Link to home
Start Free TrialLog in
Avatar of techdeep
techdeep

asked on

Unable to remove calendar permission

User def.hij and klm.nop had permission on calendar folder of User abc. Now user def.hij is gone and the account is disabled. When i check the existing permission of calender folder of abc i see def.hij and klm.nop listed there and i am trying to remove that but getting below errors. i was able to remove klm.nop using the same command but cant remove def.hij

Using this to check the permission:


get-mailboxfolderPermission -Identity abc@xyz.net:\calendar

RunspaceId   : 7b90a9bb-33fe-4fca-9ef0-3298b530fd44
FolderName   : Calendar
User         : Default
AccessRights : {AvailabilityOnly}
Identity     : Default
IsValid      : True

RunspaceId   : 7b90a9bb-33fe-4fca-9ef0-3298b530fd44
FolderName   : Calendar
User         : NT User:xyz\def.hij
AccessRights : {Owner}
Identity     : NT User:xyz\def.hij
IsValid      : True


Using this to remove the permission:

Remove-MailboxFolderPermission -identity "abc@xyz.net:\calendar" -User def.hij


There is no existing permission entry found for user: def hij.
    + CategoryInfo          : NotSpecified: (0:Int32) [Remove-MailboxFolderPermission], UserNotFoundInPermissionEntryE
   xception
    + FullyQualifiedErrorId : B9E1C51A,Microsoft.Exchange.Management.StoreTasks.RemoveMailboxFolderPermission
    + PSComputerName        : servername.domain.net
Avatar of Satya Pathak
Satya Pathak
Flag of India image
try below command

remove-MailboxFolderPermission -Identity Owner:\Calendar -User TargetUser
Avatar of techdeep
techdeep

ASKER

That's this exactly what i am using but getting error.

Remove-MailboxFolderPermission -identity "abc@xyz.net:\calendar" -User def.hij
Avatar of VB ITS
VB ITS
Flag of Australia image
Re-enable the def.hij account and then try re-running the command.

You can't modify (add, edit or remove) the old user's permissions to another mailbox when their account is disabled. I tested and confirmed this very recently in another EE question.
Avatar of techdeep
techdeep

ASKER

You want me to enable account in AD only or you want to assign it a mailbox as-well before we try to remove it ?
Avatar of VB ITS
VB ITS
Flag of Australia image
Did you remove the mailbox from the account then disable the account in AD?

Try enabling the account in AD and then run the command. If that doesn't work you may have to re-link the disconnected mailbox to the def.hij account.
Avatar of techdeep
techdeep

ASKER

The mailbox was not disconnected and only AD account was disabled. I have enabled the account but still getting same error. Only one thing changed and that is when I run get-mailboxfolderPermission command I dont see "NT User" thing and now see the User's name.

Using this to check the permission:


get-mailboxfolderPermission -Identity abc@xyz.net:\calendar

RunspaceId   : 7b90a9bb-33fe-4fca-9ef0-3298b530fd44
FolderName   : Calendar
User         : Default
AccessRights : {AvailabilityOnly}
Identity     : Default
IsValid      : True

RunspaceId   : 7b90a9bb-33fe-4fca-9ef0-3298b530fd44
FolderName   : Calendar
User         : def hij
AccessRights : {Owner}
Identity     : def hij
IsValid      : True
ASKER CERTIFIED SOLUTION
Avatar of VB ITS
VB ITS
Flag of Australia image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of techdeep
techdeep

ASKER

yes... this issue was resolved. was able to remove the permission using same command after


Enabled the account ----> Forced AD replication ---> restarted exchange transport service