Recently i had some issues dealing with people who left a company and had rights to send on behalf on some mailboxes. Those users where removed, and powershell scripts who showed send on behalf rights on Exchange server didnt show those people. However going to a users outlook, and look to their delegates who they allowed send on behalf, these people still where there. Not as normal users but with their past SID id Apparently this is stored in Exchange and Exchange failed on these Sids in some situations if other people tried to do send on behalf. What i wonder now is how to retrieve it at Exchange side what outlook clients put in for rights to their inbox. So Instead of using the common get-mailbox command like for example>> Get-Mailbox -Resultsize Unlimited | ?{$_.GrantSendOnBehalfTo} | select Name,GrantSendOnBehalfTo How to retrieve it from store level ? I think it must be at a sub store level too Since previous NDR's got resolved after removing those SID id acounts through the outlook clients. (outlook 2003 with Exchange 2007)

Hello, What is your meaning of "store level"? The SendOnBehalfTo is saved in AD, you can use ADSI Edit to check PublicDelegate attribute for that users, if this has been clear, go to update in Outlook Clients, then check whether this issue will be resolved or not. Thanks, Evan Liu TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.com Evan Liu TechNet Community Support

Indeed SendOnBehalfTo seams to be AD, but there also is another part the outlook part. There can be conflicts between them, and from what i saw, outlook rules here; its how outlook sees it thats how it will work Unfortunately its no option to open all mailboxes in an organization to see if those permissions are right at store level Outlook connects to the store, and i'm almost sure the rights are defined inside the mailboxes as well... (because that would explain why Exchange fell over it) Or the getmailbox permission thing must have an option to reveal removed acounts SIDs at AD level, (but i dont think the problem is overthere.)

Thanks for your reply, I understand your problem more clear now. For your issue, you can follow this document to resolve the issue from Outlook side: Members of your organization may receive a non-delivery report if your delegates mailbox object is removed from Active Directory before you can remove the delegate in Outlook 2003 http://support.microsoft.com/kb/909638 Here also a good document about this, hope can give you some help: (please Note: This is not from Microsoft, just for reference) How to Fix Ghost Delegates and List Delegates in Exchange 2007 http://teknologist.net/2010/list-delegates-in-exchange-2007/ Thanks, Evan Liu TechNet Subscriber Support in forum If you have any feedback on our support, please contacttngfb@microsoft.comEvan Liu TechNet Community Support

yes, the problem is there is as far as i know now, no method to do it serverside, have a tool that can do this and check every mailbox in the organization.. some more reason i'm sure its in the store is that even if i delete a users outlook profile, put her behind a different pc, these unknown acounts still get into the newly generated outlook profile, so it is at store level.. but powershell doesnt go that deep.. think i need a wrapper or so for mapi in powershell.

I think you can follow that KB to work on your issue. Thanks, Evan Liu TechNet Subscriber Support in forum If you have any feedback on our support, please contacttngfb@microsoft.comEvan Liu TechNet Community Support

I know how to solve it, going behind a user outlook session... point is i administrate 2000+ mailboxes. So i was looking for some automation to check this out.

On Tue, 10 Apr 2012 08:08:30 +0000, PGT2008 wrote: >I know how to solve it, going behind a user outlook session... point is i administrate 2000+ mailboxes. So i was looking for some automation to check this out. Try this: http://gsexdev.blogspot.com/2011/03/display-delegate-forward-rules-and.html --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

Hi, Any updates after you follow Rich's suggestion? Thanks, Evan Liu TechNet Subscriber Support in forum If you have any feedback on our support, please contacttngfb@microsoft.comEvan Liu TechNet Community Support

Sorry i am unable to verify i no longer work for this customer, i'm onto a different job.

Hello, If you get any update on this issue, please update the thread. Thanks, Evan Liu TechNet Subscriber Support in forum If you have any feedback on our support, please contacttngfb@microsoft.comEvan Liu TechNet Community Support