Sign in
 

none
Removing shared mailboxes from user's Outlook

 > 

    Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    There are several users that have several shared mailboxes in their Outlook that we would like to remove. I believe the right commands to do this are:

    Remove-MailboxPermission -Identity <Mailbox to be removed> -User <User account> -AccessRights FullAccess

    and

    Add-MailboxPermission -Identity <Mailbox to be removed> -User <User account> -AccessRights FullAccess -AutoMapping:$false

    However I'm getting the message:

    WARNING: Can't remove the access control entry on the object "CN=Team (Ashtons),CN=Users,DC=movewithus,DC=local" for
    account "MOVEWITHUS\JMcDouallADM" because the ACE doesn't exist on the object.

    after the first command.

    Not sure exactly what to do.

    Monday, February 11, 2019 1:25 PM
    |

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote

    There are several users that have several shared mailboxes in their Outlook that we would like to remove. I believe the right commands to do this are:

    Remove-MailboxPermission -Identity <Mailbox to be removed> -User <User account> -AccessRights FullAccess

    and

    Add-MailboxPermission -Identity <Mailbox to be removed> -User <User account> -AccessRights FullAccess -AutoMapping:$false

    However I'm getting the message:

    WARNING: Can't remove the access control entry on the object "CN=Team (Ashtons),CN=Users,DC=movewithus,DC=local" for
    account "MOVEWITHUS\JMcDouallADM" because the ACE doesn't exist on the object.

    after the first command.

    Not sure exactly what to do.

    Get-MailboxPermission -Identity <user> and see what they have set. If its not there, there is nothing to remove! 
    Monday, February 11, 2019 2:48 PM
    |
    Moderator
  • Question
    Sign in to vote
    0
    Sign in to vote
    I am one of the mailbox users, so I know there are a few mailboxes to remove.
    Monday, February 11, 2019 4:11 PM
    |
  • Question
    Sign in to vote
    0
    Sign in to vote

    hello, 

    I have seen few cases where the auto mapped shared mailboxes will not get went away from the user’s outlook profile even though the full access permissions were removed for those users from the shared mailboxes. This may be caused due to problem in AD replication or because of any corruptions in the objects

    So, on such I prefer to deal with these two different attributes 

    msexchdelegatelistlink is the attribute which populates the list of DN values of the shared mailboxes which were auto mapped to your user mailbox. 

    msExchDelegateLinkListBL is the attribute which populates the list of DN values of the user mailboxes to whom it will auto map to it.

    Read more to know how to overcome this issue .

    https://blogs.msmvps.com/acefekay/2017/05/22/removing-orphaned-populated-msexchangedelegatelinklist-and-msexchangedelegatelinklistbl-automapping-attributes/

    https://blogs.msmvps.com/acefekay/2018/03/31/removing-orphaned-populated-msexchangedelegatelinklist-and-msexchangedelegatelinklistbl-automapping-attributes-2/

    https://www.slipstick.com/exchange/removing-managed-mailboxes-from-an-outlook-profile/

    http://www.neroblanco.co.uk/2015/07/links-and-backlinks-in-active-directory-for-exchange/

    Thanks & Regards S.Nithyanandham

    Monday, February 11, 2019 6:29 PM
    |
  • Question
    Sign in to vote
    0
    Sign in to vote
    I am one of the mailbox users, so I know there are a few mailboxes to remove.

    Ok, Im not sure what you mean by that.

    Also, this command is incorrect:

    Should be :

    Remove-MailboxPermission -Identity <Owner User Mailbox> -User <User account of user who is losing full access> -AccessRights FullAccess

    Monday, February 11, 2019 8:16 PM
    |
    Moderator
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi Jon,

    We have a wiki article elaborate on this issue, you may want to have a look at it:

    Exchange Server/Online: The ACE doesn't exist on the object

    Hope this helps.

    Regards,
    Steve Fan

    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.


    Tuesday, February 12, 2019 8:44 AM
    |
    Moderator
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi Jon,

    How is everything going? Is this issue fixed now? Feel free to post back if further assistance is needed here.

    Regards,
    Steve Fan

    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Monday, February 18, 2019 9:42 AM
    |
    Moderator
  • Question
    Sign in to vote
    0
    Sign in to vote
    I was putting in the wrong thing after -user, so the command is now correct. However after entering both commands above (Remove-MailboxPermission -Identity <Mailbox to be removed> -User <User account> -AccessRights FullAccess and Add-MailboxPermission -Identity <Mailbox to be removed> -User <User account> -AccessRights FullAccess -AutoMapping:$false) the shared mailbox was still in Outlook after several hours.
    Monday, February 18, 2019 12:13 PM
    |
  • Question
    Sign in to vote
    0
    Sign in to vote

    Thank you for the update, Jon.

    May I know whether you have got an opportunity to try Nithyanandham's suggestion? Edit the user accounts in the Active Directory and remove your names from the MsExchDelegateListLink attribute.

    Regards,
    Steve Fan

    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Tuesday, February 19, 2019 7:32 AM
    |
    Moderator
  • Question
    Sign in to vote
    0
    Sign in to vote
    I tried Get-ADUser “SharedMailboxDisplayName” -Properties msExchDelegateListLink | Select-object -ExpandProperty msExchDelegateListLink to see what backlinks exist on a shared mailbox but it produced no result.
    Tuesday, February 19, 2019 11:02 AM
    |
  • Question
    Sign in to vote
    0
    Sign in to vote

    How about we check the MsExchDelegateListLink attribute directly in Active Directory Users and Computers? 

    1. Open Active Directory Users and Computers
    2. Go to View menu and select Advanced Features
    3. Open the user account that is showing in your mailbox (in the screenshot, user5's mailbox is in administrator's profile)
    4. Open the Properties dialog
    5. Click Attribute Editor tab
    6. Locate MsExchDelegateListLink
    7. Click Edit.
    8. Remove your name from the attribute
    9. Close the dialog

    Regards,
    Steve Fan

    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Wednesday, February 20, 2019 8:13 AM
    |
    Moderator
  • Question
    Sign in to vote
    0
    Sign in to vote
    The attribute was empty.
    Wednesday, February 20, 2019 10:27 AM
    |
  • Question
    Sign in to vote
    0
    Sign in to vote

    Thank you for the update Jon. 

    Do you have Outlook restarted after disabling AutoMapping? 

    How about configuring the email account in a new mail profile or on a different computer? Do you see the same result?

    Besides, we may check under Account Settings incase the shared mailboxes were manually added as additional mailboxes instead of being automapped.

    Regards,
    Steve Fan

    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Friday, February 22, 2019 9:06 AM
    |
    Moderator
  • Question
    Sign in to vote
    0
    Sign in to vote
    No, I've restarted several times since and the mailbox is still there. I can create a new profile and they won't be there but we don't really want to do that an all 10 other computers.
    Friday, February 22, 2019 2:33 PM
    |
  • Question
    Sign in to vote
    0
    Sign in to vote

    can you execute this command and see if it removes the mailbox.

    Set-Mailbox <Mailbox Alias> -ApplyMandatoryProperties

    if it doesn't work check the users computer LogonServer, once you get the DC check MsExchDelegateListLink on that DC as mentioned by Nithyanandham. if its not empty then it might be your AD replication from Exchange Connected AD to the AD where user is authenticated.

    thanks,

    Zak

    ZakBhai

    19 hours 22 minutes ago
    |