cancel
Showing results for 
Search instead for 
Did you mean: 

Unable to remove permission from archive

Chris_Rourk
Level 2

I have a permission that I can't get rid of.

At one time I granted User B full access to User A mailbox in Exchange 2010. Months later, User B has had all access to User A mailbox removed.

Both mailboxes and user accounts in AD are fully active.

User B permission to User A archive never went away. I have tried zapping and re-syncing the archive with no success. The permission keeps reappearing.

How can I remove this permission?

Any ideas?

 

Thanks,

Chris

1 ACCEPTED SOLUTION

Accepted Solutions

TonySterling
Moderator
Moderator
Partner    VIP    Accredited Certified

Are you zapping the archive or the mailbox?

If you zap the archive and the permissions come back after the synch then there is still something set for them.

[ArchivePermissions]

If you can't sort it out you could set the manual deny on the archive for them.  That Deny will override the automatically set permissions.

View solution in original post

4 REPLIES 4

TonySterling
Moderator
Moderator
Partner    VIP    Accredited Certified

Are you zapping the archive or the mailbox?

If you zap the archive and the permissions come back after the synch then there is still something set for them.

[ArchivePermissions]

If you can't sort it out you could set the manual deny on the archive for them.  That Deny will override the automatically set permissions.

View solution in original post

JesusWept3
Level 6
Partner Accredited Certified

Would suggest doing a permissions zap like Tony was suggesting and then DTrace AgentClientBroker and then manually sync the archive with folder hierarchy and permissions checked

Because by the sounds of it, even if you zap the permissions, they will probably come back, which would suggest that they have been given delegate permission from within Outlook OR you could have a noninherited owner set through exchange

https://www.linkedin.com/in/alex-allen-turl-07370146

Pradeep-Papnai
Level 6
Employee Accredited Certified

Ran following query on exchange powershell (user B had permssion on user A mailbox).

Get-MailboxPermission -Identity mailboxA@domain.local -user "mailboxB" |format-list

If this is returning the permission then you need to remove this permission.

Remove-MailboxPermission -Identity mailboxA@Domain.local -User "MailboxB" -AccessRights fullaccess -InheritanceType All

Then run EVPM script as mentioned in tech note http://www.symantec.com/docs/TECH44818 like example.

[Directory]
DirectoryComputerName=kvsvault
SiteName=archivesite

 

[ArchivePermissions]
ArchiveName=ArchiveName
Zap=True


Once it run successfully then refresh VAC and archives. Also check following EV-Mailbox policy,

Select appropriate mailbox policy \ Advanced \ Archiving General.
Inherited permission = OFF.
Synchronize foler permission = off.


If the permission are coming then zap it again with above script and start dtrace on 'agentclientbroker' process and synch the mailbox from the properties of archive.

Hope this helps.

Chris_Rourk
Level 2

Thank you all for your input.

I will try the suggestions and post back.

 

Thanks again,

Chris