Solved
Remove old EV Service Account permissions
After a migration of Exchange and Enterprise I would like to remove the old Enterprise Vault service account from our new exchange server. Symantec documentation on adding the required permissions to Exchange is well documented but not for removal. Since the Exchange migration was actually a cut over it seems the new exchnage server has inherited the old service account so everytime we create a new mailbox on the new Exchange server it inherits the old Enterprise Vault account. When I try and remove the permission in powershell I get the following:
[PS] C:\Windows\system32>Remove-MailboxPermission -Identity simon.sweet -User svc.EV -AccessRights FullAccess
Confirm
Are you sure you want to perform this action?
Removing mailbox permission "simon.sweet" for user "svc.EV" with access rights "'FullAccess'".
[Y] Yes [A] Yes to All [N] No [L] No to All [?] Help (default is "Y"):
WARNING: An inherited access control entry has been specified: [Rights: CreateChild, ControlType: Allow] and was ignored on object "CN=Simon
Sweet,OU=Legal,OU=Users,OU=LDN,OU=EMEA,DC=CDCGlobeleq,DC=com".
I have tried removing the account from the top of the domain forest but this hasnt helped.
Can someone help me please? There might be a PS to do exactly this out there somewhere.
Thanks
- Hi Actually, the script responsible for adding permissions is also able to remove permissions. SetEVExchangePermissions.ps1 -User
[-Server ] [-Action {Add | Remove}] [-Level {All | Provisioning}] [-Verbose {$True | $False}] So for example: ./SetEVExchangePermissions.ps1 -User DOMAIN\svc.EV -Action Remove -Level All should remove it. Cheers Michel
