Issue with /PrepareSchema and LDAP

Hi @Zbigniew Nykiel

Thank you for posting your question in Microsoft Q&A. 

Please note that our forum is a public platform, and we will modify your question to hide your personal information in the description. Kindly ensure that you hide any personal or organizational information the next time you post an error or other details to protect personal data. 

As your description, looks like your Exchange server is unable to communicate with Active Directory (AD) during the /PrepareSchema operation. This issue prevents Exchange Setup from updating the AD schema as required. 

Could you try to follow these steps to trouble shoot it: 

1.Verify the Account Used for Setup

Ensure the account running Setup.exe /PrepareSchema must be a domain account and a member of both: Schema Admins and Enterprise Admins groups. 

On the Domain Controller (DC), open PowerShell as Administrator and run: 

Get-ADUser -Identity <yourusername> -Properties MemberOf | Select-Object -ExpandProperty MemberOf 

If missing, run this command to add the account:

Add-ADGroupMember -Identity "Schema Admins" -Members <yourusername> 

Add-ADGroupMember -Identity "Enterprise Admins" -Members <yourusername> 

Then log off and back in (or reboot) to apply changes. 

Rerun Setup: 

On the Exchange server, open Command Prompt as Administrator (not PowerShell): 

Setup.exe /PrepareSchema /IAcceptExchangeServerLicenseTerms_DiagnosticDataON /LogLocation:C:\Temp 

Review C:\Temp\ExchangeSetup.log for issues if setup fails. 

2.Verify AD Site and Connectivity

Check AD Site Membership: 

nltest /dsgetsite 

Ensure the site matches your DC’s site (check via AD Sites and Services). 

If different, verify replication:

repadmin /replsummary 

Verify DC connectivity: 

nltest /dsgetdc:%userdomain% 
ping <DC-name>.<yourdomain.com> 

Test-NetConnection -ComputerName <DC-name> -Port 389 

Firewall check: 

Ensure the following ports are open between Exchange and DC: 389 (LDAP), 636 (LDAPS), 88 (Kerberos), 445 (SMB) 

3.Verify Windows Server 2025 Prerequisites

Ensure required features are installed: 

Install-WindowsFeature Server-Media-Foundation, NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Clustering-CmdInterface, RSAT-Clustering-Mgmt, RSAT-Clustering-PowerShell, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Err-Pages, Web-Http-Logging, Web-Http-Redirect, Web-Http-Request-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Scripting-Tools, Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation 

Also install: 

• .NET Framework 4.8+ .
• Visual C++ Redistributables.

Reboot both Exchange and DC after installation. 

4.Validate AD Configuration Access

Test access to configuration naming context: 

Get-ADRootDSE -Server <DC-name> 

Locate and verify Schema Master:

netdom query fsmo 
ping <SchemaMasterName> 

To force replication: 

repadmin /syncall 

You can refer via: Active Directory doesn't exist or can't be contacted [CannotAccessAD] | Microsoft Learn 

Please understand that our initial reply may not always immediately resolve the issue. However, with your help and more detailed information, we can work together to find a solution. 

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".   

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread. 

Do not prep Exchange in a forest that has the schema master on a Windows 2025 DC!

https://techcommunity.microsoft.com/blog/exchange/active-directory-schema-extension-issue-if-you-use-a-windows-server-2025-schema-/4460459