I had problems migrating from MS Exchange 2010 to Exchange 2016 in our organization. Every try to prepare AD schema running
Setup.exe /prepareAD /IAcceptExchangeServerLicenseTerms
on Domain Controller running Windows 2012 R2 ended with failure:
Failed [Rule:GlobalUpdateRequired] [Message:Global updates need to be made to Active Directory, and this user account isn’t a member of the ‚Enterprise Admins‘ group.]
[REQUIRED] Global updates need to be made to Active Directory, and this user account isn’t a member of the ‚Enterprise Admins‘ group.
Here I propose solution that helped me.
User permissions
Just to be sure, I assume user that you are installing Exchange with has a proper permissions. According to Microsoft documentation following permissions are needed:
- Enterprise Admins,
- Exchange Organization,
- Domain Admins,
- Schema Admins – this permission is actually only needed for Organization preparation step we have problem with.
Solution
Even if we had proper permissions, setup always failed with error above. Solution was finally simple. You need to set Security Group Enterprise Admins as primary group for user like:
After proper primary group assigning it is necessary to log out and then log in to update your user profile. Then try to run installation or AD preparation process again.
It’s not needed to run AD preparation script on Schema master. You could use any other DC.