Skip to main content

How to remove Active Directory Connectors before installing Exchange 2007

"Microsoft® Exchange Server 2007 setup cannot continue because one or more Active Directory Connectors have been found..."

This is the error you get when Exchange 2007 setup tries to run /PrepareLegacyExchangePermissions command and founds out that you have one or more Active Directory Connectors (ADC) installed in your organization. You should remove all Active Directory Connectors from organization prior to installing Exchange 2007. I suggest that you first run Exchange Best Practices Analyzer with Exchange 2007 Prerequisites Check before you start with Exchange 2007 installation.

To remove Active Directory Connector components

  1. To disable the ADC service on the server that is running the ADC service, right-click My Computer on the desktop, and then click Manage
  2. Expand the Services and Applications node, and then click the Services node.
  3. In the right pane, right-click Microsoft Active Directory Connector and then click Properties.
  4. Change the Startup Type to Disabled. The next time that the computer starts, the ADC service will not start.
  5. Click Apply, and then click OK.
  6. To uninstall the ADC service, use the Active Directory Installation Wizard on the Microsoft Exchange 2000 Server or Microsoft Exchange Server 2003 CD. Open the \ADC\I386 folder and double-click the Setup.exe program. Follow the prompts to Remove All ADC service components.

Note:
You must complete step 6 and Remove All ADC components to resolve this issue. It is insufficient to disable the ADC service.

If you somehow removed the server with ADC installed from your organization without completing this steps than there is always possibility that the object still resides in Active Directory. To remove it manually follow the procedure which assumes your Exchange server was not Domain Controller:

Suggestion: Create backup of System State on at least two DC's before this procedure

  1. open Active Directory Sites And Services
  2. Check if there is an object of removed server under the Site where this server resided
  3. Delete this object with all sub-objects
  4. Replicate changes to all other DC's

Using ADSIEdit:

  1. Install Support Tools from Windows 2003 CD
  2. Open Microsoft Management Console (mmc)
  3. Add ADSIEdit snap-in
  4. Connect to Configuration Container
  5. Expand Configuration --> Services --> Microsoft Exchange --> Active Directory Connections
  6. Delete ADC under Active Directory Connections
  7. Replicate changes to all Domain Controllers

After you complete these steps, rerun the Exchange 2007 setup or setup.com /PrepareLegacyExchangePermissions command, depends on whatever you run first.

Comments

  1. I received this error, but have no connector under Services?
    How is this possible?

    ReplyDelete
  2. If you have many DCs in your environment, check all of them. Maybe one of them is holding the data while the replication does not work and therefore this DC is not updated.

    ReplyDelete
  3. I followed all instructions and everything went well until step 6. When you run the setup.exe you get an error telling you that the version of the installer is older than the one you last used. I presume that this is because the Exchange server is running with SP3? How do I get the ADC to uninstall?

    Thanks

    ReplyDelete
  4. You're a star man! Almost 2 yrs after your article, your tips helped manually remove ADC and SRS, and change Exchange mode to Native. Keep it up, thanks for your valuable tips!

    ReplyDelete
  5. Is it possible to remove the ADC connector software using the add/remove program??

    ReplyDelete
  6. As written above, you need to use Exchange installation disk or use the manual removal procedure.

    ReplyDelete
  7. I am finding more than one ADC in ADSIedit. Do I remove them all? i.e. Default ADC Policy.

    ReplyDelete
  8. @Eric - You must delete all the connectors there are, otherwise you will not be able to proceed.

    ReplyDelete
  9. Thanks a lot, Manual removal works like a charm :)

    ReplyDelete

Post a Comment

Popular posts from this blog

Netscaler vs Exchange 2019 "time out during ssl handshake stage

If you are using Citrix Netscaler as load balancer in front of Exchange 2019 server you must know this: Microsoft Exchange 2019 is secured by default and allows only TLS 1.2. Therefore default schannel settings are as follows (using IISCrypto tool from Nartac Software): While Citrix Netscaler offers following Cipher Suites: TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_DHE_DSS_WITH_AES_256_CBC_SHA TLS_DHE_DSS_WITH_AES_128_CBC_SHA TLS_RSA_WITH_DES_CBC_SHA TLS_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 TLS_DHE_DSS_WITH_DES_CBC_SHA TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA TLS_DHE_RSA_WITH_DES_CBC_SHA TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 TLS_DH_anon_WITH_DES_CBC_SHA TLS_DH_anon_WITH_AES_128_CBC_SHA TLS_DH_anon_WITH_AES_256_CBC_SHA TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA Now, you will fi

Reason: [{LED=250 2.1.5 RESOLVER.GRP.Expanded; distribution list expanded};{MSG=};{FQDN=};{IP=};{LRT=}]

 If you got this error checking the mail flow for a distribution group, it means the distribution group is closed and only internal senders can send e-mail to this group. When outside user sends e-mail to this group you get  Reason: [{LED=250 2.1.5 RESOLVER.GRP.Expanded; distribution list expanded};{MSG=};{FQDN=};{IP=};{LRT=}] Set Delivery for this group to internal and external users and your problem will be solved. 

Ports that need to be open on Firewall for Edge Transport servers

Ports that need to be open on firewall for Edge Server subscription with Hub Server to function properly: For Inbound traffic: SMTP - TCP port 25 (from Internet) SMTP - TCP port 25 (from Edge server to Hub server on internal network) For Outbound traffic: SMTP - TCP/UDP port 25 (from Edge to Internet) SMTP - TCP/UDP port 25 (from Hub to Edge server) LDAP for EdgeSync - TCP port 50389 (from Hub to Edge server) Secure LDAP for EdgeSync - TCP port 50636 (from Hub to Edge server) Since Edge server needs to communicate with Hub server it is important that it can resolve Hub transport servers by FQDN and Hub transport servers must be able to resolve Edge servers by its FQDNs. To accomplish this you need to either open 53 (DNS) port and configure internal network adapter to use internal DNS but as a security precaution I would suggest to enter DNS records for Edge servers on local DNS manually and to fill hosts file on Edge servers with FQDNs for Hub transport servers.