Comments on: Security descriptor error during Exchange Server 2007 schema extension https://practical365.com/security-descriptor-error-during-exchange-server-2007-schema-extension/ Practical Office 365 News, Tips, and Tutorials Fri, 13 Jan 2017 07:36:07 +0000 hourly 1 https://wordpress.org/?v=6.6.1 By: Ganesh https://practical365.com/security-descriptor-error-during-exchange-server-2007-schema-extension/#comment-4257 Wed, 04 Nov 2009 09:41:27 +0000 https://www.practical365.com/2008/09/09/security-descriptor-error-during-exchange-server-2007-schema-extension/#comment-4257 Thanks for this followup

]]>
By: CrashtheMachine https://practical365.com/security-descriptor-error-during-exchange-server-2007-schema-extension/#comment-4256 Tue, 20 Oct 2009 19:04:06 +0000 https://www.practical365.com/2008/09/09/security-descriptor-error-during-exchange-server-2007-schema-extension/#comment-4256 Ganesh, that workaround is just plain dumb but it works. Why would that ever make a difference. Thanks for the simple solution. I like those.

]]>
By: Qwantum https://practical365.com/security-descriptor-error-during-exchange-server-2007-schema-extension/#comment-4255 Fri, 16 Oct 2009 17:00:35 +0000 https://www.practical365.com/2008/09/09/security-descriptor-error-during-exchange-server-2007-schema-extension/#comment-4255 Ganesh workaround worked perfectly for me. Changing the CD drive letter to E: (instead of D:) resolved the ‘Organization Preparation’ step issue where I could not read the ‘Security Descriptor’ on “CN=Deleted O
bjects,CN=Configuration,DC=domain,DC=local”.

Damn Micro$oft and their “never-working-out-of-the-box-that-need-thousands-of-workaround-and-fixes” applications…

Thanks Ganesh !

]]>
By: Ganesh https://practical365.com/security-descriptor-error-during-exchange-server-2007-schema-extension/#comment-4254 Wed, 18 Feb 2009 13:47:36 +0000 https://www.practical365.com/2008/09/09/security-descriptor-error-during-exchange-server-2007-schema-extension/#comment-4254 Hello,
During exchange 2007 sp1 setup the same error accured
You do not have permissions to read the security descriptor on CN=Deleted O
bjects,CN=Configuration,DC=domain,DC=com,DC=au.

FOR RESOLVE THE PROBLEM

CHANGE YOUR CD DRIVE LETTER TO E:

And Run the exchange setup again.

]]>
By: <div class="apbct-real-user-wrapper"> <div class="apbct-real-user-author-name">Paul</div> <div class="apbct-real-user-badge" onmouseover=" let popup = document.getElementById('apbct_trp_comment_id_4253'); popup.style.display = 'inline-flex'; "> <div class="apbct-real-user-popup" id="apbct_trp_comment_id_4253"> <div class="apbct-real-user-title"> <p class="apbct-real-user-popup-header">The Real Person!</p> <p class="apbct-real-user-popup-text">Author <b>Paul</b> acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.</p> </div> </div> </div> </div> https://practical365.com/security-descriptor-error-during-exchange-server-2007-schema-extension/#comment-4253 Tue, 06 Jan 2009 22:57:16 +0000 https://www.practical365.com/2008/09/09/security-descriptor-error-during-exchange-server-2007-schema-extension/#comment-4253 Update: Kay and I took this discussion to email and identified the issue. To summarise:

dsacls “CN=Deleted Objects,DC=domain,DC=com” /takeownership

1) Make sure you include the space in Deleted Objects
2) Make sure you enclose the LDAP string in quotes
3) Make sure you replace “dc=domain,dc=com” with the right values for your domain name

Glad the problem is solved Kay!

]]>
By: Kay Malm https://practical365.com/security-descriptor-error-during-exchange-server-2007-schema-extension/#comment-4252 Fri, 02 Jan 2009 20:37:29 +0000 https://www.practical365.com/2008/09/09/security-descriptor-error-during-exchange-server-2007-schema-extension/#comment-4252 I tried running the command and there is no Object.

]]>
By: <div class="apbct-real-user-wrapper"> <div class="apbct-real-user-author-name">Paul</div> <div class="apbct-real-user-badge" onmouseover=" let popup = document.getElementById('apbct_trp_comment_id_4251'); popup.style.display = 'inline-flex'; "> <div class="apbct-real-user-popup" id="apbct_trp_comment_id_4251"> <div class="apbct-real-user-title"> <p class="apbct-real-user-popup-header">The Real Person!</p> <p class="apbct-real-user-popup-text">Author <b>Paul</b> acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.</p> </div> </div> </div> </div> https://practical365.com/security-descriptor-error-during-exchange-server-2007-schema-extension/#comment-4251 Thu, 01 Jan 2009 03:20:13 +0000 https://www.practical365.com/2008/09/09/security-descriptor-error-during-exchange-server-2007-schema-extension/#comment-4251 According to the article the version of DSACLS.exe that ships with ADAM is required for the fix.

The syntax for the deleted objects container is as follows:

“CN=Deleted Objects,DC=domain,DC=com,dc=au”

In that example there the domain is “domain.com.au”. So you just need to change that part of the string to match your domain, eg:

business.net would be “dc=business,dc=net”
microsoft.com would be “dc=microsoft,dc=com”

]]>
By: Kay Malm https://practical365.com/security-descriptor-error-during-exchange-server-2007-schema-extension/#comment-4250 Wed, 31 Dec 2008 16:56:23 +0000 https://www.practical365.com/2008/09/09/security-descriptor-error-during-exchange-server-2007-schema-extension/#comment-4250 If I don’t have ADAM installed, how do I use the tools? I do not know the correct syntax for my deleted objects or CN,DC portions of command. Where do I find this?

]]>
By: <div class="apbct-real-user-wrapper"> <div class="apbct-real-user-author-name">Paul</div> <div class="apbct-real-user-badge" onmouseover=" let popup = document.getElementById('apbct_trp_comment_id_4249'); popup.style.display = 'inline-flex'; "> <div class="apbct-real-user-popup" id="apbct_trp_comment_id_4249"> <div class="apbct-real-user-title"> <p class="apbct-real-user-popup-header">The Real Person!</p> <p class="apbct-real-user-popup-text">Author <b>Paul</b> acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.</p> </div> </div> </div> </div> https://practical365.com/security-descriptor-error-during-exchange-server-2007-schema-extension/#comment-4249 Tue, 30 Dec 2008 21:26:00 +0000 https://www.practical365.com/2008/09/09/security-descriptor-error-during-exchange-server-2007-schema-extension/#comment-4249 In reply to Kay Malm.

Kay, I’m not saying install ADAM, I’m saying once you’ve got ADLDS installed on the server and you’ve run the DSACLS command try also following the final step in that article I linked to.

Also, you could try installing ADAM on a Windows Server 2003 server in your environment instead.

I don’t have any further suggestions right now because my experience has always been that the steps I wrote about in the blog post fix the problem.

]]>
By: Kay Malm https://practical365.com/security-descriptor-error-during-exchange-server-2007-schema-extension/#comment-4248 Tue, 30 Dec 2008 15:40:46 +0000 https://www.practical365.com/2008/09/09/security-descriptor-error-during-exchange-server-2007-schema-extension/#comment-4248 Please refer back to original request. ADAM fails to install – error “Not enough storage is available to process this command.” I have available 249 GB of space available. I am already a member of the Domain Administrators Group. Exchange fails to install because as Administrator I do not have permission to read the security description. Why are we back to doing what I have already tried?

]]>