Solved

Exchange 2013 mailbox delegation error message (NT Authority/self corrupt object)

Posted on 2016-10-26
4
382 Views
Last Modified: 2016-11-09
Having some issues i cant wrap my head around.

See attached picture for error message.

Researching.
Adding users to mailbox delegation will not give them the actual access. Need to use add-mailboxfolderpermission and add-adpermission. It's not given this actually works. For now it works in 50% of the cases.

The 9b026da6-0d3c-465c-8bee-5199d7165cba is :

IdentityReference     : NT AUTHORITY\SELF
ActiveDirectoryRights : Self
InheritedObjectType   : bf967a86-0de6-11d0-a285-00aa003049e2
InheritanceFlags      : ContainerInherit
InheritanceType       : Descendents
ObjectFlags           : ObjectAceTypePresent, InheritedObjectAceTypePresent
ObjectType            : 9b026da6-0d3c-465c-8bee-5199d7165cba
PropagationFlags      : InheritOnly
AccessControlType     : Allow

It seems like this is the object that actually failes.

I also noted on the user in AD, there is propogated some objects that is deleted. This is not the SELF object but likely some level of user access.


So to my questions :

How can i repair/verify the NT Authority\SELF object ?
What is needed for an AD account to be given correct access to the mailbox (in Security objects) ?
Anyone have any tips and/or tricks ?
Mailbox-delegation1.png
0
Comment
Question by:Mr Woober
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 19

Accepted Solution

by:
Peter Hutchison earned 500 total points
ID: 41860116
NT Authority\Self is not an account as such but allows the owner of the mailbox have full access to the mailbox. An alternative is just to add the domain\username account to the permissions which does the same thing, but this is has to be done manually.
You can view and verify permissions to mailboxes using Get-MailboxPermission -Id mailboxname to list all permissions or Get-MailboxPermission -Id mailboxname -User "nt authority\self" to confirm Self rights.
Also you can check user permissions on the mailbox database:
Get-MailboxDatabase DBName | Get-ADPermission -User "everyone" | fl Inher*,Extend*
0
 
LVL 1

Author Comment

by:Mr Woober
ID: 41860165
Thanks for the swift reply.

Not quite sure what to get out of the Get-MailboxDatabase DBName | Get-ADPermission -User "everyone" | fl Inher*,Extend* (sett picture attached)

Attached picture 3 with the mailboxpermissions. What i noticed that our admin user (marked/filled with red) is noted 2 places with what seems the same access level.
Mailbox-delegation2.png
Mailbox-delegation3.png
0
 
LVL 19

Expert Comment

by:Peter Hutchison
ID: 41860168
The permissions for Database look to be the same as ours.
0
 
LVL 1

Author Closing Comment

by:Mr Woober
ID: 41881711
The solution was to do an Windows Update then restart. Solved the issue with the delegation access
1

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Many of you may be aware of the recent Google Docs scam emails that have been floating around coming from various people that you know. Here's a guide on identifying How To Identify the Scam Email You will see an email from someone you’ve had co…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question