Solved

Unable to remove calendar permission

Posted on 2015-02-10
8
346 Views
Last Modified: 2015-02-19
User def.hij and klm.nop had permission on calendar folder of User abc. Now user def.hij is gone and the account is disabled. When i check the existing permission of calender folder of abc i see def.hij and klm.nop listed there and i am trying to remove that but getting below errors. i was able to remove klm.nop using the same command but cant remove def.hij

Using this to check the permission:


get-mailboxfolderPermission -Identity abc@xyz.net:\calendar

RunspaceId   : 7b90a9bb-33fe-4fca-9ef0-3298b530fd44
FolderName   : Calendar
User         : Default
AccessRights : {AvailabilityOnly}
Identity     : Default
IsValid      : True

RunspaceId   : 7b90a9bb-33fe-4fca-9ef0-3298b530fd44
FolderName   : Calendar
User         : NT User:xyz\def.hij
AccessRights : {Owner}
Identity     : NT User:xyz\def.hij
IsValid      : True


Using this to remove the permission:

Remove-MailboxFolderPermission -identity "abc@xyz.net:\calendar" -User def.hij


There is no existing permission entry found for user: def hij.
    + CategoryInfo          : NotSpecified: (0:Int32) [Remove-MailboxFolderPermission], UserNotFoundInPermissionEntryE
   xception
    + FullyQualifiedErrorId : B9E1C51A,Microsoft.Exchange.Management.StoreTasks.RemoveMailboxFolderPermission
    + PSComputerName        : servername.domain.net
0
Comment
Question by:techdeep
  • 4
  • 3
8 Comments
 
LVL 20

Expert Comment

by:SatyaPathak
ID: 40602543
try below command

remove-MailboxFolderPermission -Identity Owner:\Calendar -User TargetUser
0
 

Author Comment

by:techdeep
ID: 40602625
That's this exactly what i am using but getting error.

Remove-MailboxFolderPermission -identity "abc@xyz.net:\calendar" -User def.hij
0
 
LVL 24

Expert Comment

by:VB ITS
ID: 40602676
Re-enable the def.hij account and then try re-running the command.

You can't modify (add, edit or remove) the old user's permissions to another mailbox when their account is disabled. I tested and confirmed this very recently in another EE question.
0
 

Author Comment

by:techdeep
ID: 40602868
You want me to enable account in AD only or you want to assign it a mailbox as-well before we try to remove it ?
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 
LVL 24

Expert Comment

by:VB ITS
ID: 40602879
Did you remove the mailbox from the account then disable the account in AD?

Try enabling the account in AD and then run the command. If that doesn't work you may have to re-link the disconnected mailbox to the def.hij account.
0
 

Author Comment

by:techdeep
ID: 40603257
The mailbox was not disconnected and only AD account was disabled. I have enabled the account but still getting same error. Only one thing changed and that is when I run get-mailboxfolderPermission command I dont see "NT User" thing and now see the User's name.

Using this to check the permission:


get-mailboxfolderPermission -Identity abc@xyz.net:\calendar

RunspaceId   : 7b90a9bb-33fe-4fca-9ef0-3298b530fd44
FolderName   : Calendar
User         : Default
AccessRights : {AvailabilityOnly}
Identity     : Default
IsValid      : True

RunspaceId   : 7b90a9bb-33fe-4fca-9ef0-3298b530fd44
FolderName   : Calendar
User         : def hij
AccessRights : {Owner}
Identity     : def hij
IsValid      : True
0
 
LVL 24

Accepted Solution

by:
VB ITS earned 500 total points
ID: 40603269
Do you have multiple DCs in your environment? If so you may have to wait for replication to occur before trying again.

From my experience you do have to wait a bit after you re-enable a disabled account before you can make changes and vice versa.
0
 

Author Comment

by:techdeep
ID: 40618504
yes... this issue was resolved. was able to remove the permission using same command after


Enabled the account ----> Forced AD replication ---> restarted exchange transport service
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now