When attempting to execute setup with the /prepareAD switch prior to installation of the update itself I receive the following error.
Currently running Exchange 2016 CU10.
The following error was generated when "$error.Clear();
 #
 # O15# 2844081 - Create PartnerApplication "Exchange
Online" in DC and On-Premise
 #
 $exch =
[Microsoft.Exchange.Data.Directory.SystemConfiguration.WellknownPartnerApplicationIdentifiers]::Exchange;
 $exchApp =
Get-PartnerApplication $exch -ErrorAction SilentlyContinue -DomainController $RoleDomainController | Where {
$_.UseAuthServer } | Where { [string]::IsNullOrEmpty($_.IssuerIdentifier)};
 if ($exchApp -eq $null)
 {
 $exchAppName =
"Exchange Online";
 $exchApp = New-PartnerApplication -Name $exchAppName -ApplicationIdentifier $exch -Enabled
$RoleIsDatacenter -AcceptSecurityIdentifierInformation $false -DomainController $RoleDomainController;
 }
 # Create
application account for Exchange
 $appAccountName = $exchApp.Name + "-ApplicationAccount";
 $appAccount =
Get-LinkedUser -Identity $appAccountName -ErrorAction SilentlyContinue -DomainController $RoleDomainController;
 if
($appAccount -eq $null)
 {
 $appAccountUpn = $appAccountName.Replace(" ", "_") + "@" + $RoleFullyQualifiedDomainName;
$appAccount = New-LinkedUser -Name $appAccountName -UserPrincipalName $appAccountUpn -DomainController
$RoleDomainController;
 Set-PartnerApplication -Identity $exchApp.Identity -LinkedAccount $appAccount.Identity
-DomainController $RoleDomainController;
 }
 foreach ($roleName in ("UserApplication", "ArchiveApplication",
"LegalHoldApplication", "Mailbox Search", "TeamMailboxLifecycleApplication", "MailboxSearchApplication",
"MeetingGraphApplication"))
 {
 $roleIdentity = Get-ManagementRole $roleName -DomainController $RoleDomainController;
$roleAssignment = Get-ManagementRoleAssignment -Role $roleIdentity.Identity -RoleAssignee $appAccount.Identity
-DomainController $RoleDomainController;
 if ($roleAssignment -eq $null)
 {
 New-ManagementRoleAssignment -Role
$roleName -User $appAccount.Identity -DomainController $RoleDomainController;
 }
 }
 " was run:
"Microsoft.Exchange.Data.Directory.ADObjectAlreadyExistsException: Active Directory operation failed on
Domaincontroller123. The object 'CN=Exchange
Online-ApplicationAccount,CN=Users,DC=X,DC=X,DC=X,DC=X,DC=X' already exists. --->
System.DirectoryServices.Protocols.DirectoryOperationException: The object exists.
 at
System.DirectoryServices.Protocols.LdapConnection.ConstructResponse(Int32 messageId, LdapOperation operation, ResultAll
resultType, TimeSpan requestTimeOut, Boolean exceptionOnTimeOut)