While preparing Active Directory for Exchange you may run into the following error.
F:\> Setup /PrepareAD /IAcceptExchangeServerLicenseTerms Microsoft Exchange Server 2016 Cumulative Update 6 Unattended Setup Copying files... File copy complete. Setup will now collect additional information needed for installation. Preforming Microsoft Exchange Server Prerequisite Check Prerequisite Analysis Setup will prepare the organization for Exchange Server 2016 by using 'Setup /PrepareAD'. Active Directory must be prepared with 'Setup /PrepareAD'. However, the current user account doesn't have the permissions required even though it's a member of the 'Enterprise Admins' group. Check whether this is a valid user account.
We ran into this recently at a client. This was an odd error because it indicated we had all the necessary group memberships to perform this task. We had also just used this account to successfully extend the schema moments before.
Fixing ‘User does not have permissions’
We quickly discovered that the Default Domain Controllers Policy (which is a group policy assigned to the domain controllers OU) had been removed. It was uncertain when this may have happened but the absence of this policy was not the issue itself. Moreover, it was a setting that comes predefined by that policy. The error we were receiving was due to the absence of the User Rights Assignment, Manage auditing and security logs. This right is granted to the Exchange Servers and Administrators built-in groups. [Read more…] about Error running /PrepareAD – User does not have permissions but is a member of Enterprise Admins