which server is the schema master before continuing, so that you can always adjust this to the old situation.

Get-ADForest | Select-Object SchemaMaster

Now we know which server was the Schema Master we can now move the role to a server in the same site as the Exchange server.
I’ve used $ENV:LOGONSERVER as the new Schema Master because usually you logon to a Domain Controller in the same site.

Move-ADDirectoryServerOperationMasterRole -Identity $ENV:LOGONSERVER -OperationMasterRole SchemaMaster

Now try to install the exchange updates again and revert back to the old Schema Master after you’re finished.


Full error message

Error:
This computer requires .NET Framework 4.8 (https://support.microsoft.com/kb/4503548).
For more information, visit: https://docs.microsoft.com/Exchange/plan-and-deploy/system-requirements?view=exchserver-2016

Error:
The Mailbox server role isn’t installed on this computer.
For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.UnifiedMessagingRoleNotInstalled.aspx

Error:
The Mailbox server role isn’t installed on this computer.
For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.BridgeheadRoleNotInstalled.aspx

Error:
Global updates need to be made to Active Directory, and this user account isn’t a member of the ‘Enterprise Admins’ group.
For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.GlobalUpdateRequired.aspx

Error:
The local domain needs to be updated. You must be a member of the ‘Domain Admins’ group and ‘Organization Management’ role group, or ‘Enterprise Admins’ group to continue.
For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.LocalDomainPrep.aspx

Error:
You must be a member of the ‘Organization Management’ role group or a member of the ‘Enterprise Admins’ group to continue.
For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.GlobalServerInstall.aspx

Error:
You must use an account that’s a member of the Organization Management role group to install or upgrade the first Mailbox server role in the topology.
For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.DelegatedBridgeheadFirstInstall.aspx

Error:
You must use an account that’s a member of the Organization Management role group to install the first Client Access server role in the topology.
For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.DelegatedCafeFirstInstall.aspx

Error:
You must use an account that’s a member of the Organization Management role group to install the first Client Access server role in the topology.
For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.DelegatedFrontendTransportFirstInstall.aspx

Error:
You must use an account that’s a member of the Organization Management role group to install or upgrade the first Mailbox server role in the topology.
For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.DelegatedMailboxFirstInstall.aspx

Error:
You must use an account that’s a member of the Organization Management role group to install or upgrade the first Client Access server role in the topology.
For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.DelegatedClientAccessFirstInstall.aspx

Error:
You must use an account that’s a member of the Organization Management role group to install the first Mailbox server role in the topology.
For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.DelegatedUnifiedMessagingFirstInstall.aspx

Error:
Setup encountered a problem while validating the state of Active Directory: Exchange organization-level objects have not been created, and setup cannot create them because the local computer is not in the same domain and site as the schema master. Run setup with the /prepareAD parameter on a computer in the domain ddl and site Azure, and wait for replication to complete. See the Exchange setup log for more information on this error.
For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.AdInitErrorRule.aspx

Error:
The forest functional level of the current Active Directory forest is not Windows Server 2003 native or later. To install Exchange Server 2016, the forest functional level must be at least Windows Server 2003 native.
For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.ForestLevelNotWin2003Native.aspx

Error:
Either Active Directory doesn’t exist, or it can’t be contacted.
For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.CannotAccessAD.aspx

Warning:
Setup will prepare the organization for Exchange Server 2016 by using ‘Setup /PrepareAD’. No Exchange Server 2013 roles have been detected in this topology. After this operation, you will not be able to install any Exchange Server 2013 roles.
For more information, visit: https://docs.microsoft.com/Exchange/plan-and-deploy/deployment-ref/readiness-checks?view=exchserver-2016

Warning:
Setup will prepare the organization for Exchange Server 2016 by using ‘Setup /PrepareAD’. No Exchange Server 2010 roles have been detected in this topology. After this operation, you will not be able to install any Exchange Server 2010 roles.
For more information, visit: https://docs.microsoft.com/Exchange/plan-and-deploy/deployment-ref/readiness-checks?view=exchserver-2016

Published by

Bas Wijdenes

My name is Bas Wijdenes and I work as a PowerShell Automation Engineer. My main focus is PowerShell, Azure AD, Azure Infrastructure, Server Management, and Exchange (Online).

Leave a Reply

Your email address will not be published. Required fields are marked *