commeng
asked on
Can't Remove BESAdmin
I am trying to remove the BESadmin account from my network. The BES Server was removed 4 years ago but nobody bother to remove the user. Here is what I have done:
I removed BESAdmin from all Administrative groups
Then in the Exchange Power Shell I ran the following commands:
Remove-ManagementRoleAssig nment -Identity "BES Admin EWS"
get-mailbox -ResultSize Unlimited | where {$_.ThrottlingPolicy -eq "BESPolicy"} | Set-Mailbox -ThrottlingPolicy DefaultThrottlingPolicy_a8 52ec1b-2fc f-4502-b69 0-c309c1a5 47cd
Get-ThrottlingPolicy BESPolicy | Remove-ThrottlingPolicy
Remove-ADPermission -InheritedObjectType User -InheritanceType Descendents -ExtendedRights Send-As -User "BESAdmin" -Identity "DC=domain,DC=local" (replacing domain and local appropriately)
Remove-RoleGroupMember "View-Only Organization Management" -Member "BESAdmin"
Get-MailboxDatabase | Remove-ADPermission -User "BESAdmin" -AccessRights ExtendedRight -ExtendedRights Receive-As, ms-Exch-Store-Admin
Now I am trying to run:
Get-Mailbox -ResultSize Unlimited | Remove-MailboxPermission -AccessRights FullAccess, sendas -User "domain\besadmin"
But it keeps failing with "Warning: Can't remove the access control entry on the object for account "domain\besadmin" because the ACE doesn't exit on the object"
If I try to remove the Send As permission using the console, I get the following error:
Active Directory operation failed. This error is not retriable. Additional Information: Access is denied.
So what rights have I failed to removed? Thank you!
I removed BESAdmin from all Administrative groups
Then in the Exchange Power Shell I ran the following commands:
Remove-ManagementRoleAssig
get-mailbox -ResultSize Unlimited | where {$_.ThrottlingPolicy -eq "BESPolicy"} | Set-Mailbox -ThrottlingPolicy DefaultThrottlingPolicy_a8
Get-ThrottlingPolicy BESPolicy | Remove-ThrottlingPolicy
Remove-ADPermission -InheritedObjectType User -InheritanceType Descendents -ExtendedRights Send-As -User "BESAdmin" -Identity "DC=domain,DC=local" (replacing domain and local appropriately)
Remove-RoleGroupMember "View-Only Organization Management" -Member "BESAdmin"
Get-MailboxDatabase | Remove-ADPermission -User "BESAdmin" -AccessRights ExtendedRight -ExtendedRights Receive-As, ms-Exch-Store-Admin
Now I am trying to run:
Get-Mailbox -ResultSize Unlimited | Remove-MailboxPermission -AccessRights FullAccess, sendas -User "domain\besadmin"
But it keeps failing with "Warning: Can't remove the access control entry on the object for account "domain\besadmin" because the ACE doesn't exit on the object"
If I try to remove the Send As permission using the console, I get the following error:
Active Directory operation failed. This error is not retriable. Additional Information: Access is denied.
So what rights have I failed to removed? Thank you!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.