• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 6310
  • Last Modified:

Can't remove Full permission of a user from another users mailbox in Exchange 2010

I have recently migrated from Exchange 2003 to Exchange 2010. When I run the EMS I enter 'Remove-MailboxPermission -Identity USER1 -User USER2 -AccessRights FullAccess -InheritanceType All'. I get the response 'WARNING: Can't remove the access control entry on the object "CN=LASTNAME\, FIRSTNAME,OU=Users,OU=CITY,OU=COMPANY,DC=XXXXXX,DC=local" for account "XXXXXX\USER2" because the ACE doesn't exist on the object'.

IN the EMC it doesn't show the full access permission, but in the EMS it does show th user; the user does actually have access.

How do I remove this user? Any help at all will be greatly appreciated.
0
mattconroy
Asked:
mattconroy
  • 3
1 Solution
 
mattconroyAuthor Commented:
Is there any other way.
0
 
mattconroyAuthor Commented:
I believe my problem is related to the SIDHISTORY value set on the user that I am trying to remove the mailbox permission from. Does anyone know how to remove the sidhistory. I have tried adsiedit and get an access denied. I am not willing to tun some VB script written in 2005 on a 2008 R2 Windows DC.
0
 
mattconroyAuthor Commented:
As I stated before, I do not feel comfortable running a VB Script created in 2005 on a Windows 2008 R2 AD with Exchange 2010SP1 in our Production environment.
0
 
chris johnsonme casaCommented:
SID History removal to remedy this problem as opposed to removing permissions by sid.

http://technet.microsoft.com/en-us/library/powershell_remove_sid_history(v=ws.10).aspx
1

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now