Hello, I'm trying to follow the instructions found here http://technet.microsoft.com/en-us/library/bb232078.aspx to setup cross-forest administration of Exchange 2007. Exchange is installed in Forest B and the user groups have been created on Forest A.I'm at step 9: Log on to ForestB by using an account that is a member of the Enterprise Admins group in ForestB, and then run the following command from a Command Prompt window: Setup /prepareAD /ForeignForestFQDN:ForestA.contoso.com This command verifies that the Exchange universal security groups in ForestA are created and that permissions are assigned correctly. In ForestB, the command configures access control entries (ACEs) in ActiveDirectory on the Exchange configuration objects so that the newly created Exchange universal security groups in ForestA have rights to the Exchange configuration in ForestB. When you run Setup /PrepareAD without the ForeignForestFQDN parameter, the command creates the Exchange universal security groups in the local forest and sets permissions on these groups. Adding the ForeignForestFQDN parameter specifies that you want to give the Exchange universal security groups in a foreign forest permission to the Exchange configuration in the forest where you run the command.This part fails for me:C:\Program Files\Microsoft\Exchange Server\Bin>setup /prepareAD /ForeignForestFQDN:myforestA.comWelcome to Microsoft Exchange Server 2007 Unattended SetupPreparing Exchange SetupExchange Server setup encountered an error.There is no set-up log and nothing in event viewer.I've tried "setup /prepareAD" alone and it gives the same error.Can /prepareAD only be run before Exchange is installed? If this is true then cross-forest admin can only be set-up pre-install time.Thanks in advance,Matt

Did you install all prerequisites for Exchange? http://technet.microsoft.com/en-us/library/aa996719.aspx I once had an error because .NET 2.0 was not updated with latest patch Deli

Sorry if I didn't make it clear enough. Exchange is already installed in Forest B. I am running the /preparead AFTER Exchange was installed because I wanted to add cross-forest administration.Matt

This is what you need: How to Configure Cross-Forest Administration http://technet.microsoft.com/en-us/library/bb232078.aspx But you also need all exchange prerequisites where you run this command Deli

Yes that is what I am doing now.When I get to Step 9 of that procedure I get the error I mentioned in the first post.Matt

Do you mean step 7 or 9 Deli

Ah maybe this is your problem You are performing the Exchange 2007 SP1 steps and there your command is nr 9 If you look a little bit further in the article you will see Exchange 2007 RTM were the step is nr 7 You should look into that! Deli

Well it is Step 9 of the SP1 instructions. Regardless, they are the same command and it is failing for me. I have tried setting the permissions manually but this fails.When I run the command "setup /pepareAD /ForeignForestFQDN forestB.com" I get the error I mentioned above, no setup log, nothing in event viewer either.

Again I will return you the question if you are using a machine that has all prerequisites for Exchange? I had an error where the /prepareAD did not work unless I hada specific .NET 2.0 patch installed Deli

I appreciate your help, thank you.Exchange has already been installed successfully on this machine. I am now running "/prepareAD" AFTER the installation to add cross-forest administration. Therefore I must have met all the requirements because it installed successfully correct?Matt

So all prequisites met and no logs to check where the problems are? Do you have other machines where you can run the prepareAD? This might be a longshot... Deli

Yes, Exchange 2007 is currently installed on this machine so I've met all the requirements during the installation.No, there are no setup logs created, the logfile is not even created And no, no other machines to run prepareAD on.

Is there anyway I can manually do the tasks that "Setup /PrepareAD /ForeignForestFQDN" performs?Can someone confirm that this command can be run AFTER installation, or must it be done during installation?

Only the Exchange Team knows for sure. Maybe it is best to request support from Microsoft Support as this is probably not a common issue? Deli

I would but it is not within our budget to get support from Microsoft, and really and truly this is not a special case, it is something that normal users/companies would have to do often I would imagine.Anyways I'll try to uninstall Exchange 2007 and re-install with that parameter.

