Share via


Exchange 2019 - Re-create the Exchange Security Groups in AD

In Exchange, not only 2019, you might come across a problem where the security groups are corrupt or have been deleted, this can be by accident or maliciously.

To fix this, you will need to run the setup command with the PrepareAD switch.

It might sound easy but you will most likely run into an issue where the otherWellknownObjects field is populated and you need to remove it using the LDP tool as ADSIEdit gives you an error.

You go and check Active Directory and look at the Exchange Security group container only to find it empty:

https://www.collaborationpro.com/wp-content/uploads/2018/12/AD1-1.png

https://www.collaborationpro.com/wp-content/uploads/2018/12/AD1.png

You try re-run the setup and you get the following:

https://www.collaborationpro.com/wp-content/uploads/2018/12/AD2.png https://www.collaborationpro.com/wp-content/uploads/2018/12/AD2-1.png

Right, to fix the error above, you need to launch LDP and the connect to your Domain controller and then bind to it. After that you can select the view menu and then click Tree and select the configuration partition.

https://i1.wp.com/www.collaborationpro.com/wp-content/uploads/2018/12/AD3.png?fit=1024%2C501&ssl=1 https://i1.wp.com/www.collaborationpro.com/wp-content/uploads/2018/12/AD3-1.png?fit=1024%2C501&ssl=1

Now expand Services and right click on the CN=Microsoft Exchange and click Modify.

A window will appear as shown on the right hand side. In the edit entry attribute box you will type in otherWellknownObjects and then select the Delete radio button under operation and then click the Enter button.

It will put the info in the Entry List with what its going to do and then you can click Run. Below the run button in the info window you will see it says "Modified ....."

Now go to ADSIEdit and also open the configuration container and expand services. Right click on Microsoft Exchange and view the properties as shown below, you will see the otherWellknownObjects is now not set.

https://www.collaborationpro.com/wp-content/uploads/2018/12/AD6.png https://www.collaborationpro.com/wp-content/uploads/2018/12/AD6-1.png

Now we can proceed to run the setup again to PrepareAD and this time it should succeed. Take note, larger AD deployments might take longer to replicate the changes.

https://www.collaborationpro.com/wp-content/uploads/2018/12/AD4.png https://www.collaborationpro.com/wp-content/uploads/2018/12/AD4-1.png

As seen above, the installation succeeded.

If we head back to Active Directory and check the Exchange Security group container we should now have all the groups back:

https://www.collaborationpro.com/wp-content/uploads/2018/12/AD5.png https://www.collaborationpro.com/wp-content/uploads/2018/12/AD5-1.png