Error messages when you run Exchange 2007 Setup together with the /prepareAD switch in an Exchange 2003 organization: "Active Directory operation failed" and "The object exists"

When you run the Microsoft Exchange Server 2007 Setup program together with the /prepareAD switch, you experience the following symptoms:

• When the Exchange Setup Wizard reaches the Prepare Organization phase of the Exchange 2007 installation, you receive the following error messages:
  Error
  Active Directory operation failed on DC.example.com. The object 'CN=All Contacts,CN=All Address Lists,CN=Address Lists Container,CN=OrganizationName,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=example,DC=com' already exists.
  
  Error
  The object exists.
• The following information is logged in the %SYSTEMDRIVE%\ExchangeSetupLogs\ExchangeSetup.log file:

  [<date and time>] [2] Launching sub-task '$error.Clear(); install-CannedAddressLists -DomainController $RoleDomainController'.
  [<date and time>] [2] Beginning processing.
  [<date and time>] [2] Administrator Active Directory session settings are:  View Entire Forest: 'True', Configuration Domain  Controller: 'DC.example.com', Preferred Global Catalog: 'domainController.example.com', Preferred Domain Controllers: '{ DC.example.com }'
  [<date and time>] [2] Processing object "All Address Lists".
  [<date and time>] [2] Searching objects of type "AddressBookBase" with filter "(|((LdapRecipientFilter Equal  (&(mailNickname=*)(objectCategory=person)(objectClass=contact)))(|((LdapRecipientFilter Equal (& (mailnickname=*) (|  (&(objectCategory=person)(objectClass=contact)) )))))))", scope "OneLevel" under the root "All Address Lists".
  [<date and time>] [2] Previous operation run on domain controller 'DC.example.com'.
  [<date and time>] [2] Saving object "\All Contacts" of type "AddressBookBase" and state "New".
  [<date and time>] [2] Previous operation run on domain controller 'DC.example.com'.
  [<date and time>] [2] [ERROR] Active Directory operation failed on DC.example.com. The object 'CN=All Contacts,CN=All Address  Lists,CN=Address Lists Container,CN=OrganizationName,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=example,DC=com' already exists.
  [<date and time>] [2] [ERROR] The object exists.
  [<date and time>] [2] Ending processing.
  [<date and time>] [1] The following 1 error(s) occurred during task execution:
  [<date and time>] [1] 0.  ErrorRecord: Active Directory operation failed on DC.domain.org. The object 'CN=All Contacts,CN=All  Address Lists,CN=Address Lists Container,CN=OrganizationName,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=example,DC=com' already exists.
  [<date and time>] [1] 0.  ErrorRecord: Microsoft.Exchange.Data.Directory.ADObjectAlreadyExistsException: Active Directory operation  failed on DC.example.com. The object 'CN=All Contacts,CN=All Address Lists,CN=Address Lists Container,CN=OrganizationName,CN=Microsoft  Exchange,CN=Services,CN=Configuration,DC=example,DC=com' already exists. --->  System.DirectoryServices.Protocols.DirectoryOperationException: The object exists.
     at System.DirectoryServices.Protocols.LdapConnection.ConstructResponse(Int32 messageId, LdapOperation operation, ResultAll  resultType, TimeSpan requestTimeOut, Boolean exceptionOnTimeOut)
     at System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout)
     at Microsoft.Exchange.Data.Directory.PooledLdapConnection.SendRequest(DirectoryRequest request, LdapOperation ldapOperation)
     at Microsoft.Exchange.Data.Directory.ADSession.ExecuteModificationRequest(ADRawEntry entry, DirectoryRequest request, ADObjectId  originalId)
     --- End of inner exception stack trace ---
  

You experience this problem when you try to prepare an existing Microsoft Exchange Server 2003 organization for the installation of Exchange 2007.

This problem occurs if one of the following conditions is true:

• The All Contacts address list in the Active Directory directory service does not use the default LDAP query.
• Incorrect spacing exists in the value for the purportedSearch attribute in Active Directory.

The Exchange 2007 Setup program determines whether the All Contacts address list container exists by searching for the default LDAP query for the container. To do this, the Exchange 2007 Setup program uses the value that is specified in the purportedSearch attribute.

If the Setup program cannot locate the All Contacts container by using the default LDAP query, or if the purportedSearch attribute has an incorrect value, the Setup program determines that the All Contacts container does not exist. Therefore, the Setup program tries to create the container. However, if the All Contacts container already exists, the Setup program experiences an "Already exists" error result when the Setup program tries to create the container.

