Exchange Setup Error: Cannot Update Schema

KB ID 0001409

Problem

I had a nightmare with this, (this morning). Client had an Exchange 2007 Server in a sub domain, and I am migrating them to Exchange 2016 (via Exchange 2013). While attempting to deploy the Exchange 2013 Server, the ‘Readiness Checks’ failed;

Exchange Schema Needs and Update not a mamber

Error:

The Active Directory Schema isn’t up-to-date, and this user account isn’t a member of the ‘Schema Admins’ and/or ‘Enterprise Admins’ groups.

Error:

Global updates need to be made to Active Directory, and this user account isn’t a member of the ‘Enterprise Admins’ group.

Error:

The local domain needs to be updated. You must be a member of the ‘Domain Admins’ group and ‘Organization Management’ role group, or ‘Enterprise Admins’ group to continue.

Error:

You must be a member of the ‘Organization Management’ role group or a member of the ‘Enterprise Admins’ group to continue.

For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.GlobalServerInstall.aspx

Error:

You must use an account that’s a member of the Organization Management role group to install or upgrade the first Mailbox server role in the topology.

Error:

You must use an account that’s a member of the Organization Management role group to install the first Client Access server role in the topology.

Error:

You must use an account that’s a member of the Organization Management role group to install the first Client Access server role in the topology.

Error:

You must use an account that’s a member of the Organization Management role group to install or upgrade the first Mailbox server role in the topology.

Error:

You must use an account that’s a member of the Organization Management role group to install or upgrade the first Client Access server role in the topology.

Error:

You must use an account that’s a member of the Organization Management role group to install the first Mailbox server role in the topology.

Error:

Setup encountered a problem while validating the state of Active Directory: Exchange organization-level objects have not been created, and setup cannot create them because the local computer is not in the same domain and site as the schema master.  Run setup with the /prepareAD parameter on a computer in the domain {root-domain} and site (site-name}, and wait for replication to complete.  See the Exchange setup log for more information on this error.

Error:

The forest functional level of the current Active Directory forest is not Windows Server 2003 native or later. To install Exchange Server 2013, the forest functional level must be at least Windows Server 2003 native.

Error:

Either Active Directory doesn’t exist, or it can’t be contacted.

WOW! Thats some error list!

Solution

OK, I’m assuming from this point forward you ARE in the correct AD groups? Those being;

  • Schema Administrators
  • Enterprise Administrators
  • Exchange Organisational Management
  • Domain Admins

Note: If you’re in a sub-domain you can’t be in the Domain admins and Schema/Enterprise Admins groups, (see below).

At first I thought it was just a ‘bug’ that I’d seen before, you need to go to your user account in Active Directory and change your primary group from ‘Domain Users’ to ‘Enterprise Admins’, like so;

AD Set Primary Group

These Exchange servers were in a ‘Sub-domain’, so I had to go to the Root-domain, and go a bit ‘old-school’. Locate the Schema Master, (it will be in the root domain).

Locate your FSMO Role Servers

Log onto the schema master then either present your Exchange Setup DVD, or navigate to the setup files, and run the following command;

Setup.exe /PrepareSchema /IAcceptExchangeServerLicenseTerms

Exchange Prepare Schema Manually

For some reason, every post says go to another DC in the same site as the Schema Master, and continue, well you can do that here? i.e. You can simply run the following commands on the same server!

Execute the following command;

Setup.exe /PrepareAD /IAcceptExchangeServerLicenseTerms

Now if you ONLY HAVE ONE SUB-DOMAIN, or perhaps are upgrading ALL the subdomains for some reason? Run the following command;

Setup.exe /PrepareAllDomains /IAcceptExchangeServerLicenseTerms

Or, if you have multiple sub domains, and want to be a bit more selective, then use the following syntax;

Setup.exe /PrepareDomain:{FQDN-of-sub-domain} /IAcceptExchangeServerLicenseTerms

Now, either wait for domain replication, or if you’re lazy, (like me,) force domain replication, then go have a coffee, and retry your Exchange setup.

Related Articles, References, Credits, or External Links

NA

Author: PeteLong

Share This Post On

5 Comments

  1. Mate you’re an Exchange saver!

    Have a cold one!

    Post a Reply
  2. I’ve also found that if you’re running multiple sites and your Schema Master is in a different site than your new Exchange server, you may need to move the FSMO roles temporarily to a domain controller in the same site as the new Exchange install and then move back once complete. Even after all steps in this article, we couldn’t get Exchange to install without moving the FSMO roles temporarily.

    Post a Reply
  3. So i tried this and received an error after completing the second command; setup.exe /preparead /iacceptexchangeserverlicenseterms; first error was tcp error 10061 microsoft exchange directory topology service connection was refused… i didn’t even see the service listed

    The schema prep worked fine, but now i am stuck on prepping AD, any ideas? Thanks for this!

    Post a Reply
    • Thanks man! You’re a lifesaver.

      Post a Reply

Leave a Reply to PeteLong Cancel reply

Your email address will not be published. Required fields are marked *