We did a migration from one forest to another, and have since severed the link. All of our mailboxes with the exception of 8 of them out of about 900 came accross correctly (they are showing as User Mailbox in the recipient type detail. If the ExternalAccount Access right is granted to any account it give them a Linked Mailbox status. To fix this you have to do two things removed the ExternalAccount perm and change the RecipientTypeDetails number. This is the problem I am encountering. Here is the get perm command [PS] C:\Windows\system32>Get-MailboxPermission -identity ctgservers | ft user,ac cessrights,IsInherited -wrap User AccessRights IsInherited ---- ------------ ----------- domain\ctgservers {FullAccess, ExternalAccou False nt, DeleteItem, ReadPermis sion} domain\EXC-Full Mailbox A {FullAccess} True ccess domain\saBESAdmin {FullAccess} True domain\EXC-Full Mailbox A {ReadPermission} True ccess domain\TEPCXM04$ {FullAccess, DeleteItem, R True eadPermission, ChangePermi ssion, ChangeOwner} domain\TEPCXM03$ {FullAccess, DeleteItem, R True eadPermission, ChangePermi ssion, ChangeOwner} domain\Exchange Servers {FullAccess} True domain\Domain Admins {FullAccess} True domain\Enterprise Admins {FullAccess} True domain\Exchange Organizat {FullAccess} True ion Administrators domain\amc0368 {FullAccess} True domain\Exchange Servers {FullAccess} True domain\Exchange Public Fo {ReadPermission} True lder Administrators NT AUTHORITY\NETWORK SERVI {ReadPermission} True CE domain\Exchange Servers {ReadPermission} True domain\Exchange View-Only {ReadPermission} True Administrators domain\Exchange Organizat {FullAccess, DeleteItem, R True ion Administrators eadPermission, ChangePermi ssion, ChangeOwner} domain\amc0368 {FullAccess, DeleteItem, R True eadPermission, ChangePermi ssion, ChangeOwner} domain\gavman {FullAccess, DeleteItem, R True eadPermission, ChangePermi ssion, ChangeOwner} domain\Enterprise Admins {FullAccess, DeleteItem, R True eadPermission, ChangePermi ssion, ChangeOwner} domain\Domain Admins {FullAccess, DeleteItem, R True eadPermission, ChangePermi ssion, ChangeOwner} as you can see CTGServers is the offending account with ExternalAccount permission. Here is the next command I issue and the error. [PS] C:\Windows\system32>Get-MailboxPermission -identity ctgservers | Remove-Mai lboxPermission -AccessRights ExternalAccount -Confirm:$False -User ctgservers Remove-MailboxPermission : Cannot remove ACE on object "CN=CTG Server Account,O U=Service,OU=Accounts,DC=domain,DC=com" for account "domain\ctgservers" becau se it is not present. At line:1 char:70 + Get-MailboxPermission -identity ctgservers | Remove-MailboxPermission <<<< - AccessRights ExternalAccount -Confirm:$False -User ctgservers + CategoryInfo : InvalidOperation: (0:Int32) [Remove-MailboxPermi ssion], InvalidOperationException + FullyQualifiedErrorId : 7749CDDB,Microsoft.Exchange.Management.Recipient Tasks.RemoveMailboxPermission Remove-MailboxPermission : Cannot remove ACE on object "CN=CTG Server Account,O U=Service,OU=Accounts,DC=domain,DC=com" for account "domain\ctgservers" becau se it is not present. At line:1 char:70 + Get-MailboxPermission -identity ctgservers | Remove-MailboxPermission <<<< - AccessRights ExternalAccount -Confirm:$False -User ctgservers + CategoryInfo : InvalidOperation: (0:Int32) [Remove-MailboxPermi ssion], InvalidOperationException + FullyQualifiedErrorId : 7749CDDB,Microsoft.Exchange.Management.Recipient Tasks.RemoveMailboxPermission Remove-MailboxPermission : Cannot remove ACE on object "CN=CTG Server Account,O U=Service,OU=Accounts,DC=domain,DC=com" for account "domain\ctgservers" becau se it is not present. At line:1 char:70 + Get-MailboxPermission -identity ctgservers | Remove-MailboxPermission <<<< - AccessRights ExternalAccount -Confirm:$False -User ctgservers + CategoryInfo : InvalidOperation: (0:Int32) [Remove-MailboxPermi ssion], InvalidOperationException + FullyQualifiedErrorId : 7749CDDB,Microsoft.Exchange.Management.Recipient Tasks.RemoveMailboxPermission Remove-MailboxPermission : Cannot remove ACE on object "CN=CTG Server Account,O U=Service,OU=Accounts,DC=domain,DC=com" for account "domain\ctgservers" becau se it is not present. At line:1 char:70 + Get-MailboxPermission -identity ctgservers | Remove-MailboxPermission <<<< - AccessRights ExternalAccount -Confirm:$False -User ctgservers + CategoryInfo : InvalidOperation: (0:Int32) [Remove-MailboxPermi ssion], InvalidOperationException + FullyQualifiedErrorId : 7749CDDB,Microsoft.Exchange.Management.Recipient Tasks.RemoveMailboxPermission Remove-MailboxPermission : Cannot remove ACE on object "CN=CTG Server Account,O U=Service,OU=Accounts,DC=domain,DC=com" for account "domain\ctgservers" becau se it is not present. At line:1 char:70 + Get-MailboxPermission -identity ctgservers | Remove-MailboxPermission <<<< - AccessRights ExternalAccount -Confirm:$False -User ctgservers + CategoryInfo : InvalidOperation: (0:Int32) [Remove-MailboxPermi ssion], InvalidOperationException + FullyQualifiedErrorId : 7749CDDB,Microsoft.Exchange.Management.Recipient Tasks.RemoveMailboxPermission Remove-MailboxPermission : Cannot remove ACE on object "CN=CTG Server Account,O U=Service,OU=Accounts,DC=domain,DC=com" for account "domain\ctgservers" becau se it is not present. At line:1 char:70 + Get-MailboxPermission -identity ctgservers | Remove-MailboxPermission <<<< - AccessRights ExternalAccount -Confirm:$False -User ctgservers + CategoryInfo : InvalidOperation: (0:Int32) [Remove-MailboxPermi ssion], InvalidOperationException + FullyQualifiedErrorId : 7749CDDB,Microsoft.Exchange.Management.Recipient Tasks.RemoveMailboxPermission Remove-MailboxPermission : Cannot remove ACE on object "CN=CTG Server Account,O U=Service,OU=Accounts,DC=domain,DC=com" for account "domain\ctgservers" becau se it is not present. At line:1 char:70 + Get-MailboxPermission -identity ctgservers | Remove-MailboxPermission <<<< - AccessRights ExternalAccount -Confirm:$False -User ctgservers + CategoryInfo : InvalidOperation: (0:Int32) [Remove-MailboxPermi ssion], InvalidOperationException + FullyQualifiedErrorId : 7749CDDB,Microsoft.Exchange.Management.Recipient Tasks.RemoveMailboxPermission Remove-MailboxPermission : Cannot remove ACE on object "CN=CTG Server Account,O U=Service,OU=Accounts,DC=domain,DC=com" for account "domain\ctgservers" becau se it is not present. At line:1 char:70 + Get-MailboxPermission -identity ctgservers | Remove-MailboxPermission <<<< - AccessRights ExternalAccount -Confirm:$False -User ctgservers + CategoryInfo : InvalidOperation: (0:Int32) [Remove-MailboxPermi ssion], InvalidOperationException + FullyQualifiedErrorId : 7749CDDB,Microsoft.Exchange.Management.Recipient Tasks.RemoveMailboxPermission Remove-MailboxPermission : Cannot remove ACE on object "CN=CTG Server Account,O U=Service,OU=Accounts,DC=domain,DC=com" for account "domain\ctgservers" becau se it is not present. At line:1 char:70 + Get-MailboxPermission -identity ctgservers | Remove-MailboxPermission <<<< - AccessRights ExternalAccount -Confirm:$False -User ctgservers + CategoryInfo : InvalidOperation: (0:Int32) [Remove-MailboxPermi ssion], InvalidOperationException + FullyQualifiedErrorId : 7749CDDB,Microsoft.Exchange.Management.Recipient Tasks.RemoveMailboxPermission Remove-MailboxPermission : Cannot remove ACE on object "CN=CTG Server Account,O U=Service,OU=Accounts,DC=domain,DC=com" for account "domain\ctgservers" becau se it is not present. At line:1 char:70 + Get-MailboxPermission -identity ctgservers | Remove-MailboxPermission <<<< - AccessRights ExternalAccount -Confirm:$False -User ctgservers + CategoryInfo : InvalidOperation: (0:Int32) [Remove-MailboxPermi ssion], InvalidOperationException + FullyQualifiedErrorId : 7749CDDB,Microsoft.Exchange.Management.Recipient Tasks.RemoveMailboxPermission Remove-MailboxPermission : Cannot remove ACE on object "CN=CTG Server Account,O U=Service,OU=Accounts,DC=domain,DC=com" for account "domain\ctgservers" becau se it is not present. At line:1 char:70 + Get-MailboxPermission -identity ctgservers | Remove-MailboxPermission <<<< - AccessRights ExternalAccount -Confirm:$False -User ctgservers + CategoryInfo : InvalidOperation: (0:Int32) [Remove-MailboxPermi ssion], InvalidOperationException + FullyQualifiedErrorId : 7749CDDB,Microsoft.Exchange.Management.Recipient Tasks.RemoveMailboxPermission Remove-MailboxPermission : Cannot remove ACE on object "CN=CTG Server Account,O U=Service,OU=Accounts,DC=domain,DC=com" for account "domain\ctgservers" becau se it is not present. At line:1 char:70 + Get-MailboxPermission -identity ctgservers | Remove-MailboxPermission <<<< - AccessRights ExternalAccount -Confirm:$False -User ctgservers + CategoryInfo : InvalidOperation: (0:Int32) [Remove-MailboxPermi ssion], InvalidOperationException + FullyQualifiedErrorId : 7749CDDB,Microsoft.Exchange.Management.Recipient Tasks.RemoveMailboxPermission Remove-MailboxPermission : Cannot remove ACE on object "CN=CTG Server Account,O U=Service,OU=Accounts,DC=domain,DC=com" for account "domain\ctgservers" becau se it is not present. At line:1 char:70 + Get-MailboxPermission -identity ctgservers | Remove-MailboxPermission <<<< - AccessRights ExternalAccount -Confirm:$False -User ctgservers + CategoryInfo : InvalidOperation: (0:Int32) [Remove-MailboxPermi ssion], InvalidOperationException + FullyQualifiedErrorId : 7749CDDB,Microsoft.Exchange.Management.Recipient Tasks.RemoveMailboxPermission Remove-MailboxPermission : Cannot remove ACE on object "CN=CTG Server Account,O U=Service,OU=Accounts,DC=domain,DC=com" for account "domain\ctgservers" becau se it is not present. At line:1 char:70 + Get-MailboxPermission -identity ctgservers | Remove-MailboxPermission <<<< - AccessRights ExternalAccount -Confirm:$False -User ctgservers + CategoryInfo : InvalidOperation: (0:Int32) [Remove-MailboxPermi ssion], InvalidOperationException + FullyQualifiedErrorId : 7749CDDB,Microsoft.Exchange.Management.Recipient Tasks.RemoveMailboxPermission Remove-MailboxPermission : Cannot remove ACE on object "CN=CTG Server Account,O U=Service,OU=Accounts,DC=domain,DC=com" for account "domain\ctgservers" becau se it is not present. At line:1 char:70 + Get-MailboxPermission -identity ctgservers | Remove-MailboxPermission <<<< - AccessRights ExternalAccount -Confirm:$False -User ctgservers + CategoryInfo : InvalidOperation: (0:Int32) [Remove-MailboxPermi ssion], InvalidOperationException + FullyQualifiedErrorId : 7749CDDB,Microsoft.Exchange.Management.Recipient Tasks.RemoveMailboxPermission Remove-MailboxPermission : Cannot remove ACE on object "CN=CTG Server Account,O U=Service,OU=Accounts,DC=domain,DC=com" for account "domain\ctgservers" becau se it is not present. At line:1 char:70 + Get-MailboxPermission -identity ctgservers | Remove-MailboxPermission <<<< - AccessRights ExternalAccount -Confirm:$False -User ctgservers + CategoryInfo : InvalidOperation: (0:Int32) [Remove-MailboxPermi ssion], InvalidOperationException + FullyQualifiedErrorId : 7749CDDB,Microsoft.Exchange.Management.Recipient Tasks.RemoveMailboxPermission Remove-MailboxPermission : Cannot remove ACE on object "CN=CTG Server Account,O U=Service,OU=Accounts,DC=domain,DC=com" for account "domain\ctgservers" becau