Helping Those Who Help Themselves
Mysterious Exchange migration stopped; issuing a complex password challenge to users that they might actually like.
- By Bill Boswell
- June 15, 2004
Bill: We currently have Exchange 5.5 running on NT 4.0
and are preparing to upgrade to Exchange 2003 on a new server running
Windows Server 2003. I have run all of the prep steps up to forest prep
with no problems. However, Im trying to run Forestprep and it says:
Microsoft Exchange Forest Preparation cannot be assigned the action
"forestPrep" because: -Either you do not have permission to
update the Active Directory schema or Active Directory service is currently
I have checked and double checked my permissions (schema admin, domain
admin, local machine admin, etc...). I have tried running it on the PDC
and on the new server with the same results. I looked it up on Microsoft
TechNet and it said to check the remote registry service, which I verified
The Exchange setup log says "Exchange organization container not
Help from Bill
Got a Windows or Exchange question or need troubleshooting
help? Or maybe you want a better explanation than provided
in the manuals? Describe your dilemma in an e-mail
to Bill at mailto:firstname.lastname@example.org;
the best questions get answered in this column.
When you send your questions, please include your
full first and last name, location, certifications (if
any) with your message. (If you prefer to remain anonymous,
specify this in your message but submit the requested
information for verification purposes.)
Readers: Before I could start working with Daniel to isolate
the cause of this problem, he was able to find the cause himself. I print
his answer here:
"I went to your Web site and found out what the problem was. We
had a DC that was offline and had been tombstoned. Once I removed all
instances of that server from AD and DNS the forest prep ran without
a hitch. I later went back and checked the DCDiag log and it was showing
the replication error. I must have missed it on first review of the
While I'm quoting smart people who save me the trouble of finding unique
solutions, here's an interesting spin from reader Glen J. on the "long
password/strong password" conundrum I discussed in "Enforcing
Stronger Passwords." I've paraphrased Glen's reply for brevity:
"From past history, Ive found the easiest way to enforce
password complexity is through education. Teach users an easy way to
create and remember complex passwords, and they will not only create
good passwords, they will enjoy the challenge. I have my users create
a sentence that has meaning to them, then use the first (or last) letter
of each word, substituting special characters or numbers when applicable
to get a good, strong, complex password. Ih3c@htLm is a prime example.
It is an abbreviation for "I have 3 cats @ home that Love me."
Here's another example. MW&IgtPR2ay stands for "My Wife &
I go to Puerto Rico 2 a year."
Thanks, Glen and Daniel, and thanks to all of you who send suggestions and solutions to me every week. I read them all and reply as often as I can. Keep 'em coming.
Contributing Editor Bill Boswell, MCSE, is the principal of Bill Boswell Consulting, Inc. He's the author of Inside Windows Server 2003 and Learning Exchange Server 2003 both from Addison Wesley. Bill is also Redmond magazine's "Windows Insider" columnist and a speaker at MCP Magazine's TechMentor Conferences.