[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

Exchange 2013 mailbox delegation error message (NT Authority/self corrupt object)

Posted on 2016-10-26
4
Medium Priority
?
1,197 Views
1 Endorsement
Last Modified: 2016-11-09
Having some issues i cant wrap my head around.

See attached picture for error message.

Researching.
Adding users to mailbox delegation will not give them the actual access. Need to use add-mailboxfolderpermission and add-adpermission. It's not given this actually works. For now it works in 50% of the cases.

The 9b026da6-0d3c-465c-8bee-5199d7165cba is :

IdentityReference     : NT AUTHORITY\SELF
ActiveDirectoryRights : Self
InheritedObjectType   : bf967a86-0de6-11d0-a285-00aa003049e2
InheritanceFlags      : ContainerInherit
InheritanceType       : Descendents
ObjectFlags           : ObjectAceTypePresent, InheritedObjectAceTypePresent
ObjectType            : 9b026da6-0d3c-465c-8bee-5199d7165cba
PropagationFlags      : InheritOnly
AccessControlType     : Allow

It seems like this is the object that actually failes.

I also noted on the user in AD, there is propogated some objects that is deleted. This is not the SELF object but likely some level of user access.


So to my questions :

How can i repair/verify the NT Authority\SELF object ?
What is needed for an AD account to be given correct access to the mailbox (in Security objects) ?
Anyone have any tips and/or tricks ?
Mailbox-delegation1.png
1
Comment
Question by:Mr Woober
  • 2
  • 2
4 Comments
 
LVL 20

Accepted Solution

by:
Peter Hutchison earned 2000 total points
ID: 41860116
NT Authority\Self is not an account as such but allows the owner of the mailbox have full access to the mailbox. An alternative is just to add the domain\username account to the permissions which does the same thing, but this is has to be done manually.
You can view and verify permissions to mailboxes using Get-MailboxPermission -Id mailboxname to list all permissions or Get-MailboxPermission -Id mailboxname -User "nt authority\self" to confirm Self rights.
Also you can check user permissions on the mailbox database:
Get-MailboxDatabase DBName | Get-ADPermission -User "everyone" | fl Inher*,Extend*
0
 
LVL 1

Author Comment

by:Mr Woober
ID: 41860165
Thanks for the swift reply.

Not quite sure what to get out of the Get-MailboxDatabase DBName | Get-ADPermission -User "everyone" | fl Inher*,Extend* (sett picture attached)

Attached picture 3 with the mailboxpermissions. What i noticed that our admin user (marked/filled with red) is noted 2 places with what seems the same access level.
Mailbox-delegation2.png
Mailbox-delegation3.png
0
 
LVL 20

Expert Comment

by:Peter Hutchison
ID: 41860168
The permissions for Database look to be the same as ours.
0
 
LVL 1

Author Closing Comment

by:Mr Woober
ID: 41881711
The solution was to do an Windows Update then restart. Solved the issue with the delegation access
1

Featured Post

The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This blog will spread awareness about Dropbox. We have given the statements based upon our experience. Along with this, there is a section of some new plans that should be added in Dropbox this year. This will make the storage service enhanced from …
There's never been a better time to become a computer scientist. Employment growth in the field is expected to reach 22% overall by 2020, and if you want to get in on the action, it’s a good idea to think about at least minoring in computer science …
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

591 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question