Error when running Remove-Mailboxpermission


  • This should be straightforward, but I can't seem to get it right.

    I want to remove ExternalAccount permissions on a specific mailbox.  Here's the command I use to confirm that the permission is present:

    Get-MailboxPermission user1  -domaincontroller | ? {$_.accessrights -like "*ExternalAccount*" }

    Identity             User                 AccessRights                                                                       IsInherited Deny
    --------             ----                 ------------                                                                       ----------- ---- Contoso\User1         {FullAccess, ExternalAccount, ReadPermission}                                      False       False

    All good so far.  Now I just want to remove the ExternalAccount permission assigned to Contoso\User1.  Here's the command:

    Remove-MailboxPermission -Identity User1 -User "Contoso\User1" -AccessRights ExternalAccount -domaincontroller

    The above command generates the following error:

    Remove-MailboxPermission : Can't remove the access control entry on the object "CN=User1,OU=User Objects,DC=contoso,DC=com" f
    or account "Contoso\User1" because the ACE doesn't exist on the object.
    At line:1 char:25
    + Remove-MailboxPermission <<<<  -Identity User1 -User "User1" -AccessRights ExternalAccount -domaincontroller
        + CategoryInfo          : InvalidOperation: (0:Int32) [Remove-MailboxPermission], InvalidOperationException
        + FullyQualifiedErrorId : 78249DD3,Microsoft.Exchange.Management.RecipientTasks.RemoveMailboxPermission

    Any thoughts on this?


    Monday, July 05, 2010 3:34 AM


All replies