Need to track down Outlook 2003 Delegate and remove


We had a user who left the company. She made herself a mailbox delegate in Outlook 2003 for several managers. When people were receiving NDR's with this person's name, we were able to connect her mailbox back to her account and remove her as a delegate from these managers. This happened several months ago and we considered the matter closed.

Today we just received word that someone sent out a meeting notice and got an NDR for this person again. The mailbox was deleted a while ago. I have three questions:

How do I track down where she may be listed as a delegate?
How do I get rid of her as a delegate if her mailbox is gone?
Finally, is there anyway to prevent something like this from happening in the future?

All clients are Outlook 2003, backend is Exchange 2003 SP2. Thanks!
Who is Participating?
NeiphinConnect With a Mentor Commented:
Find out who sent the meeting request and to whom. If it was one person then ok, if to several people you have some work to do. Start by sending a test meeting to each person individually. One of them will send back an NDR. Once you know which mail account sends the NDR you can look at the permissions of the calendar in that mail account. You may see a rogue permission set, if so remove it. Test again with a meeting.
If NDR is received,
Open ADSIEDIT.MSC and locate the mail box that sent the NDR. Check its properties and look at pubdeletages and modify of you are able. If you find the zombied entry make a note of it. Now for the fun part. You can run csvde script which will dump out any attribute from adsiedit that you wish. A good one would be pubdelegate and currentmailaccount to dump out to a text file. Search the text file for the zombied mail account. Reference it against currentmailaccount and your clean up is completed.

Sounds like they may have this person in a local contact group therefore attempting to send to the non-existent mailbox and receiving NDR
1.      Download the MFCMAPI tool to managers’s computer. (We can also do this in your if you can configure a profile for manager’s mailbox in your client)
2.      Extract it then start MFCMAPI by double clicking it.
3.      Click OK on the about screen & get to the main UI window.
4.      From the main UI window, go to the "Session" menu option and select "Logon and Display Store Table". Select the Manager’s profile then click OK.
5.      In the Mailbox window you'll see the Mailbox & Public Folders instances. Double click the Mailbox. This will open  the mailbox in a seperate window.
6.      Click the "+" next to the Root-Mailbox object. Here you will see the various objects within the Mailbox (like the  IPM_SUBTREE, CommonViews, Shortcuts, etc.
7.      Click the "+" next to "IPM_SUBTREE". You will now see the folders that are a part of the mailbox (like the Inbox,  Outbox, Sent Items, etc).
8.      Highlight the Inbox folder, right click and choose "Display Rules Table". This will open a new windows and will display the rules configured on this mailbox. The rules will be listed in the top half of this window.
9.      In the top window of the Rules table, scroll all the way to the right till you see a column titled “PR_RULE_PROVIDER::0X6681001E:PT_STRING8". This column lists the TYPE of rule configured. The name of the rule should be “Schedule+EMS Interface”.
click the Delegate Rule mentioned above ("Schedule+EMS Interface") and then chose Delete. This will delete the rule from the mailbox.
10. After that, for all the delegates of the Manager, we need to remove them then add them back again.

For all the above you need domain Admin priveledges.

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

>>Today we just received word that someone sent out a meeting notice and got an NDR for this person again...

What is the user roles now ? Have you REMOVED from Exchange "Member of" tab ?
lucado01Author Commented:
crawfordits- I checked the Message Tracking Center on Exchange and saw the list of recipients the message went to. The user was not on the list. I saw the NDR follow right after. Instead of having an email address it had the LDAP information of the user.

bsharath- I'd need to test the utility you're talking about since I've never used it. If it can be successfully run from another computer so long as we set up the managers mailbox, that would be great. This person is VIP and just getting access to the machine is difficult.

rhinoceros- The user is no longer with the company. The mailbox object has been removed but the account remains disabled. If we delete the account, will that take care of the problem? I wouldn't think so but then again I may have just asked the dumbest question ever posted on EE.

Neiphin- I agree with your logic in the first paragraph, however this individual has been gone for months and no one has claimed getting NDR's with her name on them until now. In the Message Tracking Center on Exchange all of the users that received the message are high profile and I'm positive someone would have reported this sooner. I've personally e-mailed most of the people who were on the list and haven't gotten an NDR. As for your second paragraph I'm afraid I'm unclear as to the last sentence.

Thanks to all for the information. I have to fix this ASAP so I appreciate all input.

If you have Administrator access and the proper permissions from the management then you can do this from your machine itself...
The second paragraph leads after the first in fault diagnostics.
In ADSIEDIT you will see all of the active current users in your org. If your tests revealed that Joe Smith sends the NDRs to the meeting (will not happen with normal email) lookup Joe Smith and view properties. Look in pubdeletages and see who has access. I usually find the rogue entry there.
The very last part mentions using a utility called "csvde" which will interrogate adsiedit for all rouge entries.
These two methods have always work for me. If one doesn't then the second will.
Let me know how you get on.

lucado01Author Commented:

We found the rouge entry using ASDIEDIT. If we delete the entry from pubdelegates, will we be able to remove the user from the Outlook delegate tab?

I've never used this utility before, any potential problems we could run into?

Also, why aren't the NDR's generated by normal emails?


Yes, go ahead and remove it from pubdelegates. That is what i do. It will have no negative issues.

The reason you will not receive an NDR from an email is because the rouge entry is only permissioned against the calendar not the inbox. Hence it will only show up when a meeting invite is sent.

lucado01Author Commented:

We removed the entry through ADSIEDIT a couple of days ago and things seem to be OK. This is not an easy thing for us to test so I wanted to give it a couple of more days before I closed this out. However, it appears this was the fix. THANKS! I'll give the points early next week.
That is good news.

Send a meeting request from your account and see if you get an NDR. If you don't get an NDR then it is fixed. It either works or it dosen't, simple as that.

Hi lucado01

Did any of the above answer with your question.

Please close or ask for further clafification if required. Please do not leave questions unresolved.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.