You do not have permission to access this page or perform this action – Office 365 Admin Role

Recently I came across a scenario where I have allocated a user in my Office 365 tenant a “Global Admin” role.

But as soon as the role has been assigned to the user and when the user logged in, the below error was generated when he tried to access the “Admin” tile on Office 365.

Admin issue

When investigated, managed to find out that this was not an issue as this was caused by Office 365 still assigning the user privileges to the user in the backend.

To overcome the issue, give some time prior to log in to the portal and accessing the “Admin” tile and your admin page should load up without issues.

Advertisements

AAD Sync No-Start-Credentials

Recently, when I was trying to Sync my On-Premises directories to Office 365 Azure AD, I was getting an error in my “Synchronisation Service Manager” and none of the AD objects were been synced under one of my connectors named “Techiewithablog.com” as shown below in Fig 1.

syn service manager

Fig 1

It is obvious from the above screen that the credentials used by the connector is wrong or expired.

Therefore, I had to update the credentials of the specific connector “Techiewithablog.com”. To do that, go to the “Connectors” tab and right click on the connectors name, which in this case is “Techiewithablog.com” and select properties as shown below in Fig 2.

22

Fig 2

Once in the connectors properties, Select “Connect to Active Directory Forest” and give the updated password for the relevant account in the “Password” box and click “OK” as shown in Fig 3.

rr

Fig 3

Once done, go back to the “Operations” tab and right click the connector name which has failed to run the sync cycle and click “Run” as shown below in Fig 4.

333

Fig 4

If the credentials has been entered properly this time, your sync cycle should complete properly as shown below without  the error “No-Start-Credentials” as shown below.

444

Fig 5

The above issue could happen if the administrators use accounts random accounts for provisioning AAD Sync services.

Therefore, it is highly recommended to use dedicated service accounts when configuring your AAD Sync environment with their passwords set to never expire.

The Active Directory schema isn’t up-to-date error when trying to Install Exchange 2016

Recently, I came across an issue where I got the below error when trying to install an Exchange 2016 Cumulative Update 4  into and existing Exchange 2010 SP3 CU 10 environment.

Error:

The Active Directory schema isn’t up-to-date, and this user account isn’t a member of the ‘Schema Admins’ and/or ‘Enterprise Admins’ groups.

For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.SchemaUpdateRequired.aspx

Error:

Global updates need to be made to Active Directory, and this user account isn’t a member of the ‘Enterprise Admins’ group.

For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.GlobalUpdateRequired.aspx

Error:

The local domain needs to be updated. You must be a member of the ‘Domain Admins’ group and ‘Organization Management’ role group, or ‘Enterprise Admins’ group to continue.

For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.LocalDomainPrep.aspx

Error:

You must be a member of the ‘Organization Management’ role group or a member of the ‘Enterprise Admins’ group to continue.

For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.GlobalServerInstall.aspx

Error:

You must use an account that’s a member of the Organization Management role group to install or upgrade the first Mailbox server role in the topology.

For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.DelegatedBridgeheadFirstInstall.aspx

Error:

You must use an account that’s a member of the Organization Management role group to install the first Client Access server role in the topology.

For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.DelegatedCafeFirstInstall.aspx

Error:

You must use an account that’s a member of the Organization Management role group to install the first Client Access server role in the topology.

For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.DelegatedFrontendTransportFirstInstall.aspx

Error:

You must use an account that’s a member of the Organization Management role group to install or upgrade the first Mailbox server role in the topology.

For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.DelegatedMailboxFirstInstall.aspx

Error:

You must use an account that’s a member of the Organization Management role group to install or upgrade the first Client Access server role in the topology.

For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.DelegatedClientAccessFirstInstall.aspx

Error:

You must use an account that’s a member of the Organization Management role group to install the first Mailbox server role in the topology.

