We are running Exchange 2003 on Windows Server 2003. I noticed that in a lot of our mailboxes, there are several SIDs. I've been doing some research on them, but I can't seem to find anything that says we should or should not delete them. What do I do? The same when working with folder permissions. Lots of SIDs. One person always deletes them...is that okay? TIA, Becca

When you see a raw SID value displayed in an Access Control List in Windows (be it a folder, mailbox,whatever) that is an indication that the SID-to-Account Name lookup has failed. Most times this is because the original account that was assigned that SID was deleted from Active Directory, hence the failed lookup. That said, sometimes the lookup fails on a valid account for other reasons, but if it's only certain objects than most likely they have been deleted from AD. Unless you have a ton of these entries in the Access Control Lists, I'd just leave them there. Unless you know the remaining entries on the list are the only valid accounts that should be acecssing the object, then remove them. Those entries don't cause any problems, but depending on the level of security you want to adhere to you may want to delete the entires, keeping in mind that something 'might' break. You can also resolve those SID using an LDAP lookup to verify that infact the object has been deleted from Active Directory. Check this blog for details on that process: http://blogs.pointbridge.com/Blogs/schertz_jeff/Pages/Post.aspx?_ID=23

Thank you so much! Becca