I came across a weird error the other day while running Exchange Server 2013 CU6 setup with the /PrepareAD switch. The error (from the Exchange setup logs) was this:
[12/02/2014 01:14:16.0727]  [ERROR] Could not find the Exchange Mailbox Administrators Universal Security Group through its well-known GUID 29a962c2-91d6-4ab7-9e06-8728f8f842ea. Please make sure that Setup /prepareAD has been run.
I sat there scratching my head for a while because what (wtf?) is the Exchange Mailbox Administrators group and what does it have to do with Exchange 2013. Anyway, after a journey of discovery, here’s what I found out.
For some time, Exchange has used an attribute named otherWellKnownObjects on the Exchange container in the Configuration partition of AD to store information about the location of certain Exchange objects, including the default groups. One of these entries corresponds to the Organization Management group (as shown below).
The strange-looking string next to the DN for the Organization Management group (C262A929D691B74A9E068728F8F842EA) is a Hex representation of a GUID. To get to the string representation I found a handy function called Convert-OctetStringToGuid. The result was as follows:
The resulting GUID string (29a962c2-91d6-4ab7-9e06-8728f8f842ea) matches that shown in the original error. So, basically the setup error was saying that it couldn’t find the Organization Management group. The guff about the Exchange Mailbox Administrators group must be a legacy piece of code referencing an earlier version. Once I had the new information I had a look to see if the group actually existed (it did). I then concluded that maybe AD replication hadn’t finished by the time setup got to looking for the group. I then made the executive decision to run setup with the /PrepareAD switch again. Lo and behold it finished successfully.
I thought this write-up might help if you find yourself in the same boat.