?
Solved

Exchange 2007 Mailbox Manage Full Access Permission

Posted on 2012-09-12
8
Medium Priority
?
1,254 Views
Last Modified: 2012-09-12
I have several account with three or more Orphaned SIDs in the Manage Full Access Permissions.  How can I remove them without going into each account individually?
0
Comment
Question by:BellevueAdmin
8 Comments
 
LVL 52

Accepted Solution

by:
Manpreet SIngh Khatra earned 1000 total points
ID: 38392230
I dont think there is a way to do it from Shell as well as in Shell you cant say anything like remove Orphaned SID :( ....... until you try with some script (Not sure though for this as if incorrect it might remove some genuine users as well)

- Rancy
0
 

Author Comment

by:BellevueAdmin
ID: 38392281
That is what I was afraid of.  How about using ASDI Edit?
0
 
LVL 52

Expert Comment

by:Manpreet SIngh Khatra
ID: 38392309
Using ADSIEDIT would again require you to make corrections to each account at a same time ..... not sure if you have something in mind :(

Check the below and see if you can think of something on these lines :) ....... but even if you want to try .... first try with few users in a Query (Hope you get as i dont want to mess up something just trying to find a quick fix)
Removing unknown user (inherited) by SID from mailboxes using management shell
http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_23630488.html

- Rancy
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 

Author Comment

by:BellevueAdmin
ID: 38392447
I was able to remove one of the SIDs by going through ADSI Configuration\Services\Microsoft Exchange\First Organization.
I still have two more I have not been able to remove yet
0
 
LVL 52

Expert Comment

by:Manpreet SIngh Khatra
ID: 38392475
Humm ..... you just need to drill down one step at a time ... next is AG and the Servers container and then Servers itself and on and on :)

- Rancy
0
 
LVL 37

Expert Comment

by:Jamie McKillop
ID: 38392587
Hello,

You can do this with the following powershell script:

get-mailbox | Get-MailboxPermission | % {
	If ($_.user -like "S-1-5*") {
		remove-mailboxpermission -Identity $_.identity -User $_.user -AccessRights FullAccess -InheritanceType All
	}
}

Open in new window


JJ
0
 
LVL 8

Assisted Solution

by:S_K_S
S_K_S earned 1000 total points
ID: 38392593
In adsiedit you need to drill down step by step as below:

Configuration partition==>Services==>Microsoft Exchange==>YourOrgName==>Exchange Administrative Group==>Servers==>YourServername

Goto Properties of the concerned servername and move to Security Tab and remove the Orphaned SIDs from there...kindly note that do not start deleting immediately after going to Security tab. After opening the Security Tab allow some time to resolve the accounts and then go ahead with the deletions.

In case of confusion do let us know.
0
 

Author Comment

by:BellevueAdmin
ID: 38392706
Within ADSI I had to go to Configuration partition==>Services==>Microsoft Exchange==>YourOrgName==>Exchange Administrative Group==>Servers==>YourServername==>information store and then to each mailstore.  I had the SID so identing it was easy.  Thanks for the help Closing posting.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this post, I will showcase the steps for how to create groups in Office 365. Office 365 groups allow for ease of flexibility and collaboration between staff members.
There can be many situations demanding the conversion of Outlook OST files to PST format and as such, there is no shortage of automated tools to perform this conversion. However, what makes Stellar OST to PST converter stand above the rest? Let us e…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question