Upon further reading of the documentation:[/ForeignForestFQDN]Use the /ForeignForestFQDN parameter if you are in a cross-forest or resource forest scenario and want a user in one forest to administer Exchange2007 in another forest. For more information, see How to Configure Cross-Forest Administration.You must use the /PrepareAD parameter with the /ForeignForestFQDN parameter. You must run Setup.com with the /ForeignForestFQDN parameter from a computer in a forest with an Exchange2007 organization.So it seems this command cannot be run at install time and MUST be run after.We'll see what happens after a fresh install......

Fresh install and same error, I give up

Brand new server, same outcome, can anyone from Microsoft confirm this is a bug or give me any type of direction to go in?

Matt, This is the only reference that I could finf for the ForeignForestFQDN parameter. If you tried the changes manually, you might find where the automated process is failing. The full whitepaper I got this from is here: https://technet.microsoft.com/en-us/library/bb288906.aspx ForeignForestFQDN parameter Description Explanation The ForeignForestFQDN parameter directs Setup to create the three administrative Exchange universal security groups (USG) in the specified forest. Use this parameter as one of the steps to set up cross-forest Exchange administration between two or more Active Directory forests. This will allow accounts from one forest to administer an Exchange organization in another forest using their own account credentials. For more information about how to set up cross-forest administration, see How to Configure Cross-Forest Administration. This parameter must be used in conjunction with the /PrepareAD parameter and must be run from a server in the forest that contains the Exchange2007 organization. Type Required if setting up cross-forest administration. Usage /ForeignForestFQDN:<FQDNofForeignForest1>,<FQDNofForeignForest2>, and so on Values <FQDNofForeignForest>The fully qualified domain name of the forests that host the accounts that are going to get permissions to the Exchange organization. Default value: none Remarks There are many steps to do before and after running /ForeignForestFQDN. Be sure to read Exchange Help about setting up cross-forest Exchange administration prior to running this parameter. This parameter creates the Microsoft Exchange Security Groups organizational unit (OU) in the root domain of the specified forest and creates the Exchange Organization Administrators, Exchange Public Folder Administrators (in Exchange 2007 SP1 only), Exchange Recipient Administrators, and Exchange View-Only Administrators USGs in the new OU. Then it nests these USGs, gives the Exchange Organization Administrators group Full Control permission on each of the new groups and the new organizational unit, and configures access control entries (ACE) so that the new groups in the specified forest have rights to the Exchange configuration in the forest in which you run the command. Setup will not create the Exchange servers or the ExchangeLegacyInterop USGs in the specified forest. If the Microsoft Exchange Security Groups OU and the four Exchange administrative USGs already exist in the specified forest, Setup verifies that they exist and have the correct permissions set, and then configures ACEs so that these existing groups in the specified forest have rights to the Exchange configuration in the forest in which you run the command. Note that even with cross-forest administration set up, it is not supported to run Setup in install, uninstall, or RecoverServer mode using an Exchange administrator account from a foreign forest. Examples Setup.com /PrepareAD /ForeignForestFQDN:Contoso.corp.com Creates the Microsoft Exchange Security Groups OU and the three Exchange administration USGs in the root domain of the forest where Contoso.corp.com domain resides, and will configure ACEs so that the new groups in the Contoso.corp.com forest have rights to the Exchange configuration in the forest in which you run the command. Regards, Larry

I appreciate the help Larry but I had already found this. The link I posted above is most excellent as it explains exactly step by step what to do for cross-forest admin, but as I mentioned before it fails at the point mentioned above. I've tried again with a fresh install of Windows Server 2003 with the same results. I think it may be a "connection" problem. Unfortunately I haven't tried "/prepareAD" on a fresh install before creating the trust, so I can't rule out a trust issue either. Maybe the best thing that will come of this is that someone from MS notices and perhaps adds some better error messages or feedback as to why this error is occurring. It is strange as it occurs immediately, even before the Organization Checks are done and before a log file is even created. Oh well I will wait and see if this gets answered, in the meantime our mobile server management software will only handle inter-domain Exchange Administration adn if we ever get this solved we will add-in cross-forest admin as well.

I know this is a really old post, but I just ran into the same issue and was able to solve it. The problem was that I was trying to run the Setup.comcommandfrom exchange management shell rather than the command prompt