Hi Ali am currently planing to pupose a mechanism to remove UNRESOLVED SIDs from exchange personal calenders and public folers, persoanl and service mailboxesmight be something simple .. i am not geting it .. We have Exchange server 2003what are the options i have ..?Dhruva

Try this link http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/f389b0eb-8095-48d6-a004-c63487aa7499 Andrew Sword, MVP

that is where i started frommervyn advised me to post here in ADMIN as i needed more details how pfdavadmin tool can be usedi did go thru the link in msexchange.org however that was introduction to PFDavadminhere is what i need to accomplish "devise a mechanism to remove UNRESOLVED SIDs from exchange personal calenders and public folers, persoanl and service mailboxes"how do i go about it ..?Dhruva

Any reason behind removal of stale SIDs? Those shouldn't give you any problem anywhere at any level because those are unique in your AD environment...Amit Tank | MVP - Exchange | MCITP:EMA MCSA:M | http://ExchangeShare.WordPress.com

Hi Amitin our enterprise we have huge number of mailboxes and we use a custum tool to grant rights to mailboxesthis tool error outs when there is stale sid on mailboxes DACLsecondly delegates feature is widely used with outlook and if the delegate leaves the company the sender gets a NDR saying delegate is not a valid recipient ..where sender dint intend to send it to delegate this is a enterprise wide issue .. as there is a stale sid in ACL that at point representeda userDhruva

Well.... About first issue, you need to check from where these applications getting DACL info, I mean from Exchange Advance-> Mailbox Permission ACLs which is stored on top of mailbox in AD or from the ACLs which are stored on top of user's calendar folder inside the mailbox as a MAPI permission. About Second issue, NDR from deleted users while sending meeting request, this issue will not resolve by removing stale SID from ACLs because this meeting invitation requests being forwarded by a stale entry in rule table which can be deleted by MFCMapi but it requires high level of programming involvement if you want to scan all mailboxes in your environment for this mapi property... Check this thread for the procedure http://social.technet.microsoft.com/forums/en-US/exchangesvrgeneral/thread/8ef3fa80-7692-4402-b788-39774a2e81e9/ Amit Tank | MVP - Exchange | MCITP:EMA MCSA:M | http://ExchangeShare.WordPress.com

the custum applicationreads andedits the ACL in AD, this is primarily used for service mailboxes or Group mailboxesnot for personal calendersand we use this tool to 1.grant full mailbox access ---exchange advanced-- full and read permissions2.grant send As rights ---security-- send asfor NDRs removing stale sids worked i guess bcoz user dint complain after that.. however i have also seen cases where there no stale entries and user still get NDR in that case MFCmapi will be helpfulDhruva

the custum applicationreads andedits the ACL in AD, this is primarily used for service mailboxes or Group mailboxesnot for personal calendersand we use this tool to 1.grant full mailbox access ---exchange advanced-- full and read permissions2.grant send As rights ---security-- send as Well, in this case PFDavAdmin doesn't help you because it can fix only MAPI permissions but not AD permission. Check out in Scripting forum if some AD scripter/programmer can guide you to built custom VBScript/Powershell script to scan whole AD database and remove stale entries from AD Security Descriptor... Forums Home>Scripting Forums>The Official Scripting Guys Forum! Amit Tank | MVP - Exchange | MCITP:EMA MCSA:M | http://ExchangeShare.WordPress.com