Re: Cannot remove ACE on object



On Thu, 30 Oct 2008 06:25:25 -0400, Andy David {MVP}
<adavid@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote:

On Wed, 29 Oct 2008 22:32:55 -0700, "Fraser Shortt" <fshortt@xxxxxxx>
wrote:

Hi James,

Thanks for the quick response.

Yes, I am seeing the deleted user's SID when I click on the existing user's
mailbox then click on manage full access permissions on the right.

Any ideas how to remove this?

Via ADUC

I think thats a bug. I seem to recall this issue.



Thanks in advance,
Fraser


"Jamestechman" <jamestechman@xxxxxxxxx> wrote in message
news:7b9e4ebe-90e2-4e95-b36e-dbd00943b94b@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Are you actually seeing this user SID in the user's mailbox in EMC?
Highlight the mailbox; manage full access permission on right pane? If
not; sounds like you're running into:

Accepting or denying a meeting request causes a "5.1.1" non-delivery
report in Exchange Server
http://support.microsoft.com/kb/312433



James Chong (MVP)
MCITP | EMA; MCSE | M+, S+,
Security+, Project+, ITIL
msexchangetips.blogspot.com

On Oct 29, 11:22 am, "Fraser Shortt" <fsho...@xxxxxxx> wrote:
Hi everyone,

I'm trying to remove Full Access rights for a deleted AD user from an
existing user's mailbox... Exchange 2007 SP1. When I try to do so, I
receive the following error message:

---------------------------------------------------------------
Summary: 1 item(s). 0 succeeded, 1 failed.
Elapsed time: 00:00:00

SID-BLAH-BLAH-BLAH-BLAH
Failed

Error:
Cannot remove ACE on object
"CN=XXX,OU=XXX,OU=XXX,OU=XXX,DC=XXX,DC=XXX,DC=XXX" for account
"SID-BLAH-BLAH-BLAH-BLAH" because it is not present.

Exchange Management Shell command attempted:
Remove-MailboxPermission -Identity
'CN=XXX,OU=XXX,OU=XXX,OU=XXX,DC=XXX,DC=XXX,DC=XXX' -User
'SID-BLAH-BLAH-BLAH-BLAH' -InheritanceType 'All' -AccessRights
'FullAccess'

Elapsed Time: 00:00:00
---------------------------------------------------------------

It's really causing headaches for users sending emails to or creating
appointments for the existing user. They continually receive bounce back
messages... an example of this:

---------------------------------------------------------------
Your message did not reach some or all of the intended recipients.

Subject: XXX
Sent: XXX

The following recipient(s) cannot be reached:

IMCEAEX-_O=XXX+2E+20XXX_OU=XXX_cn=Recipients_cn=...@xxxxxxx on
10/28/2008 7:46 AM
The e-mail account does not exist at the organization this
message was sent to. Check the e-mail address, or contact the recipient
directly to find out the correct address.
<XXX.XXX.XXX.com #5.1.1 smtp;550 5.1.1
RESOLVER.ADR.ExRecipNotFound; not found>
---------------------------------------------------------------

Any ideas how I can remove the old user?

Thanks in advance,
Fraser

.