09-08-2011 05:56 AM
Hi all,
I have a requirement to try and find email archives which no longer have a corresponding AD account, and which no users have access to.
Our situation is we have, I suspect, a large number of leavers who were not correctly processed by our leavers procedure. So their email archives are still sitting in EV, no-one has access to the data. All they have on them is 'Account Unknown (S-1-5...' So the SID for the account which as long since been deleted.
I am wondering if anyone knows a way to export email archives with their permissions? I can then use some get-qaduser in powershell to run through the list. I can then work out which email archives no longer have an AD account and more importantly no users have access to the data. Giving me the best possible case and justification for deletion.
The closest I have found so far on the forums is https://www-secure.symantec.com/connect/forums/query-enterprise-vault-archive-permissions , but it looks as though this does not work anymore, I just get MAPI errors when the script tries to connect into the mailbox.
Any help much appreciated.
Jeremy.
Solved! Go to Solution.
11-25-2011 05:07 AM
09-08-2011 11:38 AM
Hi Jeremy,
Did you see this one?
That should at least get you the list of 'orphaned archives'.
Possibly with that list you can do some funky SQL stuff to get the permissions?
09-08-2011 11:37 PM
Hi GertjanA,
Thanks very much for pointing me in that direction!
The SQL query from JesusWept2: Do you or JW2 happen to know if this is looking for archives which specifically do not have any valid users on the permissions list? So no users have access to them? I have checked a couple and it looks like it, but I have 1146 archives produced from the query so chances are a lot of them won't be accessible by anyone.
Thanks for supporting EV Dashboard in your signature as well ;)
Thanks again!
Jeremy.
09-09-2011 12:07 AM
Hi Jeremy,
Your welcome. As far as I could determine, this looks for archives that have an incorrect billing account. As far as I can determine, it does not look for users on the permission-list. It might be possible to use the outcome of this query to run a query on the archives mentioned (I am assuming the permissions to the archives are also stored somewhere in SQL) to check the accounts that have permission on these.\
I am not a SQL-guru, sorry.
Perhaps JW can assist.
09-09-2011 12:31 AM
Hi,
Thanks. I know what you mean, normally I can look at some SQL and work with it, but this one is too complex for me.
JW: If you are around could you let me know your thoughts?
Thanks.
Jeremy.
11-24-2011 07:31 AM
If you open the ArchiveView view under the Directory database you can get the Users Name and rootid. From the rootid you get the owningTrusteeID in the root table and then from there you can search the ACE table for related sids of that OwningTrusteeID
For Example:
Joe Bloggs is rootid 42670 and VaultEntryID1F0630D6614FAF94AB7913426F8B66D871110000evsite
Root Table in EV Dir:
11-25-2011 05:07 AM