Some Times Reinstalling Exchange 2010 Corrupts the Security Groups or It will Duplicate the Security Groups.
Creating Console Permission issues or Role may not load properly or User Might get Access Denied Error.
We will learn how to cleanup and recreate Microsoft Exchange Security Groups as a last option.
We will delete all the Security Groups in the Microsoft Exchange Security Groups Container.
Now Running Setup.com /preparead won’t allow you to recreate it as OtherWellKnownObjects attribute on the Microsoft Exchange Container will be pointing to Deleted Objects , It has to be Removed
It cannot be Removed via Adsiedit
And we got to Use LDP to Clear the attribute
Those who are new to LDP, Am not able to edit the OtherWellKnownObjects in Adsiedit as Shown Below . So am Using LDP
Start –> Run –> LDP
Click Connection – Connect –
Click Ok if you running on the Server itself
View –> Tree
Choose –> Configuration Container
Now You won’t be Expand it . Unless you Bind it
Connection –> Bind
Double Click on Configuration –> To Expand
Scroll down to Microsoft Exchange Container –> Right Click –> Modify
Now we got to Edit OtherWellKnownObject attribute
Attribute – > OtherWellKnownObject
Click On Enter
Now Empty Value has been Added –
Now you could see Other Well known Objects have been Cleared
Now Setup.com /preparead is successful
Now Security Groups are back
Now Console and Exchange Management Shell may not open
Or It may show Partial information.
Because the Role Base Access Control Information is lost as Security Groups have been deleted and Recreated
Showing Partial Information –
Or Role May not Load Properly
To get the Roles Installed Back for the Users
Install-CannedRbacRoleAssignments –InvocationMode Install
Now Exchange Management Console and Exchange Management Shell is back online
Now Still you might not be able to Create or Remove are Edit anything in the EMC or EMS
you will get an Error
Active Directory operation failed on DC.CareExchange.in . This error is not retriable. Additional information: Access is denied. Active directory response: 00000005: SecErr: DSID-03151E04, problem 4003 (INSUFF_ACCESS_RIGHTS)
Because the group memberships might have been removed
Add the Exchange Server Computer Account in Exchange Servers Group & Exchange Trusted Subsystem Group
Now you got to reboot the Exchange Server after adding it , To update Group memberships