Hello Everyone,
As always I assigned Full Access, Send on Behalf and or Send As on certain mailboxes.
However I noticed if the account is not removed from these permissions, and the account is moved into our child domain, it is orphaned. When I remove the access permissions I either get an error or when I re-open the properties it is still listed.
For example, I have a mailbox named Registration@contoso.com and I assign user1@contoso.com to have Full Permissions.
Then later I move user1 from the contoso.com domain to the child.contoso.com domain using the move-adobject cmdlet. However if the full access permissions are not removed from the mailbox first it is orphaned on the account.
Unfortunately I cannot move the account back to the parent domain as I cannot disrupt the user1 account.
Steps taken have been:
Open Registration AD account Attribute Editor and remove the User1 account from the msExchDelegateListLink Attribute. When I do this I see on the User1 Attribute Editor the Registration AD account is removed from the msExchDelegateListBL Attribute. However it is still listed in Full Permissions on the Exchange mailbox properties.
If I remove the account from the msExchDelegateListLink then go and look in the account properties via ADSI it looks correct.
Any ideas how remove these orphaned permissions?
Thanks!