se it is not present. At line:1 char:70 + Get-MailboxPermission -identity ctgservers | Remove-MailboxPermission <<<< - AccessRights ExternalAccount -Confirm:$False -User ctgservers + CategoryInfo : InvalidOperation: (0:Int32) [Remove-MailboxPermi ssion], InvalidOperationException + FullyQualifiedErrorId : 7749CDDB,Microsoft.Exchange.Management.Recipient Tasks.RemoveMailboxPermission Remove-MailboxPermission : Cannot remove ACE on object "CN=CTG Server Account,O U=Service,OU=Accounts,DC=domain,DC=com" for account "domain\ctgservers" becau se it is not present. At line:1 char:70 + Get-MailboxPermission -identity ctgservers | Remove-MailboxPermission <<<< - AccessRights ExternalAccount -Confirm:$False -User ctgservers + CategoryInfo : InvalidOperation: (0:Int32) [Remove-MailboxPermi ssion], InvalidOperationException + FullyQualifiedErrorId : 7749CDDB,Microsoft.Exchange.Management.Recipient Tasks.RemoveMailboxPermission Remove-MailboxPermission : Cannot remove ACE on object "CN=CTG Server Account,O U=Service,OU=Accounts,DC=domain,DC=com" for account "domain\ctgservers" becau se it is not present. At line:1 char:70 + Get-MailboxPermission -identity ctgservers | Remove-MailboxPermission <<<< - AccessRights ExternalAccount -Confirm:$False -User ctgservers + CategoryInfo : InvalidOperation: (0:Int32) [Remove-MailboxPermi ssion], InvalidOperationException + FullyQualifiedErrorId : 7749CDDB,Microsoft.Exchange.Management.Recipient Tasks.RemoveMailboxPermission Remove-MailboxPermission : Cannot remove ACE on object "CN=CTG Server Account,O U=Service,OU=Accounts,DC=domain,DC=com" for account "domain\ctgservers" becau se it is not present. At line:1 char:70 + Get-MailboxPermission -identity ctgservers | Remove-MailboxPermission <<<< - AccessRights ExternalAccount -Confirm:$False -User ctgservers + CategoryInfo : InvalidOperation: (0:Int32) [Remove-MailboxPermi ssion], InvalidOperationException + FullyQualifiedErrorId : 7749CDDB,Microsoft.Exchange.Management.Recipient Tasks.RemoveMailboxPermission Remove-MailboxPermission : Cannot remove ACE on object "CN=CTG Server Account,O U=Service,OU=Accounts,DC=domain,DC=com" for account "domain\ctgservers" becau se it is not present. At line:1 char:70 + Get-MailboxPermission -identity ctgservers | Remove-MailboxPermission <<<< - AccessRights ExternalAccount -Confirm:$False -User ctgservers + CategoryInfo : InvalidOperation: (0:Int32) [Remove-MailboxPermi ssion], InvalidOperationException + FullyQualifiedErrorId : 7749CDDB,Microsoft.Exchange.Management.Recipient Tasks.RemoveMailboxPermission

Hi, Did u try it wid Domain\ctgservers in -user paramter like this Remove-MailboxPermission ctgservers -AccessRights ExternalAccount -Confirm:$False -User Domain\ctgservers Regards,Laeeq Qazi|Team Lead(Exchange + Sharepoint + BES + DynamicsCRM) www.HostingController.com

yes that fails with the same error, you can see in the error message that it added domain\ infront of ctgservers also.

Hi, The root cause could be the following: The mailbox will be converted to LINKED mailbox after moving if the original mailbox in old Exchange 2003 Server has "Associated External Account" permissions set on the mailbox. This permission will be set if the mailbox is associated with User account from External trusted domain or it has been migrated from Exchange 5.5 and the msExchangeMasterAccountSid attribute is not cleared. So for the migrated user, we need to manually disable(Disable-Mailbox -Identity User1) and then re-connect(Connect-Mailbox -Identity User1 -Database "Mailbox Database" -User user1) mailbox. If that is not the issue, then please let me know how did you migrate the mailbox, from Exchange 2003 to Exchange 2007? Or Exchange 2007 to Exchange 2010? Regards, Xiu