A problem while validating the state of active directory

Before I read your post I spent an hour looking for possible DNS and network problems.

God knows how long I would have carried on looking for a nonexistant problem if it were not for you. I ran these scripts – BTW you can just save the script to the desktop and drag and drop it into the powershell window after you do the set-Execution Policy “Remote Signed” command and not worry about navigating to it or figuring out the path to put in.

You will notice that these are role dependant and not all fixes are required Exchange roles – however, you must install the relevant hotfix prior to beginning Exchange setup – otherwise it will fail.

Your installation will not fail if these are not installed – but you will receive a warning during setup.

The user’s Active Directory account must be logon-disabled for linked, shared, or resource mailbox.

a problem while validating the state of active directory-45a problem while validating the state of active directory-46

You can change this setting via the network settings – but often there is a vendor provided control panel where this can be configured – the important thing to remember – is try not to use Auto Negotiate!Now to install the Exchange 2010 prerequisites on Windows Server 2008 R2 you will require full local administration rights on the server – however, remember if you are then going onto install Exchange 2010 straight afterwards you will need other permissions in the context of Active Directory.The above statement might seem obvious – however there have been a couple of times recently, where I have not been paying attention to the user that I am logged onto the server with, and Exchange setup fails as it cannot find the Directory – when looking at the problem I have found that I was logged onto the server with the local admin account – doh!Depending on the configuration of you environment you may or may not wish to do this, but I have found that it is worth while.The following is a checklist that I use which have served me well over the years: If you plan to have more than one NIC in your Machine () – change the display name of the adapter to reflect its purpose – this makes it easier for you to identify the adapter during management tasks – below is an example of a naming convention that I have used in the past: If you plan to make use of multiple interfaces for either DAG or another purpose, you should configure the order in which they should be used to access the network – considering best practices you should always have the primary LAN interface first in the connection order – see below as an example: In Windows 2008 R2 (much like Windows 2008) you can access the connection binding order via: [ Start – Advanced Settings ] menu options to display the Connection Binding dialog box.If you want to use DAG (Database Availability Groups) in your configuration – remember that you will need to be running Windows 2008 R2 Enterprise Edition.You can, if you want upgrade to the Enterprise version after you have installed Exchange – however I recommend that if you plan to use DAG – install the correct version of Windows right from the “get go” as, I would personally be very nervous installing a version of Windows over the top of my nice new Exchange 2010 box.I’m starting a blog soon but have no coding experience so I wanted to get guidance from someone with experience. Issue Setup encountered a problem while validating the state of Active Directory: Active Directory operation failed on Machinename.If you are going to install Exchange 2010 the follow are the permissions that you will require: Typically and for convenience I try and use an account which is a member of all the groups above for both the server preparation, and the Exchange install – however some organisations do not allow for this due to security risk management () – so you will need to take this on a case by case basis – but it is important to note that if you are going to install Exchange they are the permissions that you will need.User Access Control is implemented in Windows Server 2008 R2, and it will typically kick into effect if you are using an admin account which is not the default from installation.

Leave a Reply

Your email address will not be published. Required fields are marked *

One thought on “a problem while validating the state of active directory”