Exchange 2013 CU 23 error during installation…”Couldn’t resolve the user or group “domain.ESES/Microsoft Exchange Security Groups/Discovery Management.”

Today I had to install a new Exchange 2013 CU23 environment.

I have started the Exchange 2013 CU 23 but the installation fails on the Mailbox Server Role with the following error “Couldn’t resolve the user or group “domain.ESES/Microsoft Exchange Security Groups/Discovery Management.”

If the user or group is a foreign forest principal, you must have either a two-way trust or an outgoing trust. The trust relationship between the primary domain and the trusted domain failed. 

Strange behaviour, because the Active Directory is healthy and there are no errors in the Event Viewers. I’ve performed the following steps.


1.) Open the Active Directory Users and Computers snapin
2.) Navigate to the Users organizational unit
3.) Delete the DiscoverySearchMailbox account
4.) Rerun the Exchange 2010 setup. The setup will install Exchange 2010 fine now…
5.) Open the Exchange Management Shell (EMC)
6.) Run the command: /prepareAD The DiscoverySearchMailbox account will be created again.
7.) Mail-enable the new DiscoverySearchMailbox with the following command:
Enable-Mailbox -Discovery -Identity “DiscoverySearchMailbox {D919BA05-46A6-415f-80AD-7E09334BB852}”
8.) Force the Active Directory Replication
9.) Your Exchange 2013 CU 23 environment is ready for production now

Enis Göktay

Enis Göktay

Enis has more than 15 years of experience in Information Technologies. He holds a Bachelor of Science in Economy and Master of Science degree in Computer Engineering as well as several IT certifications, namely MCITP, MCSE and CISCO Certifications. He has experience from technical support to administering enterprise IT infrastructures including but not limited Active Directory, Messaging Infrastructures, and Networking. Currently, he lives in Istanbul and works as a Sr. Specialist on Microsoft Products, dealing with administration of full life cycle of large, complex, and high available Enterprise IT infrastructures. His certifications include:

:: MCSE Data Platform,
:: MCSE Private Cloud,
:: MCSE Messaging,
:: MCSE Communication,
:: MCSE Server Infrastructure,
:: MCITP Enterprise Messaging on Exchange 2010
:: Microsoft Specialist - Server Virtualization with Windows Server Hyper-V and System Center Specialist
:: MCITP Enterprise Administrator 2008
:: MCITP Windows Server 2008,
:: MCSA: SQL Server,
:: MCSA: Office 365 Certification
:: MCSA Windows Server 2008,
:: MCTS Microsoft Exchange Server 2010, Configuring
:: MCTS Windows Server® 2008 Network Infrastructure, Configuration
:: MCTS Windows Server® 2008 Active Directory, Configuration
:: MCTS Monitoring and Operating a Private Cloud with System Center 2012
:: MCP (Microsoft Certified Professional)
Enis Göktay

Leave a Reply

Your email address will not be published. Required fields are marked *

Post Navigation