I've installed Exchange 2007 and am following the steps in the MS TechNet article on removing the last legacy Exchange server. I'm on the last step, trying to run the command:Remove-ADPermission "dc=<Domain>" -user "<RootDomain>\Exchange Servers" -AccessRights WriteDACL -InheritedObjectType GroupBut I get the following error:"Remove-ADPermission : "dc=<my domain name>" was not found. Please make sure youhave typed it correctly.At line:1 char:20+ Remove-ADPermission <<<< -user "my domain name\Exchange Servers" -AccessRights WriteDACL -InheritedObjectType Group" Does this mean that the command has already been run previously? Thanks.

Lucciano,I never ran the above cmdlet for removing my first exchange 2003 from exchange organization after successfull instalation of exchange 2007 server.The best thing to follow isHow to Remove the Last Legacy Exchange Server from an Organizationhttp://technet.microsoft.com/hi-in/library/bb288905(en-us).aspxArun Kumar | MCSE - 2K3 + Messaging | ITIL-F V3

hi,delete the routing groups on ESMwe dont need Recipient Update Servisi (RUS) anymore on exchange server 2007 and go to esm recipient update service and then go to properties and change the exchange server by browse find your new exchange server.and do public folder settings for new exchange server.and then goto add remove programs and selecet exchange server follow the wizard.please look at ;http://www.cozumpark.com/blogs/exchangeserver/archive/2008/03/19/exchange-server-2007-ye-ge-i-lemleri-b-l-m-3.aspxit is not in english but you can understand from the pictures which actions I did while uninstalling my exchange server 2003.regards,Exchange - MVP | www.cozumpark.com | www.mumincicek.com

Did you try giving full DN of domain partition like "DC=<DomainName>,DC=<Com>"? Remove-ADPermission "dc=<DomainName>,dc=<com>" -user "<RootDomain>\Exchange Servers" -AccessRights WriteDACL -InheritedObjectType GroupAmit Tank | MVP - Exchange | MCITP:EMA MCSA:M | http://ExchangeShare.WordPress.com

Yes, after specifying dc=com I got a little farther.Here is the command that I ran:Remove-adpermission "dc=xyz,dc=com" -user "xyz.com\ExchangeServers" -AccessRights WriteDACL -InheritedObjectType GroupBut then I got the following error:Remove-ADPermission : Cannot remove ACE on object "DC=xyz,DC=com" for account "xyz\Exchange Servers" because it is not present.At line:1 char:20+ Remove-ADPermission <<<<"dc=xyz,dc=com" -user "xyz.com\Exchange Servers" -AccessRights WriteDACL -InheritedObjectType GroupAfter this error, it was then suggested that I run this command instead: Remove-ADPermission "dc=xyz,dc=com" -user "xyz.com\Exchange Enterprise Servers" -AccessRights WriteDACL -InheritedObjectType GroupThe only difference I can see here is that instead of ... -user "xyz.com\Exchange Servers"..., it is now changed to ...-user "xyz.com\Exchange Enterprise Servers"I have not tried this yet. I'm probably missing something, but I can't seem to find a group called "Exchange Enterprise Servers". I do have one called "Exchange Servers".Would this work?

ah yes, and I have gone through this article, http://technet.microsoft.com/hi-in/library/bb288905(en-us).aspxThat's where I got this command. This command is the last step in the article.What is the point of this command anyway?

Hi, if we are having Exchange 2007 SP1, there is no need to run cmmdlt below: Remove-ADPermission "dc=<Domain>" -user "<RootDomain>\Exchange Servers" -AccessRights WriteDACL -InheritedObjectType Group Because the Write DACL inherit (group) right for the Exchange Servers group has not been added to the root of the domain when doing the /domainprep. Let me explain more. Before Exchange 2007 SP1, running PrepareDomain currently grants all Exchange servers the "Modify Permissions" right at the root of the domain. It is changed in Exchange 2007 SP1. If we have prepared Active Directory for Exchange 2007 with Exchange 2007 Service Pack 1 install media, the Write DACL inherit (group) right for the Exchange Servers group has not been added to the root of the domain. In this situation, we do not need to perform this command. Besides, we can check permission on XYZ from ADSIedit.msc 1. Click Start -> Run -> type adsiedit.msc 2. Expand Domain partition, find DC=XYZ,DC=com3. Right-click it, -> Properties -> Security tab -> Advanced. 4. Remove the object xyz\Exchange Servers with the related permission. Regards, Xiu

if we are having Exchange 2007 SP1, there is no need to run cmmdlt below: Remove-ADPermission "dc=<Domain>" -user "<RootDomain>\Exchange Servers" -AccessRights WriteDACL -InheritedObjectType Group [snipped] I'm having the same problem as Luciano: the result keeps on saying that "xyz\Exchange Enterprise Servers" (or "xyz\Exchange Servers") is not present. I'm doing a migration/transition from Exchange 2000 to Exchange 2007 SP1 . Does that mean I actually don't need to run this cmdlt?

Hi,I have reported this issue to PG to verify if we need to run this command. When I get feedback,I will update here. :)So far,I found silmilar casewhich said thatwe can ignore this step.Besides,we also can use ADSIedit to verify if we have WriteDAL rights on "Exchange Server" or "Exchange Enterprise Server".Regards,Xiu

Hi Xiu,looks like your reply is the correct answer however, our enviroment never have had Exchange installed, this is the first time that an Exchange Server is installed. So the domain was prepared with the Exchange server 2007 SP1 Media, when i went to adsiedit->domain->.....advanced i found several times domain\Exchange Server entry.do i have to delete all those entries?this is a little big enviroment with 20.000 users migrated from Lotus Notes. thats what i'm worried about your steps.ThanksCapecol MCSA - MCTS Exchange Server 2007

Hi,I'd like to know if you have installed Exchange Server in your network.Please do not modify the AD informaiton via ADSIedit if there's no issue occur.After you have installed Exchagne Server,please try to run ExBPA to have a health scan.Regards,Xiu

Xiu,Exchange is already installed on the network, after i run ExBPA this warning appears, thats the reason that im looking for this behavior.ThanksCapecol MCSA - MCTS Exchange Server 2007

Hi,Since there's no legacy Exchagne Server in your network, your issue could be the seperate from the original one.Please try to startup a new thread, we can forcus on your issue there.BTW,please post the detail warning there.Thanks Regards,Xiu

Does This means that we dont need to Worry about this If exchange 2010 Is running as well ?

assuning your domain is apollo.miami.com which its not try this remove-ADPermission "dc=apollo,dc=miami,dc=com" -user "apollo.miami.com\exchange enterprise servers" -AccessRights WriteDacl -InheritedObjectType Group obviously all you would have to do is change this made up domain for yours worked for me the coma's between the dc's were the things that stitched me up good luck

I had tried all possible and imaginable combinations, including yours, when I did my migration. But apparently the "problem" is that I was migrating to EX2007 SP1, and this command wasn't necessary. So, that's actually not a problem in the command, but a problem in Microsoft's article.

Sorry to resurect this but is it "Exchange Enterprise Servers" or "Exchange Servers" or both? "Exchange Servers" group is in the "Microsoft Exchange Securty Groups" OU. Both of these have write dalc right. I also have "Exchange Domain Servers" and "Exchange Services" global security groups. Can they typically be deleted? Thanks.