I am having trouble removing full access permissions from specific mailbox accounts. We performed a forest migration many months ago, and it seems that some of the old permissions are sticking, but I cannot remove them. Under the Exchange GUI, it shows a question mark next to the usernames that I cannot remove. The specific error I get is the following:Cannot remove ACE on object <object name> for account <username> because it is not present.I cna't seem to find where these ACE are even stored in adsi. Is there a way for me to manually fix this? These users still have permissions to the mailbox, and I cannot remove them. Disabling and reattaching the mailbox is not a path I want to take.Thank you.

IS this exchange 2007

Try this forum....http://social.technet.microsoft.com/Forums/en-US/exchangesvradmin/thread/c41dc0a1-8bdb-423a-88c2-e05fc6fd01d8

Try this forum... and let me know...http://u-c-x.blogspot.com/2009/02/exchange-mailbox-permissions-issue.html

Thanks, I had seen the first link before, but not the second. The quick answer to this is that I needed to clear my SID history, then I was able to remove the ACEs. Link to VBS script here: http://support.microsoft.com/default.aspx/kb/295758. I modified this a bit and had it recurse all users to clear the SID history for everyone.I'm still wondering though, where are these ACEs stored, and is it possible to modify them any other way? I have a number of accounts with old SIDs in there and I'd like to try and clear them all out.

Try this which is addressed by James-Luohttp://social.technet.microsoft.com/Forums/en-US/exchangesoftwareupdate/thread/50a94a45-903e-409e-ba5c-116d84bed7ff

Interestingly enough, I checked this out beforehand, but even after selecting advanced, I do not see any mailbox rights listed. I'm not sure if the admin tools for 2003 just aren't seeing any of the mailboxes, or if something else is missing, but none of the Exchange tabs are there.

Dan, You can even remove these unresolved SID's using the PFDAVADMIN. you can download the same from below link http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=635be792-d8ad-49e3-ada4-e2422c0ab424 See below for more info on how to use the PFDAV admin to connect to mailboxes and get rid of unresolved sids http://www.msexchange.org/articles/PFDavAdmin-tool-Part2.html http://bsmith9999.blogspot.com/2009/02/removing-legacy-permissions-from-pure.html Vinod |CCNA|MCSE 2003 +Messaging|MCTS|ITIL V3|