Exchange 2007 Mailbox Manage Full Access Permission

I have several account with three or more Orphaned SIDs in the Manage Full Access Permissions.  How can I remove them without going into each account individually?
BellevueAdminAsked:
Who is Participating?
 
Manpreet SIngh KhatraConnect With a Mentor Solutions Architect, Project LeadCommented:
I dont think there is a way to do it from Shell as well as in Shell you cant say anything like remove Orphaned SID :( ....... until you try with some script (Not sure though for this as if incorrect it might remove some genuine users as well)

- Rancy
0
 
BellevueAdminAuthor Commented:
That is what I was afraid of.  How about using ASDI Edit?
0
 
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
Using ADSIEDIT would again require you to make corrections to each account at a same time ..... not sure if you have something in mind :(

Check the below and see if you can think of something on these lines :) ....... but even if you want to try .... first try with few users in a Query (Hope you get as i dont want to mess up something just trying to find a quick fix)
Removing unknown user (inherited) by SID from mailboxes using management shell
http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_23630488.html

- Rancy
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
BellevueAdminAuthor Commented:
I was able to remove one of the SIDs by going through ADSI Configuration\Services\Microsoft Exchange\First Organization.
I still have two more I have not been able to remove yet
0
 
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
Humm ..... you just need to drill down one step at a time ... next is AG and the Servers container and then Servers itself and on and on :)

- Rancy
0
 
Jamie McKillopIT ManagerCommented:
Hello,

You can do this with the following powershell script:

get-mailbox | Get-MailboxPermission | % {
	If ($_.user -like "S-1-5*") {
		remove-mailboxpermission -Identity $_.identity -User $_.user -AccessRights FullAccess -InheritanceType All
	}
}

Open in new window


JJ
0
 
S_K_SConnect With a Mentor Commented:
In adsiedit you need to drill down step by step as below:

Configuration partition==>Services==>Microsoft Exchange==>YourOrgName==>Exchange Administrative Group==>Servers==>YourServername

Goto Properties of the concerned servername and move to Security Tab and remove the Orphaned SIDs from there...kindly note that do not start deleting immediately after going to Security tab. After opening the Security Tab allow some time to resolve the accounts and then go ahead with the deletions.

In case of confusion do let us know.
0
 
BellevueAdminAuthor Commented:
Within ADSI I had to go to Configuration partition==>Services==>Microsoft Exchange==>YourOrgName==>Exchange Administrative Group==>Servers==>YourServername==>information store and then to each mailstore.  I had the SID so identing it was easy.  Thanks for the help Closing posting.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.