The following LDAP queries are the default filters that are used for the appropriate address list containers in Active Directory:

All ContactsAll GroupsAll Users

To resolve this problem, follow these steps.

Step 1: Use Exchange System Manager to verify the All Contacts LDAP query

1. Start the Exchange System Manager program.
2. Under the Exchange organization, expand Recipients, expand All Address Lists, and then click All Contacts.
3. In the details pane, right-click an address list, and then click Properties.
4. Examine the LDAP query that appears in the Filter rules box to determine whether the LDAP query differs from the following LDAP query:
   (& (mailnickname=*) (| (&(objectCategory=person)(objectClass=contact)) ))
   For example, the LDAP query in the Filter rules list may resemble the following:
   (&(&(& (mailnickname=*) (| (&(objectCategory=person)(objectClass=contact)) ))))
5. If the LDAP query that is displayed differs from the default LDAP query, modify the LDAP query for the address list. To do this, follow these steps:
   1. In the Address List Name Properties dialog box, click Modify.
   2. In the Find list, click Custom Search, and then click the Advanced tab.
   3. In the Enter LDAP query box, paste the following LDAP query:
      (mailnickname=*) (| (&(objectCategory=person)(objectClass=contact)) )
      Note Notice that the entry that you paste does not have the opening bracket, the starting ampersand (&) character, or the closing bracket.
   4. Click OK.
   Note After you click OK, the new LDAP query appears in the Filter rules box. However, this new LDAP query is formatted incorrectly. When you examine it, you notice that a space is missing between the ampersand (&) character and (mailnickname=*). For example, the following LDAP query that appears in the Filter rules box:
   (&(mailnickname=*) (| (&(objectCategory=person)(objectClass=contact)) ))
   To modify this entry, you must use the Active Directory Services Interface (ADSI) Edit tool.
6. Click OK to save the changes to the address list.

Note You may also have to verify any All Groups address lists or any All Users address lists that may exist in the organization. To do this, use the information in the "Step 1: Use Exchange System Manager to verify the All Contacts LDAP query" section together with the default LDAP queries that appear in the "Cause" section.

Step 2: Use the ADSI Edit tool to modify the All Contacts LDAP query

Warning If you use the ADSI Edit snap-in, the LDP utility, or any other LDAP version 3 client, and you incorrectly modify the attributes of Active Directory objects, you can cause serious problems. These problems may require you to reinstall Microsoft Windows 2000 Server, Microsoft Windows Server 2003, Microsoft Exchange 2000 Server, Microsoft Exchange Server 2003, or both Windows and Exchange. Microsoft cannot guarantee that problems that occur if you incorrectly modify Active Directory object attributes can be solved. Modify these attributes at your own risk.

1. Start the ADSI Edit tool, and then connect to a domain controller if the ADSI Edit tool is not already connected to a domain controller. To start the ADSI Edit tool, click Start, click Run, type adsiedit.msc, and then click OK.
   
   Note The ADSI Edit tool is included with the Windows Support Tools. To install the Windows Support Tools, double-click Supptools.msi in the Support\Tools folder on the Microsoft Windows Server 2003 CD.
2. Expand Configuration [DomainController.example.com], expand CN=Configuration,DC=example,DC=com, and then expand CN=Services.
3. Expand CN=Microsoft Exchange, expand CN=OrganizationName, and then expand CN=Address Lists Container.
4. Expand CN=All Contacts, right-click CN=Address List Name, and then click Properties.
5. On the Attribute Editor tab, click purportedSearch, and then click Edit.
6. In the Value box, click to put the cursor after the first ampersand, and then press SPACEBAR. A space now appears between (& and (mailnickname=*).
7. Click OK, click Apply, and then click OK.
8. Allow for Active Directory replication to replicate the changes among the domain controllers in the domain. Or, you can force replication to occur in Active Directory. For more information about how to do this, visit the following Microsoft Web site:
   http://technet2.microsoft.com/windowsserver/en/library/2d89f34a-b6db-4b8d-ab9f-c081c53658d61033.mspx?mfr=true

Note You may also have to modify any All Groups address lists or any All Users address lists that may exist in the organization. To do this, use the information in the "Step 2: Use the ADSI Edit tool to modify the All Contacts LDAP query" section together with the purportedSearch attribute value for the appropriate address list container.