Microsoft KB Archive/296487

= How to recover when only Full Exchange Administrator Account is deleted =

Article ID: 296487

Article Last Modified on 10/25/2007

-

APPLIES TO


 * Microsoft Exchange Server 2003 Enterprise Edition
 * Microsoft Exchange Server 2003 Standard Edition
 * Microsoft Exchange 2000 Server Standard Edition

-



This article was previously published under Q296487



SYMPTOMS
When you try to install a new Exchange 2000 Server, Setup stops and you receive the following error message:

The component &quot;Microsoft Messaging and Collaboration Services&quot; cannot be assigned the action &quot;install&quot; because: Active Directory has not replicated all of the necessary permissions for the deleted items container. Please wait until replication completes before running setup.

This error message is an indication that the account running Exchange Setup does not have Full Exchange Administrator rights.

Or, when you run the Delegate Wizard in Exchange System Manager, the wizard stops and you receive the following error messages:

Failed to grant permissions for account on this object: /dc=com;dc=domain/cd=configuration

The delegation wizard could not grant/change permissions for : account

You may be able to use the Delegate Wizard to delegate Exchange Administrators or View Only Administrators.



CAUSE
These symptoms can occur when the only Full Exchange Administrator Account has been deleted. Because this account has been deleted, there is no account with rights as Exchange Full Administrator.



RESOLUTION
To resolve this behavior, run Setup.exe /forestprep from the Exchange 2000 CD.

If this does not resolve the behavior, perform the following steps to enable the domain system account to run the delegate wizard:

WARNING: If you use the ADSI Edit snap-in, the LDP utility, or any other LDAP version 3 client, and you incorrectly modify the attributes of Active Directory objects, you can cause serious problems. These problems may require you to reinstall Microsoft Windows 2000 Server, Microsoft Exchange 2000 Server, or both. Microsoft cannot guarantee that problems that occur if you incorrectly modify Active Directory object attributes can be solved. Modify these attributes at your own risk.  Open ADSIEdit. Expand CN=Configuration-CN=Services, right-click CN=Microsoft Exchange, and then click 'Properties'. Click the Security tab, and then click Add. In the Select Users window, select the SYSTEM account, click Add, and then click OK. Assign System Full Control access, and then click OK to close this window. In ADSIEdit, expand CN=Microsoft Exchange, right-click the Organization Name, and then click Properties.</li> Assign System Full Control at this level also, and then quit ADSIEdit.

Note Steps 8 through 17 must be performed at a domain controller in the same domain where the first Exchange Install or Exchange ForestPrep was run.</li> Install the Exchange System Manager.</li> Enter the following at a command prompt

at xx:xx /interactive &quot;mmc.exe&quot;

where xx:xx is the time for the process to begin.

Note If you do this through a Terminal Session the MMC pops up on the console and not through the TS session. You must perform this step directly on the server.</li> When the management console opens, add the Exchange System Manager.</li> Select Console, click Add/Remove Snap-In, and then click Add.</li> Select Exchange System, and then click Add.</li> Click OK to the change Domain Controller window, close the Add Stand-alone Snap-In window, and then click OK to open the Exchange System Manager Snap-In.</li> Right-click the Exchange Organization Name in the ESM console.</li> Select Delegate Control, and then click Next in the Delegation Wizard screen.</li> Click Add, and then browse and select an account to give permissions to. Change the Role to Exchange Full Administrator. Click OK to continue.</li> Click Next, and then click Finish to complete the Delegation Wizard.</li></ol>

Note Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.

<div class="moreinformation_section">

MORE INFORMATION
ForestPrep assigns Exchange Full Administrative account permissions to the account that you specify. This account will have the authority to install Exchange 2000 throughout the forest. Also, after the first installation of Exchange 2000, you can use this account to run the Exchange Administration Delegation Wizard, which configures Exchange-specific roles for administrators across the forest.

Additional query words: exch2kp2w

Keywords: kberrmsg kbprb KB296487

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.