none
Powershell remove SIDs from mailboxes

    Question

  • Hi

    I have a number of mailboxes that have SIDs remaining for delete user accounts, using the remove-mailboxpermission against the SID isnt going to work as it cant resolve a username, any ideas how to clean this mess up?

    Thanks

    Tuesday, August 16, 2011 8:56 AM

Answers

  • This did it for me.

    Remove-MailboxPermission -User S-1-5-21-202902358-547437371-2644679952-3366 -Identity mailboxname -AccessRights FullAcess

    what vesion of Exchange do you have?

     


    lasse at humandata dot se, http://anewmessagehasarrived.blogspot.com
    Tuesday, August 16, 2011 9:28 AM
  • Go figure

    I had the syntax wrong

     

    Remove-MailboxPermission -user $sid -identity $username -AccessRights FullAccess -WhatIf

     

    cheers

    • Marked as answer by theMadferret Tuesday, August 16, 2011 11:26 AM
    Tuesday, August 16, 2011 9:54 AM

All replies

  • This did it for me.

    Remove-MailboxPermission -User S-1-5-21-202902358-547437371-2644679952-3366 -Identity mailboxname -AccessRights FullAcess

    what vesion of Exchange do you have?

     


    lasse at humandata dot se, http://anewmessagehasarrived.blogspot.com
    Tuesday, August 16, 2011 9:28 AM
  •  

     

     

    HI we are running 2007, this issue I have is that i have about 700 mailboxes to remove various SIDs from.

    In the code I am listing get-mailboxpermission , if a users match "s-1-5-21-" remove that user

     

    [string]::Join(',',("Mailbox,SID")) > C:\rights.csv

    $res = Get-Mailbox -ResultSize unlimited

    foreach ($mb in $res){

    $name = $mb.name

    $mm = Get-MailboxPermission $mb.name |?{($_.User -ne "NT Authority")-and ($_.isinherited -eq $false) }

    foreach ($User in $mm)

    {

     

    if ($user -match "S-1-5-21")

    {

    $UsrName = $mb.Name

    $SID = $User.User

    Remove-MailboxPermission -Identity $sid -AccessRights FullAccess -WhatIf

     

    [string]::Join(",",($usrname,$sid)) >> C:\rights.csv

     

    }

    }}

    ____________________________

    Then i get the error

    Remove-MailboxPermission : Cannot bind parameter 'Identity'. Cannot convert the "S-1-5-21-11111111-111111111-11111111-6509" value of type "Microsoft.Exchange.Configuration.Tasks

    .SecurityPrincipalIdParameter" to type "Microsoft.Exchange.Configuration.Tasks.MailboxIdParameter".

    Tuesday, August 16, 2011 9:49 AM
  • Go figure

    I had the syntax wrong

     

    Remove-MailboxPermission -user $sid -identity $username -AccessRights FullAccess -WhatIf

     

    cheers

    • Marked as answer by theMadferret Tuesday, August 16, 2011 11:26 AM
    Tuesday, August 16, 2011 9:54 AM