I have a customer who has a very old, very large (11 gig) mailbox. Let's
call it HugeBox. There's a user who has retired & they want him to
disappear from Get-MailboxPermission output. Let's call him GoodBye.
If you do Get-MailboxPermission, you see his name (FullAccess.) If you do
Add-MailboxPermission, with Goodbye as the user, it says' you can't because
he's already there. If you do Remove-MailboxPermission, it says you can't
because GoodBye's NOT there ("the ACE doesn't exist on the object.")
We've tried moving the HugeBox mailbox. We've tried repairing the HugeBox
mailbox. As I said, the Powershell cmdlets fail. Goodbye does NOT get
listed if you do a Get-ADPermissions. The SIDHistory attribute of GoodBye
is <not set.>
We did lots more, to the point that we finally even edited the
msExchMailboxSecurityDescriptor of HugeBox and removed the SID of GoodBye
(along with the other stuff that was surrounded by the same set of
parenthesis.) 3-4 hours later, that SID was back.....
Any suggestions? I'm also told there's never been a different domain name,
in case you suggest trying using OLDDOMAIN\Goodbye in the
remove-MailboxPermission cmdlet - no OLDDOMAIN...
I'd love some help here! - Thanks for your time!
