Did GoodBye ever have any special permissions in your domain?
From: [email protected] [mailto:[email protected]] On
Behalf Of Russ Patterson
Sent: Thursday, August 8, 2013 5:34 PM
To: Exchange list
Subject: [Exchange] "the ACE doesn't exist on the object"
I have a customer who has a very old, very large (11 gig) mailbox. Let's call
it HugeBox. There's a user who has retired & they want him to disappear from
Get-MailboxPermission output. Let's call him GoodBye.
If you do Get-MailboxPermission, you see his name (FullAccess.) If you do
Add-MailboxPermission, with Goodbye as the user, it says' you can't because
he's already there. If you do Remove-MailboxPermission, it says you can't
because GoodBye's NOT there ("the ACE doesn't exist on the object.")
We've tried moving the HugeBox mailbox. We've tried repairing the HugeBox
mailbox. As I said, the Powershell cmdlets fail. Goodbye does NOT get listed if
you do a Get-ADPermissions. The SIDHistory attribute of GoodBye is <not set.>
We did lots more, to the point that we finally even edited the
msExchMailboxSecurityDescriptor of HugeBox and removed the SID of GoodBye
(along with the other stuff that was surrounded by the same set of
parenthesis.) 3-4 hours later, that SID was back.....
Any suggestions? I'm also told there's never been a different domain name, in
case you suggest trying using OLDDOMAIN\Goodbye in the remove-MailboxPermission
cmdlet - no OLDDOMAIN...
I'd love some help here! - Thanks for your time!
