mailboxpermission changes fail
Hello, my employer migrated to a new domain. After disabling the trust with the old domain we cannot change mailboxpermissions: Cannot remove ACE on object "CN=User Name2,OU=DOMAIN Users,DC=company,DC=com" for account "COMPANY\User.Name1" because it is not present. We do see the user in get-mailboxpermission. If we use add-mailboxpermission we get the same user twice in the permission list. We can remove the newly created user but not the one created under the old domain. Any ideas how to resolve this issue? Thanks, Rogier.
August 20th, 2008 2:03pm
When you migrated, did you migrate the SID history, also? Can you restablish the trust relationship long enough to remove the old permissions and add new ones? Are you running E2K7 SP1? Look at a utility called ADMODIFY, it may be able to help you add/remove permissions in bulk, but be careful because it can do very quickly break every user in your Active Directory, also.
August 21st, 2008 3:57am
Troubleshooting: 1. Can you give the full cmdlet which you use to remove the mailbox permission, and also the full output of the error info 2. Reproduce issue, but this time, add -debug -verbose in the end of your command line. Then post the output 3. Please check the value of Deny parameter on User Name 2 4. Please try to use the cmd below Get-mailbox -id "User Name2" -resultsize unlimited | Remove-MailboxPermission -User "User Name1" -AccessRights xxx Notes: Add -Deny if you find the value is True in step 2 5. After reproduce the issue, can you find any error info in the application log
August 22nd, 2008 10:08am
We gave all this information to Microsoft, and its pretty high up in the troubleshooting tree now in redmond.It has to do with the SID History, which we want to keep, but AD uses the old domain account which it cant find in stead of the new account which it should use. So its a name/sid resolution issue.
September 15th, 2008 12:29pm
Hey rogierK !Any news on that issue ? I have the same problem and cannot find a solution to that !!!
June 4th, 2009 7:39pm