Exchange 2010 well-known object entry install error

/by

SNAGHTML1ca684cToday I was testing the installation of Exchange 2010 in a VMWare sandbox environment. We created the sandbox to test migration from a 2003 AD and Exchange environment to 2008 R2 with Exchange 2010.

We used a P2V to get real copies of the Active Directory and the AD upgrade to 2008 R2 was already tested.

But during the Exchange installation in the sandbox I got the following error:

The well-known object entry on the otherWellKnownObjects attribute in the container object CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=zorg,DC=local points to an invalid DN or a deleted object. Remove the entry, and then rerun the task.

The setup log (located in C:\ExchangeSetupLogs) shows a little more detail:

[06-22-2011 11:28:58.0530] [2] [ERROR] Unexpected Error
[06-22-2011 11:28:58.0530] [2] [ERROR] The well-known object entry B:32:C262A929D691B74A9E068728F8F842EA:CN=Organization Management\0ADEL:c1b94668-b67b-4231-8e5a-b11ecf5b7838,CN=Deleted Objects,DC=zorg,DC=local on the otherWellKnownObjects attribute in the container object CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=zorg,DC=local points to an invalid DN or a deleted object.  Remove the entry, and then rerun the task.
[06-22-2011 11:28:58.0546] [2] Ending processing initialize-ExchangeUniversalGroups
[06-22-2011 11:28:58.0546] [1] The following 1 error(s) occurred during task execution:
[06-22-2011 11:28:58.0546] [1] 0.  ErrorRecord: The well-known object entry B:32:C262A929D691B74A9E068728F8F842EA:CN=Organization Management\0ADEL:c1b94668-b67b-4231-8e5a-b11ecf5b7838,CN=Deleted Objects,DC=zorg,DC=local on the otherWellKnownObjects attribute in the container object CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=zorg,DC=local points to an invalid DN or a deleted object.  Remove the entry, and then rerun the task.
[06-22-2011 11:28:58.0546] [1] 0.  ErrorRecord: Microsoft.Exchange.Management.Tasks.InvalidWKObjectException: The well-known object entry B:32:C262A929D691B74A9E068728F8F842EA:CN=Organization Management\0ADEL:c1b94668-b67b-4231-8e5a-b11ecf5b7838,CN=Deleted Objects,DC=zorg,DC=local on the otherWellKnownObjects attribute in the container object CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=zorg,DC=local points to an invalid DN or a deleted object.  Remove the entry, and then rerun the task.
[06-22-2011 11:28:58.0546] [1] [ERROR] The following error was generated when "$error.Clear();
	initialize-ExchangeUniversalGroups -DomainController $RoleDomainController -ActiveDirectorySplitPermissions $RoleActiveDirectorySplitPermissions

" was run: "The well-known object entry B:32:C262A929D691B74A9E068728F8F842EA:CN=Organization Management\0ADEL:c1b94668-b67b-4231-8e5a-b11ecf5b7838,CN=Deleted Objects,DC=zorg,DC=local on the otherWellKnownObjects attribute in the container object CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=zorg,DC=local points to an invalid DN or a deleted object.  Remove the entry, and then rerun the task.".
[06-22-2011 11:28:58.0546] [1] [ERROR] The well-known object entry B:32:C262A929D691B74A9E068728F8F842EA:CN=Organization Management\0ADEL:c1b94668-b67b-4231-8e5a-b11ecf5b7838,CN=Deleted Objects,DC=zorg,DC=local on the otherWellKnownObjects attribute in the container object CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=zorg,DC=local points to an invalid DN or a deleted object.  Remove the entry, and then rerun the task.
[06-22-2011 11:28:58.0546] [1] [ERROR-REFERENCE] Id=443949901 Component=

The strange thing is that it’s referring to a deleted object (since it’s in the deleted objects container). So what’s going on?

