Helping Those Who Help Themselves

Mysterious Exchange migration stopped; issuing a complex password challenge to users that they might actually like.

Bill: We currently have Exchange 5.5 running on NT 4.0 and are preparing to upgrade to Exchange 2003 on a new server running Windows Server 2003. I have run all of the prep steps up to forest prep with no problems. However, I’m trying to run Forestprep and it says:

Microsoft Exchange Forest Preparation cannot be assigned the action "forestPrep" because: -Either you do not have permission to update the Active Directory schema or Active Directory service is currently too busy.

I have checked and double checked my permissions (schema admin, domain admin, local machine admin, etc...). I have tried running it on the PDC and on the new server with the same results. I looked it up on Microsoft TechNet and it said to check the remote registry service, which I verified was started.

The Exchange setup log says "Exchange organization container not found."
—Daniel

Get Help from Bill

Got a Windows or Exchange question or need troubleshooting help? Or maybe you want a better explanation than provided in the manuals? Describe your dilemma in an e-mail to Bill at mailto:[email protected]; the best questions get answered in this column.

When you send your questions, please include your full first and last name, location, certifications (if any) with your message. (If you prefer to remain anonymous, specify this in your message but submit the requested information for verification purposes.)

Readers: Before I could start working with Daniel to isolate the cause of this problem, he was able to find the cause himself. I print his answer here:

"I went to your Web site and found out what the problem was. We had a DC that was offline and had been tombstoned. Once I removed all instances of that server from AD and DNS the forest prep ran without a hitch. I later went back and checked the DCDiag log and it was showing the replication error. I must have missed it on first review of the log."

While I'm quoting smart people who save me the trouble of finding unique solutions, here's an interesting spin from reader Glen J. on the "long password/strong password" conundrum I discussed in "Enforcing Stronger Passwords." I've paraphrased Glen's reply for brevity:

"From past history, I’ve found the easiest way to enforce password complexity is through education. Teach users an easy way to create and remember complex passwords, and they will not only create good passwords, they will enjoy the challenge. I have my users create a sentence that has meaning to them, then use the first (or last) letter of each word, substituting special characters or numbers when applicable to get a good, strong, complex password. Ih3c@htLm is a prime example. It is an abbreviation for "I have 3 cats @ home that Love me."

Here's another example. MW&IgtPR2ay stands for "My Wife & I go to Puerto Rico 2 a year."

Thanks, Glen and Daniel, and thanks to all of you who send suggestions and solutions to me every week. I read them all and reply as often as I can. Keep 'em coming.

About the Author

Contributing Editor Bill Boswell, MCSE, is the principal of Bill Boswell Consulting, Inc. He's the author of Inside Windows Server 2003 and Learning Exchange Server 2003 both from Addison Wesley. Bill is also Redmond magazine's "Windows Insider" columnist and a speaker at MCP Magazine's TechMentor Conferences.

Featured