Unable to remove user account from Exchange Server 2010 Mailbox
People,
I'm trying to delete old account from the existing shared mailbox using Exchange Management Console (2010 SP3), but somehow I always end up with this error:
Can anyone please assist me with this issue ?
Thanks.
I'm trying to delete old account from the existing shared mailbox using Exchange Management Console (2010 SP3), but somehow I always end up with this error:
Summary: 1 item(s). 1 succeeded, 0 failed.
Elapsed time: 00:00:00
DOMAIN\admin1
Completed
Warning:
Can't remove the access control entry on the object "CN=Receptionist,OU=Users,DC=DOMAIN,DC=com" for account "DOMAIN\admin1" because the ACE doesn't exist on the object.
Exchange Management Shell command completed:
Remove-MailboxPermission -Identity 'CN=Receptionist,OU=Users,DC=DOMAIN,DC=com' -User 'DOMAIN\admin1' -InheritanceType 'Descendents' -AccessRights 'FullAccess'
Elapsed Time: 00:00:00Can anyone please assist me with this issue ?
Thanks.
Could you try to access the mailbox using the exchange management interface rather than using powershell cmdlets?
ASKER
Already did, hence I got the first error message.
Is domain\admin1 actually listed as having direct access versus having inherited access because of another group of which idomain\admin1 is a member?
ASKER
how to determine that ?
I'm not sure what you mean...
I'm not sure what you mean...
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi Ya Li,
this is another normal mailbox not a room:\calendar
this is another normal mailbox not a room:\calendar
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
OK, I'll try that on Monday when I'm in the office.
So after that I can remove the account permission ?
So after that I can remove the account permission ?
ASKER
Hi JoeNSW,
somehow the trick didn't work.
I've granted the Exchange Trusted Subsystem Full permission on the account but still it didn't work as expeected with the same error message.
somehow the trick didn't work.
I've granted the Exchange Trusted Subsystem Full permission on the account but still it didn't work as expeected with the same error message.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Yes from old exchange server 2007 to 2010.
But for the AD domain it remains one.
But for the AD domain it remains one.
After the source account is migrated with sIDHistory the account gets a new objectSID and a sIDHistory. The mailbox security descriptor for the target mailbox only contains the sIDHistory of the account but NOT the new objectSID. Remove-MailboxPermission only make a lookup for the objectSID of the account to be removed but it doesn't check if this account has a sIDHistory
to solve the problem please install Exchange 2007 Management tools and try to remove it from there
Good Luck
to solve the problem please install Exchange 2007 Management tools and try to remove it from there
Good Luck
ASKER
@mohammad: so installing the Exchange 2007 management console only in my spare laptop, is that safe in my current AD / production environment ?
yes its just the management console it will not effect on your current system
ASKER
somehow I still can not remove the user account from using the Exchange Server 2007 management console ?
ASKER
Thansk !
ASKER
Open in new window
but still no good, it ends up with the same issue.