MicrosoftMicrosoftMaybe someone else has a similar problem - or the following challenge:
Existing Exchange 2016 environment - 4 node DAG with ActiveDirectorySplit-Permission Model. V1 was installed here, with no issues. Now 2 x Exchange 2019 should be installed as a replacement. However, the setup fails with the following error:
[09.12.2023 14:11:46.0404] [2] Used domain controller DC.domain.com to read object CN=Reset Password,CN=Roles,CN=RBAC,CN=ExOrgVB,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain,DC=com.
[09.12.2023 14:11:46.0451] [2] [ERROR] Active Directory operation failed on DC.domain.com. The object 'CN=Reset Password,CN=Roles,CN=RBAC,CN=ExOrgVB,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain,DC=com' does not exist.
[09.12.2023 14:11:46.0451] [2] [ERROR] The object does not exist.
[09.12.2023 14:11:46.0654] [2] Ending processing Install-CannedRbacRoles
Why is there a relevance with the security update?
We have seen that this object was created on the day where the SU was installed. We tried - just to ensure on 2016 is everything fine - to switch back to the shared permission model from Exchange 2016 and are hitting now the same error while executing the /ActiveDirectorySplitPermission:False command
Maybe someone had similar issues in a ActiveDirectorySplitPermission environment?
EDIT: Issue found - maybe this will help others: On the DCs the AD Audit Solution from Cygna was installed. When we disabled the Cygna Windows Service on the Schema-Master everything went fine. Could happen with other solutions outside of Cygna of course.
