How to remove user's shared mailbox when their account is unlicensed?

StriderHiryu used Ask the Experts™

I have a user who has a former employee's mailbox listed within their Outlook.  The former employee's mailbox is listed as "unlicensed" in Microsoft 365 admin center.  When the user clicks on the mailbox to try to access it, they receive the error "Cannot expand the folder.  The set of folders cannot be opened."  We want to remove this mailbox from the user's Outlook.  Unfortunately the user isn't in the office very often, so I have forgotten exactly which troubleshooting steps we've already tried.  Additionally, I don't have a lot of recent experience with Outlook troubleshooting and none at all with Exchange administration in Outlook 365.  I remember though that it wasn't an obvious fix (hence this post).  Any assistance would be appreciated.

Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Server engineer
To do this, follow these steps:

1. Connect to Exchange Online by using remote PowerShell. For more info about how to do this, see Connect to Exchange Online Using Remote PowerShell

2. Remove full access permissions for the user from the mailbox. This removes auto-mapping. To do this, at the command prompt, type the following command, and then press Enter:

Remove-MailboxPermission -Identity <Mailbox ID1> -User <Mailbox ID2> -AccessRights FullAccess

In this command, <Mailbox ID1> represents the mailbox to which the user is granted permissions, and <Mailbox ID2> is the mailbox of the user from whom you want to remove full access permissions.

For example, to remove full access permissions for an administrator from John Smith's mailbox, use the following command:

Remove-MailboxPermission -Identity -User -AccessRights FullAccess

After you run this command, you're prompted to confirm the action::

Are you sure you want to perform this action?
Removing mailbox permission "" for user "" with access rights 'FullAccess'".
[Y] Yes [A] Yes to All [N] No [L] No to All [?] Help (default is "Y"): y
StriderHiryuNetwork Administrator


Hello.  Thanks so much for the assist.  I had to wait a while before giving the command a try as my boss didn't want to delegate Exchange online management access via PowerShell.  We tried to run the command a few times with slightly different parameters and kept getting this error:

WARNING: Can't remove the access control entry on the object "CN=<User1 Last Name>\, <User1 First Name>,,OU=Microsoft Exchange Hosted
Organizations,DC=<DC Name>,DC=prod,DC=outlook,DC=com" for account "<DC Name>\<User2 Last Name>897210812089483" because the ACE doesn't exist on the object.

This error implied to me that the user's mailbox didn't have permission to the other mailbox anyway which we confirmed with a GetPermissions against the former employee's mailbox.  We re-added a license for the mailbox of the person who had left, gave permission to the current employee back to the former employee's mailbox, then ran the command again and it went through without a problem.  A few days later (today) I had the chance to confirm that the former employee's mailbox is no longer showing in the current user's Outlook.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial