Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Cannot remove ACE on object

429 views
Skip to first unread message

Fraser Shortt

unread,
Oct 29, 2008, 11:22:54 AM10/29/08
to
Hi everyone,

I'm trying to remove Full Access rights for a deleted AD user from an
existing user's mailbox... Exchange 2007 SP1. When I try to do so, I
receive the following error message:

---------------------------------------------------------------
Summary: 1 item(s). 0 succeeded, 1 failed.
Elapsed time: 00:00:00


SID-BLAH-BLAH-BLAH-BLAH
Failed

Error:
Cannot remove ACE on object
"CN=XXX,OU=XXX,OU=XXX,OU=XXX,DC=XXX,DC=XXX,DC=XXX" for account
"SID-BLAH-BLAH-BLAH-BLAH" because it is not present.

Exchange Management Shell command attempted:
Remove-MailboxPermission -Identity
'CN=XXX,OU=XXX,OU=XXX,OU=XXX,DC=XXX,DC=XXX,DC=XXX' -User
'SID-BLAH-BLAH-BLAH-BLAH' -InheritanceType 'All' -AccessRights 'FullAccess'

Elapsed Time: 00:00:00
---------------------------------------------------------------


It's really causing headaches for users sending emails to or creating
appointments for the existing user. They continually receive bounce back
messages... an example of this:


---------------------------------------------------------------
Your message did not reach some or all of the intended recipients.

Subject: XXX
Sent: XXX

The following recipient(s) cannot be reached:

IMCEAEX-_O=XXX+2E+20XXX_OU=XXX_cn=Recipients_cn=X...@XXX.com on
10/28/2008 7:46 AM
The e-mail account does not exist at the organization this
message was sent to. Check the e-mail address, or contact the recipient
directly to find out the correct address.
<XXX.XXX.XXX.com #5.1.1 smtp;550 5.1.1
RESOLVER.ADR.ExRecipNotFound; not found>
---------------------------------------------------------------

Any ideas how I can remove the old user?

Thanks in advance,
Fraser


Jamestechman

unread,
Oct 29, 2008, 12:04:37 PM10/29/08
to
Are you actually seeing this user SID in the user's mailbox in EMC?
Highlight the mailbox; manage full access permission on right pane? If
not; sounds like you're running into:

Accepting or denying a meeting request causes a "5.1.1" non-delivery
report in Exchange Server
http://support.microsoft.com/kb/312433

James Chong (MVP)
MCITP | EMA; MCSE | M+, S+,
Security+, Project+, ITIL
msexchangetips.blogspot.com

>       IMCEAEX-_O=XXX+2E+20XXX_OU=XXX_cn=Recipients_cn=...@XXX.com on

Fraser Shortt

unread,
Oct 30, 2008, 1:32:55 AM10/30/08
to
Hi James,

Thanks for the quick response.

Yes, I am seeing the deleted user's SID when I click on the existing user's
mailbox then click on manage full access permissions on the right.

Any ideas how to remove this?

Thanks in advance,
Fraser


"Jamestechman" <jamest...@gmail.com> wrote in message
news:7b9e4ebe-90e2-4e95...@t42g2000hsg.googlegroups.com...

Andy David {MVP}

unread,
Oct 30, 2008, 6:25:25 AM10/30/08
to
On Wed, 29 Oct 2008 22:32:55 -0700, "Fraser Shortt" <fsh...@msn.com>
wrote:

>Hi James,
>
>Thanks for the quick response.
>
>Yes, I am seeing the deleted user's SID when I click on the existing user's
>mailbox then click on manage full access permissions on the right.
>
>Any ideas how to remove this?

I think thats a bug. I seem to recall this issue.

Andy David {MVP}

unread,
Oct 30, 2008, 8:46:39 AM10/30/08
to
On Thu, 30 Oct 2008 06:25:25 -0400, Andy David {MVP}
<ada...@pleasekeepinngcheesebucket.com> wrote:

>On Wed, 29 Oct 2008 22:32:55 -0700, "Fraser Shortt" <fsh...@msn.com>
>wrote:
>
>>Hi James,
>>
>>Thanks for the quick response.
>>
>>Yes, I am seeing the deleted user's SID when I click on the existing user's
>>mailbox then click on manage full access permissions on the right.
>>
>>Any ideas how to remove this?

Via ADUC

Fraser Shortt

unread,
Oct 30, 2008, 10:00:33 AM10/30/08
to
Thanks for the response.

I might be able to restore the old user from a backup then delete the user
from the user's mailbox then delete the user again... but I don't want to
have to do this every time I run across this issue.

There must be a way to remove the entry.

Fraser

"Andy David {MVP}" <ada...@pleasekeepinngcheesebucket.com> wrote in message
news:0s2jg41d21dnjmaj0...@4ax.com...

Jamestechman

unread,
Oct 30, 2008, 11:21:46 AM10/30/08
to
One of the several reasons why I keep my last Exchange 2003 server
around. If you have Exchange 2003 tools still installed on a box try
removing the perms from ADUC.

James Chong (MVP)
MCITP | EMA; MCSE | M+, S+,
Security+, Project+, ITIL
msexchangetips.blogspot.com


On Oct 30, 8:46 am, Andy David {MVP}


<ada...@pleasekeepinngcheesebucket.com> wrote:
> On Thu, 30 Oct 2008 06:25:25 -0400, Andy David  {MVP}
>
> <ada...@pleasekeepinngcheesebucket.com> wrote:

> >On Wed, 29 Oct 2008 22:32:55 -0700, "Fraser Shortt" <fsho...@msn.com>


> >wrote:
>
> >>Hi James,
>
> >>Thanks for the quick response.
>
> >>Yes, I am seeing the deleted user's SID when I click on the existing user's
> >>mailbox then click on manage full access permissions on the right.
>
> >>Any ideas how to remove this?
>
> Via ADUC
>
>
>
>
>
> >I think thats a bug. I seem to recall this issue.
>
> >>Thanks in advance,
> >>Fraser
>

> >>"Jamestechman" <jamestech...@gmail.com> wrote in message

> >>> Fraser- Hide quoted text -
>
> - Show quoted text -

0 new messages