07-29-2013 08:05 PM
Getting below error while removing user from another user EV account
07-29-2013 10:46 PM
What version of EV is this?
Is the user you're trying to remove the vault service account?
Typically automatically set permissions come from:
- The Vault Service Account via it being set as the account on the properties of the directory
or
- Permissions being given in Exchange/Outlook, and the policy setting selected to enable inherited permissions
07-29-2013 11:36 PM
It looks like the Account SID cant be resolved with the user name. IT could be due to DC/GC communication issue or user might have deleted in AD. Auto set permissions cannot be removed from VAC >> Archive properties >> Permissions section. You can only modify or remove manually set permissions. You can try using EVPM here. I hope the account which you are trying to remove is not the VSA or owner user account.
This can be achieved by creating an EVPM script, specifying the particular details and running it against the affected archive(s).
[Directory]
DirectoryComputerName=kvsvault
SiteName=archivesite
[ArchivePermissions]
ArchiveName=Mary Jones
Zap=True
Notes:
a. Modify the script above to match the particular DirectoryComputerName, SiteName and ArchiveName.
b. Edit the file in Notepad and save in UNICODE format, with an .ini extension.
c. After zapping the archive, to show the change to the archive in the Vault Admin Console (VAC), you must right click the container (IE.. Exchange Mailbox) and refresh it.
d. To bring all Exchange inherited permissions the mailbox must be synchronized
Note: The [ArchivePermissions] section, introduced in Enterprise Vault 4.1, replaces the earlier [VaultPermissions] section. Existing scripts containing a [VaultPermissions] section will still work, but you are recommended to use [ArchivePermissions] in all new scripts.
Note: The "VaultName" or "ArchiveName" must be one of the following:
Run EVPM from \Program Files\Enterprise Vault as the Enterprise Vault Service Account. The syntax for EVPM follows:
EVPM [-?] [-e Exchange Server computer name ] [-m service mailbox] [-f Initialization file location and name]
Parameter |
Meaning |
-? |
Prints usage to screen |
-e |
The Exchange Server computer name |
-f |
The initialization file location and name |
-m |
The name of the Enterprise Vault service mailbox |
Note: If running EVPM without any parameters, it will prompt for each one.
07-30-2013 12:47 AM
Agreed with Adviser, this problem comes when EV unable to resolve SID from GC. Most probably the user a/c is deleted from AD.
You cannot remove automatically assigned permission from VAC and you need to zap the permission from creating EVPM script as directed by Adviser.
http://www.symantec.com/docs/TECH44818
Below is one more thread which was discussed on automatically assigned permission.
http://www.symantec.com/connect/forums/how-do-i-remove-automatically-set-permissions-enterprise-vault-exchange-archive
07-30-2013 12:50 AM
Hi ,
Use EnterpriseVaultdirectory
Update ArchiveView
Set AutoSecurityDesc = null where ArchiveName = 'ArchiveName'
Use EnterpriseVaultdirectory
Update ArchiveView
Set AutoSecurityDesc = null where ArchiveName = 'ArchiveName'
07-30-2013 12:52 AM
Hi,
You can also check and see on the archive permissions that are set are automatic set or not. If they are and those are the wrong permissions then do the following:
Check the registry HKEY_LOCAL_MACHINE\Software\wow6432node\KVS\Enterprise Vault\Agents and see if we have a registry key named 'IncludeInheritedRights ' in that location.
The possible values for IncludeInheritedRights are:
07-30-2013 11:57 PM
thanks all