Helping Those Who Help Themselves

Mysterious Exchange migration stopped; issuing a complex password challenge to users that they might actually like.

Bill: We currently have Exchange 5.5 running on NT 4.0 and are preparing to upgrade to Exchange 2003 on a new server running Windows Server 2003. I have run all of the prep steps up to forest prep with no problems. However, I’m trying to run Forestprep and it says:

Microsoft Exchange Forest Preparation cannot be assigned the action "forestPrep" because: -Either you do not have permission to update the Active Directory schema or Active Directory service is currently too busy.

I have checked and double checked my permissions (schema admin, domain admin, local machine admin, etc...). I have tried running it on the PDC and on the new server with the same results. I looked it up on Microsoft TechNet and it said to check the remote registry service, which I verified was started.

The Exchange setup log says "Exchange organization container not found."

Get Help from Bill

Got a Windows or Exchange question or need troubleshooting help? Or maybe you want a better explanation than provided in the manuals? Describe your dilemma in an e-mail to Bill at; the best questions get answered in this column.

When you send your questions, please include your full first and last name, location, certifications (if any) with your message. (If you prefer to remain anonymous, specify this in your message but submit the requested information for verification purposes.)

Readers: Before I could start working with Daniel to isolate the cause of this problem, he was able to find the cause himself. I print his answer here:

"I went to your Web site and found out what the problem was. We had a DC that was offline and had been tombstoned. Once I removed all instances of that server from AD and DNS the forest prep ran without a hitch. I later went back and checked the DCDiag log and it was showing the replication error. I must have missed it on first review of the log."

While I'm quoting smart people who save me the trouble of finding unique solutions, here's an interesting spin from reader Glen J. on the "long password/strong password" conundrum I discussed in "Enforcing Stronger Passwords." I've paraphrased Glen's reply for brevity:

"From past history, I’ve found the easiest way to enforce password complexity is through education. Teach users an easy way to create and remember complex passwords, and they will not only create good passwords, they will enjoy the challenge. I have my users create a sentence that has meaning to them, then use the first (or last) letter of each word, substituting special characters or numbers when applicable to get a good, strong, complex password. Ih3c@htLm is a prime example. It is an abbreviation for "I have 3 cats @ home that Love me."

Here's another example. MW&IgtPR2ay stands for "My Wife & I go to Puerto Rico 2 a year."

Thanks, Glen and Daniel, and thanks to all of you who send suggestions and solutions to me every week. I read them all and reply as often as I can. Keep 'em coming.

About the Author

Contributing Editor Bill Boswell, MCSE, is the principal of Bill Boswell Consulting, Inc. He's the author of Inside Windows Server 2003 and Learning Exchange Server 2003 both from Addison Wesley. Bill is also Redmond magazine's "Windows Insider" columnist and a speaker at MCP Magazine's TechMentor Conferences.

comments powered by Disqus

Reader Comments:

Sat, Mar 19, 2011 sxiqtu Zc96Iy ydrazkrsnnig, [url=]lswhpbbpsnpw[/url], [link=]zuwhoekgdhqo[/link],

Zc96Iy DOT , [url=]lswhpbbpsnpw[/url], [link=]zuwhoekgdhqo[/link],

Fri, Jul 2, 2004 Anonymous Anonymous

Your suggestion was most useful and creative. However, I would like to know how often these users forget their passwords and what kind of strategy you employ to avoid this user situation.

Fri, Jun 18, 2004 Anonymous Anonymous

That's a good solution IF you have people who can remember the rest of the package. I support a facility where at least half the employees can't remember their login ID, let alone the password. Adding to that, our upper-level IT people put restrictions on the passwords so that one can only use 8 alpha-only characters (nope-no numbers). It makes it very hard for some people not to use very simple words.

Personally, I encourage foreign languages and using the blind choice method with a dictionary (Open to random page, close eyes and point at a word. Whatever comes up, use it if it meets the rules. If not, use the nearest entry that will work.).

Wed, Jun 16, 2004 Aaron Minneapolis

Please!!! For the last time, stop confusing computer users with confusing conundrums on password challenges and complexity.

It is VERY simple. Use an entire short sentence: "I Hate Bad Passwords!" This satisfies the complexity of most systems in use commonly with upper case, lower case, and special characters. It has 21 characters even! If I remember correctly, LC4 or John the Ripper won't go this high in character count. I get guffaws every time I type in a sentence for a password from people trying to shoulder surf, but they never get it!

Wed, Jun 16, 2004 Anonymous Anonymous

yes as in life the simple things work best, i've used this theory for years and NEVER have had a password compromised EVER...

Wed, Jun 16, 2004 Craig Lindstrom, MN

Double thanks for passing along the password suggestions. (Dt4patps)

Tue, Jun 15, 2004 Anonymous Anonymous

A big thanks for passing along Glen J.'s suggestion for teaching users how to create complex passwords! This idea will really work!

Add Your Comment Now:

Your Name:(optional)
Your Email:(optional)
Your Location:(optional)
Please type the letters/numbers you see above

Redmond Tech Watch

Sign up for our newsletter.

I agree to this site's Privacy Policy.