I used the ldp.exe tool to connect to the deleted objects container and inspect the Organization Management object but I couldn’t find any invalid data in it. So I was looking at the wrong place

But if you break down the error message then it’s actually very clear where you need to look:

The attribute otherWellKnownObjects of the object CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=zorg,DC=local (which is a multivalued object) has a value that refers to a deleted item (B:32:C262A929D691B74A9E068728F8F842EA:CN=Organization Management\0ADEL:c1b94668-b67b-4231-8e5a-b11ecf5b7838,CN=Deleted Objects,DC=zorg,DC=local).

So I opened ADSI Edit and navigated to the Microsoft Exchange container:

CN=Microsoft Exchange, CN=Configuration

Then I looked at the properties of CN=Microsoft Exchange we can see the otherWellKnownObjects attribute:

otherWellKnownObjects Value

But unfortunately ADSI Edit cannot view or modify  this attribute:

There is no editor registered to handle this attribute type

My next attempt was ADExplorer from SysInternals (version 1.42). Once again I navigated to the Microsoft Exchange container:

Sysinternals Active Directory Explorer

AD Explorer has no problems showing the values:

otherWellKnownObjects Properties

I thought I was almost there: I right clicked the wellKnownObjects Attribute then Modify and after selecting the Deleted value I clicked Remove followed by OK:

Modify Attribute

And this made AD Explorer hang itsself:

AD Explorer Hangs

Followed by Crash:

AD Explorer Crashes

So I had to solve it myself with the help of a PowerShell script.

First I read the the otherWellKnownObjects attribute with PowerShell (I wrote about that earlier).

This returns a Collection that I walk backwards with a for loop, this is important when removing items in a collection during a loop (don’t shoot yourself in the foot).

For each item in the Collection I get the distinguishedName from the DNString property and if it contains “0ADEL” then I assume the object it refers to has been deleted so I remove this item from the Collection.

Finally I check if we have deleted at least one item and if so I call SetInfo() to commit the changes to Active Directory.

If you want to test the script, be sure to comment the SetInfo() call to prevent the actual deletion in your Active Directory!

# Get Microsoft Exchange Container
$objDE = New-Object System.DirectoryServices.DirectoryEntry
$ExchangeDN = [string]::Concat("LDAP://CN=Microsoft Exchange,CN=Services,CN=Configuration,", $objDE.distinguishedName)
$objCN = New-Object System.DirectoryServices.DirectoryEntry($ExchangeDN)

$gp = [Reflection.Bindingflags]::GetProperty

# get otherWellKnownObjects Collection
$objCol = $objCN.otherWellKnownObjects
$delCount = 0

# Walk though the Collection backwards (always do that when deleting items)
for ($i=$objCol.Count-1; $i -ge 0; $i--)
{
    $objWKO = $objCol[$i]
    $objType = $objWKO.GetType()
	# Get the distinguishedName
	$DNString = $objType.InvokeMember("DNString", $gp, $null, $objWKO, $null)

    $BV = $objType.InvokeMember("BinaryValue", $gp, $null, $objWKO, $null)
    $Guid = [GUID][System.BitConverter]::ToString($BV).Replace("-", "")

    Write-Host "DNString: $DNString"
    Write-Host "Guid: $Guid"

	# Check if the item was deleted
	if ($DNString.Contains("0ADEL"))
    {
        Write-Host "This is a Deleted Item" -foregroundcolor Red
        # Remove the item (WARNING: No Confirmation asked)
		$objCol.RemoveAt($i)
        Write-Host "Object Removed" -foregroundcolor Red
        $DelCount++
    }
}

# Did we delete something?
if ($DelCount -gt 0)
{
    Write-Host "Commiting Changes" -foregroundcolor Blue
    # Commit changes, remove this line if you just want to test
	# If you don't commit you will not delete anything
	$objCN.SetInfo()
}
You might also like
Troubleshooting Google SSO Login Issue in SharePoint and Teams via Azure Federation
Scriptable Citrix Password Encoder
PowerShell RegEx Fun
Get smallest Exchange Database in PowerShell
Windows 10: after sleep or hibernation no Wifi connection possible and AP list is empty
No Calendar delegation but still receiving invites