Exchange Online-ApplicationAccount Already Exists | Exchange Server Upgrade Error

Exchange Online-ApplicationAccount Already Exists | Exchange Server Upgrade Error

Preface:

When you upgrade Exchange Server 2013 or 2016 Cumulative Update, you sometimes see an error the Exchange-Online Application Account already exists on the first step of the upgrade. This issue arises if you have configured Hybrid Configuration for Office 365 and failed or you have Hybrid Configuration in place. The error would be something as below.

Error:

The following error was generated when “$error.Clear();

            #

            # O15# 2844081 – Create PartnerApplication “Exchange Online” in DC and On-Premise

            #

            $exch = [Microsoft.Exchange.Data.Directory.SystemConfiguration.WellknownPartnerApplicationIdentifiers]::Exchange;

            $exchApp = Get-PartnerApplication $exch -ErrorAction SilentlyContinue -DomainController $RoleDomainController | Where { $_.UseAuthServer } | Where { $_.IssuerIdentifier -eq “”};

            if ($exchApp -eq $null)

            {

                $exchAppName = “Exchange Online”;

                $exchApp = New-PartnerApplication -Name $exchAppName -ApplicationIdentifier $exch -Enabled $RoleIsDatacenter -AcceptSecurityIdentifierInformation $false -DomainController $RoleDomainController;

            }

            # Create application account for Exchange

            $appAccountName = $exchApp.Name + “-ApplicationAccount”;

            $appAccount = Get-LinkedUser -Identity $appAccountName -ErrorAction SilentlyContinue -DomainController $RoleDomainController;

            if ($appAccount -eq $null)

            {

                $appAccountUpn = $appAccountName.Replace(” “, “_”) + “@” + $RoleFullyQualifiedDomainName;

                $appAccount = New-LinkedUser -Name $appAccountName -UserPrincipalName $appAccountUpn -DomainController $RoleDomainController;

                Set-PartnerApplication -Identity $exchApp.Identity -LinkedAccount $appAccount.Identity -DomainController $RoleDomainController;

            }

            foreach ($roleName in (“UserApplication”, “ArchiveApplication”, “LegalHoldApplication”, “Mailbox Search”, “TeamMailboxLifecycleApplication”, “MailboxSearchApplication”, “MeetingGraphApplication”))

            {

                $roleIdentity = Get-ManagementRole $roleName -DomainController $RoleDomainController;

                $roleAssignment = Get-ManagementRoleAssignment -Role $roleIdentity.Identity -RoleAssignee $appAccount.Identity -DomainController $RoleDomainController;

                if ($roleAssignment -eq $null)

                {

                    New-ManagementRoleAssignment -Role $roleName -User $appAccount.Identity -DomainController $RoleDomainController;

                }

            }

        ” was run: “Microsoft.Exchange.Data.Directory.ADObjectAlreadyExistsException: Active Directory operation failed on ExchServer.domain1.local. The object ‘CN=Exchange Online-ApplicationAccount,CN=Users,DC=domain1,DC=local’ already exists. —> System.DirectoryServices.Protocols.DirectoryOperationException: The object exists.

   at System.DirectoryServices.Protocols.LdapConnection.ConstructResponse(Int32 messageId, LdapOperation operation, ResultAll resultType, TimeSpan requestTimeOut, Boolean exceptionOnTimeOut)

   at System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout)

   at Microsoft.Exchange.Data.Directory.PooledLdapConnection.SendRequest(DirectoryRequest request, LdapOperation ldapOperation, Nullable`1 clientSideSearchTimeout, IActivityScope activityScope, String callerInfo)

   at Microsoft.Exchange.Data.Directory.ADDataSession.ExecuteModificationRequest(ADObject entry, DirectoryRequest request, ADObjectId originalId, Boolean emptyObjectSessionOnException, Boolean isSync)

   — End of inner exception stack trace —

   at Microsoft.Exchange.Data.Directory.ADDataSession.AnalyzeDirectoryError(PooledLdapConnection connection, DirectoryRequest request, DirectoryException de, Int32 totalRetries, Int32 retriesOnServer)

   at Microsoft.Exchange.Data.Directory.ADDataSession.ExecuteModificationRequest(ADObject entry, DirectoryRequest request, ADObjectId originalId, Boolean emptyObjectSessionOnException, Boolean isSync)

   at Microsoft.Exchange.Data.Directory.ADDataSession.ExecuteModificationRequest(ADObject entry, DirectoryRequest request, ADObjectId originalId, Boolean emptyObjectSessionOnException)

   at Microsoft.Exchange.Data.Directory.ADDataSession.Save(ADObject instanceToSave, IEnumerable`1 properties, Boolean bypassValidation)

   at Microsoft.Exchange.Configuration.Tasks.SetTaskBase`1.InternalProcessRecord()

   at Microsoft.Exchange.Configuration.Tasks.NewTaskBase`1.InternalProcessRecord()

   at Microsoft.Exchange.Configuration.Tasks.NewADTaskBase`1.InternalProcessRecord()

   at Microsoft.Exchange.Configuration.Tasks.Task.<ProcessRecord>b__b()

   at Microsoft.Exchange.Configuration.Tasks.Task.InvokeRetryableFunc(String funcName, Action func, Boolean terminatePipelineIfFailed)”.

Solution:

If you come across the error as above, open Active Directory Users and Computers and find the account “Exchange Online-ApplicationAccount” and delete this account and rerun the Cumulative Update Upgrade. The account will be recreated when the cumulative update or setup /PrepareAD invoked and office 365 connectivity and applications such as free/busy and so on will be working as before.

Leave a Reply

Your email address will not be published. Required fields are marked *


*