For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.DelegatedUnifiedMessagingFirstInstall.aspx

Error:

Setup encountered a problem while validating the state of Active Directory: Exchange organization-level objects have not been created, and setup cannot create them because the local computer is not in the same domain and site as the schema master. Run setup with the /prepareAD parameter on a computer in the domain xyz and site newyork, and wait for replication to complete. See the Exchange setup log for more information on this error.

For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.AdInitErrorRule.aspx

Error:

The forest functional level of the current Active Directory forest is not Windows Server 2003 native or later. To install Exchange Server 2016, the forest functional level must be at least Windows Server 2003 native.

For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.ForestLevelNotWin2003Native.aspx

Error:

Either Active Directory doesn’t exist, or it can’t be contacted.

For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.CannotAccessAD.aspx

Warning:

Setup will prepare the organization for Exchange Server 2016 by using ‘Setup /PrepareAD’. No Exchange Server 2013 roles have been detected in this topology. After this operation, you will not be able to install any Exchange Server 2013 roles.

For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.NoE15ServerWarning.aspx

Warning:

Setup will prepare the organization for Exchange Server 2016 by using ‘Setup /PrepareAD’. No Exchange Server 2010 roles have been detected in this topology. After this operation, you will not be able to install any Exchange Server 2010 roles.

For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.NoE14ServerWarning.aspx

I have verified that the account used to run the installer is a member of the “Enterprise Admins”, “Schema Admins” and the “Organizational Management” Groups and verified and checked the Active Directory replication is successful between the different Active Directory sites of the organization. Also, checked the forest and domain functional levels are all 2008 R2.

However, the error was still persistent. Upon investigating further, found out that the Schema update and the domain prep needed to be run from an Active Directory site which has the Domain Controller hosting the Schema Master FSMO role.

Extracted the Exchange 2016 CU4 installation files into a member computer which was in the Same AD Site as the Schema Master and ran the below commands to extend the Schema and prep the AD.

To extend the schema:

schema

To prepare the Domain:prep ad

The above commands ran successfully and did the necessary Schema updates and the Domain Prep in the environment.

After a while, re ran the exchange setup and it continued successfully without giving the above error.

I hope this article was helpful and will fix the same issue for someone by following the above method.

 

 

 

Exchange 2016 CU4 Installation Hanging on Language Setup in Windows Server 2016.

Recently, I was deploying an Exchange Server 2016 CU 4 in a Windows 2016 server into a Exchange 2010 hybrid environment.

However, I had to wait for ages for the language setup task to finish as shown below in Fig 1.

languages

Fig.1

Upon investigating, I found out that the Windows Server 2016 built in anti-virus which is Windows Defender is interfering with the installation of the language setup.

I removed the anti virus from the windows server by running the below command with elevated admin rights (Not recommended in a production environment. In a production environment make sure you reinstall the anti-virus after the Exchange Installation completes).

Dism /online /Disable-Feature /FeatureName:Windows-Defender /Remove /NoRestart /quiet

 

Upon doing that, I restarted the server and continued with the Exchange 2016 CU 4 setup.

If you do not want to remove the Windows Defender service, you can simply disable the real time protection by running the below command in an elevated PowerShell window.

SetMpPreference DisableRealtimeMonitoring $true

If you want to re-enable the Windows Defender after the installation use the below command in an elevated PowerShell window.

SetMpPreference DisableRealtimeMonitoring $false

This time, as we can see from the below Fig.2, the installation proceeded without taking ages for the language setup to finish and the rest of the installation continued as a breeze.

Capture44

Fig.2

Hope this will help you to resolve the issue if you encounter the above scenario when installing the Exchange 2016 server in a Windows Server 2016 or Windows Server 2012 environment.

Experts Live Australia – Melbourne

I was selected as a speaker for Experts Live Australia conference which was held during the 5th to 7th of April 2017 at Crown Promenade, Melbourne. Here, I am delivering my speech on “Office 365 Advanced Security Management”.