This seems like a problem - what to do about it?
538 views
Skip to first unread message
Kurt Buff, GSEC/GCIH/PCIP
Mar 17, 2021, 4:32:31 PM3/17/21
to ntexc...@googlegroups.com
During an account audit, I found that the following account has no password:
get-aduser '$P74000-BLHRH3FIUHA6'
DistinguishedName : CN=Exchange Online-ApplicationAccount,CN=Users,DC=example,DC=lan
Enabled : False
GivenName :
Name : Exchange Online-ApplicationAccount
ObjectClass : user
ObjectGUID : 8afa8e43-16c2-4970-aea1-4b8397a6c214
SamAccountName : $P74000-BLHRH3FIUHA6
SID : S-1-5-21-207515869-1525690680-377547397-4345
Surname :
get-aduser '$P74000-BLHRH3FIUHA6'
DistinguishedName : CN=Exchange Online-ApplicationAccount,CN=Users,DC=example,DC=lan
Enabled : False
GivenName :
Name : Exchange Online-ApplicationAccount
ObjectClass : user
ObjectGUID : 8afa8e43-16c2-4970-aea1-4b8397a6c214
SamAccountName : $P74000-BLHRH3FIUHA6
SID : S-1-5-21-207515869-1525690680-377547397-4345
Surname :
UserPrincipalName : Exchange_Online-A...@example.com
We haven't had any on-prem Exchange for a few years now - certainly since before I came here about 1.5 years ago.
What do I do with this account, and the others that I found (see below) that also don't have passwords? I've done some searching, but so far what I've come up with all relates to a hybrid Exchange environment, and that's no longer what we have.
Thanks,
Kurt
Name : FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042
SamAccountName : SM_1a9f14ff2b2e43f6a
Name : SystemMailbox{bb558c35-97f1-4cb9-8ff7-d53741dc928c}
SamAccountName : SM_1c588ee6df544300a
Name : DiscoverySearchMailbox {D919BA05-46A6-415f-80AD-7E09334BB852}
SamAccountName : SM_3199e2dca6eb45768
Name : SystemMailbox{1f05a927-143c-4c7c-a10d-881d6a212420}
SamAccountName : SM_56a5158d82b44cbf8
Name : SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9}
SamAccountName : SM_dbe0ee6eda674a1ba
Name : Migration.8f3e7716-2011-43e4-96b1-aba62d229136
SamAccountName : SM_f5edf4177b944579b
SamAccountName : SM_1a9f14ff2b2e43f6a
Name : SystemMailbox{bb558c35-97f1-4cb9-8ff7-d53741dc928c}
SamAccountName : SM_1c588ee6df544300a
Name : DiscoverySearchMailbox {D919BA05-46A6-415f-80AD-7E09334BB852}
SamAccountName : SM_3199e2dca6eb45768
Name : SystemMailbox{1f05a927-143c-4c7c-a10d-881d6a212420}
SamAccountName : SM_56a5158d82b44cbf8
Name : SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9}
SamAccountName : SM_dbe0ee6eda674a1ba
Name : Migration.8f3e7716-2011-43e4-96b1-aba62d229136
SamAccountName : SM_f5edf4177b944579b
Michael B. Smith
Mar 18, 2021, 10:47:23 AM3/18/21
to ntexc...@googlegroups.com
I don’t know anything about the first one.
The others are called “arbitration accounts” and should’ve been removed when your Exchange servers were removed.
If you have no on-premises servers, they can be removed.
--
You received this message because you are subscribed to the Google Groups "ntexchange" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
ntexchange+...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ntexchange/CADy1Ce4NjgC%3DJVBHeNKuyu3kkrir7a3Pkp1ZVyT41HL%2BDSeCFw%40mail.gmail.com.
Kurt Buff, GSEC/GCIH/PCIP
Mar 18, 2021, 11:27:12 AM3/18/21
to ntexc...@googlegroups.com
Thanks.
I'll schedule a removal of the arbitration accounts, then disable the first account and monitor for problems for a while before deleting.
Kurt
To view this discussion on the web visit https://groups.google.com/d/msgid/ntexchange/97a19416f6fd4cb1b565a30a252097fd%40smithcons.com.
Reply all
Reply to author
Forward
0 new messages